Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
A comprehensive set of 62 questions and verified answers for the pcnsa (palo alto networks certified network security administrator) exam. The questions cover a wide range of topics related to firewall management, interface configuration, routing, authentication, application filtering, security policies, and network address translation (nat). Designed to help pcnsa exam candidates prepare for the exam by providing them with a detailed understanding of the key concepts and best practices in palo alto networks firewall administration. The questions are structured in a way that allows candidates to assess their knowledge and identify areas that require further study. The verified answers ensure that candidates can confidently approach the exam with a solid understanding of the subject matter.
Typology: Exams
1 / 7
What are two firewall management methods? - CORRECT ANSWER CLI XML API Which two devices are used to connect a computer to the firewall for management purposes? - CORRECT ANSWER Serial cable RJ-45 Ethernet cable What is the default IP address assigned to the MGT interfaces of a Palo Alto Networks firewall? - CORRECT ANSWER 192.168.1. What are the two default services that are available on the MGT interface? - CORRECT ANSWER HTTPS SSH True or false? Service route traffic has Security policy rules applied against it - CORRECT ANSWER True Service routes may be used to forward which two traffic types out of a data port?
What are two firewall management methods? - CORRECT ANSWER CLI XML API True or false? A Palo Alto Networks firewall automatically provides a backup of the configuration during a software upgrade. - CORRECT ANSWER True If you have a Threat Prevention subscription but not a WildFire subscription, how long must you wait for the WildFire signatures to be added into the antivirus update? - CORRECT ANSWER 24 to 48 hours Which three actions should you complete before you upgrade to a newer version of software? - CORRECT ANSWER Review the release notes to determine any impact of upgrading to a newer version of software. Ensure that the firewall is connected to a reliable power source. Create and externally store a backup before you upgrade. Which two default zones are included with the PAN-OS software? - CORRECT ANSWER Interzone Intrazone Which two zone types are valid options? - CORRECT ANSWER Tap Virtual wire Which two statements about interfaces are correct? - CORRECT ANSWER Interfaces do not have to be configured before you can create a zone. An interface can belong to only one zone. Which two interface types can belong in a Layer 3 zone? - CORRECT ANSWER Looback Tunnel What are used to control traffic through zones? - CORRECT ANSWER Security policy rules For inbound inspection, which two actions can be done with a Tap interface? - CORRECT ANSWER Decrypt traffic
Log traffic Which two actions can be done with a Virtual Wire interface? - CORRECT ANSWER NAT Log traffic Which two actions can be done with a Layer 3 interface? - CORRECT ANSWER NAT Route Layer 3 interfaces support which two items? - CORRECT ANSWER NAT IPv Layer 3 interfaces support which three advanced settings? - CORRECT ANSWER NDP configuration Link speed configuration Link duplex configuration Layer 2 interfaces support which three items? - CORRECT ANSWER Traffic examination Forwarding of spanning tree BPDUs Traffic shaping via QoS Which two interface types support subinterfaces? - CORRECT ANSWER Virtual Wire Layer Which two statements are true regarding Layer 3 interfaces? - CORRECT ANSWER A Layer 3 interface can only have one DHCP assigned address. You can apply an Interface Management profile to the interface. Which statement is true regarding aggregate Ethernet interfaces? - CORRECT ANSWER. A Layer 3 aggregate interface group can have more than one IP assigned to it. What is the default administrative distance of a static route within the PAN-OS software? - CORRECT ANSWER 10
Which two dynamic routing protocols are available in the PAN-OS software? - CORRECT ANSWER RIPv OSPFv Which value is used to distinguish the preference of routing protocols? - CORRECT ANSWER Administrative distance Which value is used to distinguish the best route within the same routing protocol? - CORRECT ANSWER Metric In path monitoring, what is used to monitor remote network devices? - CORRECT ANSWER Ping Which two statements are true about a Role Based Admin Role Profile role? - CORRECT ANSWER It can be used for CLI commands. It can be used for XML API The management console supports which two authentication types? - CORRECT ANSWER RADIUS TACACS+ Which two Dynamic Admin Role types are available on the PAN-OS software? - CORRECT ANSWER Superuser Device administrator (read-only Which type of profile does an authentication sequence include? - CORRECT ANSWER Authentication An Authentication profile includes which other type of profile? - CORRECT ANSWER Server True or false? Dynamic Admin Roles are called "dynamic" because you can customize them. - CORRECT ANSWER False Which profile is used to override global minimum password complexity requirements? - CORRECT ANSWER Password
What does an application filter enable an administrator to do? - CORRECT ANSWER Dynamically categorize multiple applications. Which two items can be added to an application group? - CORRECT ANSWER Application groups Application Filters What are two application characteristics? - CORRECT ANSWER Excessive bandwidth use Evasive What will be the result of one or more occurrences of shadowing? - CORRECT ANSWER A warning Which column in the Applications and Threats screen includes the options Review Apps and Review Policies? - CORRECT ANSWER Action Which link can you select in the web interface to minimize the risk of installing new App-ID updates? - CORRECT ANSWER Disable new apps in content update. Which two protocols are implicitly allowed when you select the facebook-base application? - CORRECT ANSWER Web-browsing SSL What are the two default (predefined) Security policy rule types in PAN-OS software? (Choose two.) - CORRECT ANSWER Interzone Intrazone Which type of Security policy rules most often exist above the two predefined Security policies? - CORRECT ANSWER Universal What does the TCP Half Closed setting mean? - CORRECT ANSWER Maximum length of time that a session remains in the session table between reception of the first FIN and reception of the second FIN or RST. What are two application characteristics? - CORRECT ANSWER Excessive bandwidth use
Evasive Which two HTTP Header Logging options are within a URL Filtering profile? - CORRECT ANSWER User-Agent X-Forwarded-For What are two source NAT types? - CORRECT ANSWER Static Dynamic Which phrase is a simple way to remember how to configure Security policy rules where NAT was implemented? - CORRECT ANSWER Pre-NAT IP, post-NAT zone What are two types of destination NAT? - CORRECT ANSWER Dynamic IP (with session distribution) Static What are two possible values for DIPP (Dynamic IP and Port NAT) oversubscription? (Choose two.) - CORRECT ANSWER 1x 4x Which statement is true regarding bidirectional NAT? - CORRECT ANSWER For static translations, bidirectional NAT enables the firewall to create a corresponding translation in the opposite direction of the translation you configure? The Policy Optimizer does not analyze which statistics? - CORRECT ANSWER Which users matched Security policies. if you have a Threat Prevention subscription but not a WildFire subscription, how long must you wait for the WildFire signatures to be added into the antivirus update? - CORRECT ANSWER 24 to 48 hours What are two benefits of Vulnerability Protection Security profiles? - CORRECT ANSWER They prevent exploitation of system flaws. They prevent unauthorized access to systems.
Which two actions are required to implement DNS Security inspections of traffic?