Download PCNSA Exam 54 Questions with Verified Answers,100% CORRECT and more Exams Business Fundamentals in PDF only on Docsity! PCNSA Exam 54 Questions with Verified Answers Threat Intelligence Cloud - CORRECT ANSWER Identifies and inspects all traffic to block known threats. Next Generation Firewall - CORRECT ANSWER Gathers, analyzes, correlates, and disseminates threats to and from network endpoints Advanced Endpoint Detection - CORRECT ANSWER Inspects processes and files to prevent known and unknown exploits Which firewall plane provides configuration, logging, and reporting functions on a separate processor? A. control B. network processing C. data D. security processing - CORRECT ANSWER A. Control A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base. On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days. Based on the information, how is the SuperApp traffic affected after the 30 days have passed? A. All traffic matching the SuperApp_chat, and SuperApp_download is denied because it no longer matches the SuperApp-base application B. No impact because the apps were automatically downloaded and installed C. No impact because the firewall automatically adds the rules to the App-ID interface D. All traffic matching the SuperApp_base, SuperApp_chat, and SuperApp_download is denied until the security administrator approves the applications - CORRECT ANSWER C. No impact because the firewall automatically adds the rules to the App-ID interface How many zones can an interface be assigned with a Palo Alto Networks firewall? A. two B. three C. four D. one - CORRECT ANSWER D. One Which two configuration settings shown are not the default? (Choose two.) A. Enable Security Log B. Server Log Monitor Frequency (sec) C. Enable Session D. Enable Probing - CORRECT ANSWER B,C Which data-plane processor layer of the graphic shown provides uniform matching for spyware and vulnerability exploits on a Palo Alto Networks Firewall? A. Signature Matching B. Network Processing C. Security Processing D. Security Matching - CORRECT ANSWER A Which option shows the attributes that are selectable when setting up application filters? A. Category, Subcategory, Technology, and Characteristic B. Category, Subcategory, Technology, Risk, and Characteristic C. Name, Category, Technology, Risk, and Characteristic D. Category, Subcategory, Risk, Standard Ports, and Technology - CORRECT ANSWER B When creating a Source NAT policy, which entry in the Translated Packet tab will display the options Dynamic IP and Port, Dynamic, Static IP, and None? A. Translation Type B. Interface C. Address Type D. IP Address - CORRECT ANSWER A Which interface does not require a MAC or IP address? A. Virtual Wire B. Layer3 C. Layer2 D. Loopback - CORRECT ANSWER A A company moved its old port-based firewall to a new Palo Alto Networks NGFW 60 days ago. Which utility should the company use to identify out-of-date or unused rules on the firewall? A. Rule Usage Filter > No App Specified B. Rule Usage Filter >Hit Count > Unused in 30 days C. Rule Usage Filter > Unused Apps D. Rule Usage Filter > Hit Count > Unused in 90 days - CORRECT ANSWER D What are two differences between an implicit dependency and an explicit dependency in AppID? (Choose two.) A. An implicit dependency does not require the dependent application to be added in the security policy B. An implicit dependency requires the dependent application to be added in the security policy C. An explicit dependency does not require the dependent application to be added in the security policy D. An explicit dependency requires the dependent application to be added in the security policy - CORRECT ANSWER A,D Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping. What is the quickest way to reset the hit counter to zero in all the security policy rules? A. At the CLI enter the command reset rules and press Enter B. Highlight a rule and use the Reset Rule Hit Counter > Selected Rules for each rule C. Reboot the firewall D. Use the Reset Rule Hit Counter > All Rules option - CORRECT ANSWER D Which two App-ID applications will need to be allowed to use Facebookchat? (Choose two.) A. facebook B. facebook-chat C. facebook-base D. facebook-email - CORRECT ANSWER B,C Which User-ID agent would be appropriate in a network with multiple WAN links, limited network bandwidth, and limited firewall management plane resources? A. Windows-based agent deployed on the internal network B. PAN-OS integrated agent deployed on the internal network C. Citrix terminal server deployed on the internal network D. Windows-based agent deployed on each of the WAN Links - CORRECT ANSWER A Your company requires positive username attribution of every IP address used by wireless devices to support a new compliance requirement. You must collect IP - to-user mappings as soon as possible with minimal downtime and minimal configuration changes to the wireless devices themselves. The wireless devices are from various manufactures. Given the scenario, choose the option for sending IP-to-user mappings to the NGFW. A. syslog B. RADIUS C. UID redistribution D. XFF headers - CORRECT ANSWER A An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command-and-control (C2) server. Which two security profile components will detect and prevent this threat after the firewall's signature database has been updated? (Choose two.) A. vulnerability protection profile applied to outbound security policies B. anti-spyware profile applied to outbound security policies C. antivirus profile applied to outbound security policies D. URL filtering profile applied to outbound security policies - CORRECT ANSWER B,D In which stage of the Cyber-Attack Lifecycle would the attacker inject a PDF file within an email? A. Weaponization B. Reconnaissance C. Installation D. Command and Control E. Exploitation - CORRECT ANSWER A Identify the correct order to configure the PAN-OS integrated USER-ID agent. 3. add the service account to monitor the server(s) 2. define the address of the servers to be monitored on the firewall 4. commit the configuration, and verify agent connection status 1. create a service account on the Domain Controller with sufficient permissions to execute the User- ID agent A. 2-3-4-1 B. 1-4-3-2 C. 3-1-2-4 D. 1-3-2-4 - CORRECT ANSWER D Users from the internal zone need to be allowed to Telnet into a server in the DMZ zone. Complete the security policy to ensure only Telnet is allowed. Security Policy: Source Zone: Internal to DMZ Zone __________services "Application defaults", and action = Allow A. antivirus B. DDoS protection C. threat D. vulnerability - CORRECT ANSWER AD The CFO found a USB drive in the parking lot and decide to plug it into their corporate laptop. The USB drive had malware on it that loaded onto their computer and then contacted a known command and control (CnC) server, which ordered the infected machine to begin Exfiltrating data from the laptop. Which security profile feature could have been used to prevent the communication with the CnC server? A. Create an anti-spyware profile and enable DNS Sinkhole B. Create an antivirus profile and enable DNS Sinkhole C. Create a URL filtering profile and block the DNS Sinkhole category D. Create a security policy and enable DNS Sinkhole - CORRECT ANSWER A Which user mapping method could be used to discover user IDs in an environment with multiple Windows domain controllers? A. Active Directory monitoring B. Windows session monitoring C. Windows client probing D. domain controller monitoring - CORRECT ANSWER A What are three differences between security policies and security profiles? (Choose three.) A. Security policies are attached to security profiles B. Security profiles are attached to security policies C. Security profiles should only be used on allowed traffic D. Security profiles are used to block traffic by themselves E. Security policies can block or allow traffic - CORRECT ANSWER BCE Given the image, which two options are true about the Security policy rules. (Choose two.) A. The Allow Office Programs rule is using an Application Filter B. In the Allow FTP to web server rule, FTP is allowed using App-ID C. The Allow Office Programs rule is using an Application Group D. In the Allow Social Networking rule, allows all of Facebook's functions - CORRECT ANSWER BC Which type of security rule will match traffic between the Inside zone and Outside zone, within the Inside zone, and within the Outside zone? A. global B. intrazone C. interzone D. universal - CORRECT ANSWER D Which Palo Alto Networks firewall security platform provides network security for mobile endpoints by inspecting traffic deployed as internet gateways? A. GlobalProtect B. AutoFocus C. Aperture D. Panorama - CORRECT ANSWER A Given the scenario, which two statements are correct regarding multiple static default routes? (Choose two.) A. Path monitoring does not determine if route is useable B. Route with highest metric is actively used C. Path monitoring determines if route is useable D. Route with lowest metric is actively used - CORRECT ANSWER CD Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can initiate malicious code against a targeted machine. A. Exploitation B. Installation C. Reconnaissance D. Act on Objective - CORRECT ANSWER A Which file is used to save the running configuration with a Palo Alto Networks firewall? A. running-config.xml B. run-config.xml C. running-configuration.xml D. run-configuratin.xml - CORRECT ANSWER A In the example security policy shown, which two websites would be blocked? (Choose two.) A. LinkedIn B. Facebook C. YouTube D. Amazon - CORRECT ANSWER AB Which two Palo Alto Networks security management tools provide a consolidated creation of policies, centralized management and centralized threat intelligence. (Choose two.) A. Global Protect B. Panorama C. Aperture D. AutoFocus - CORRECT ANSWER BD Which statement is true regarding a Prevention Posture Assessment? A. The Security Policy Adoption Heatmap component filters the information by device groups, serial numbers, zones, areas of architecture, and other categories B. It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture C. It provides a percentage of adoption for each assessment area D. It performs over 200 security checks on Panorama/firewall for the assessment - CORRECT ANSWER B