Palo Alto Networks PCNSA Palo Alto Networks Certified Network Security Administrator Online Training
Palo Alto Networks PCNSA Online Training
The questions for PCNSA were last updated at Nov 23,2024.
- Exam Code: PCNSA
- Exam Name: Palo Alto Networks Certified Network Security Administrator
- Certification Provider: Palo Alto Networks
- Latest update: Nov 23,2024
What is the minimum timeframe that can be set on the firewall to check for new WildFire signatures?
- A . every 30 minutes
- B . every 5 minutes
- C . once every 24 hours
- D . every 1 minute
D
Explanation:
Because new WildFire signatures are now available every five minutes, it is a best practice to use this setting to ensure the firewall retrieves these signatures within a minute of availability.
Which Security profile can be used to detect and block compromised hosts from trying to communicate with external command-and-control (C2) servers?
- A . URL Filtering
- B . Antivirus
- C . Vulnerability
- D . Anti-Spyware
When creating a custom URL category object, which is a valid type?
- A . domain match
- B . host names
- C . wildcard
- D . category match
D
Explanation:
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-web-interface-help/objects/objects-custom-objects-url-category.html
When creating a custom URL category object, which is a valid type?
- A . domain match
- B . host names
- C . wildcard
- D . category match
D
Explanation:
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-web-interface-help/objects/objects-custom-objects-url-category.html
What are two valid selections within an Anti-Spyware profile? (Choose two.)
- A . Random early drop
- B . Drop
- C . Deny
- D . Default
Which data flow direction is protected in a zero trust firewall deployment that is not protected in a perimeter-only firewall deployment?
- A . outbound
- B . north south
- C . inbound
- D . east west
Which feature would be useful for preventing traffic from hosting providers that place few restrictions on content, whose services are frequently used by attackers to distribute illegal or unethical material?
- A . Palo Alto Networks Bulletproof IP Addresses
- B . Palo Alto Networks C&C IP Addresses
- C . Palo Alto Networks Known Malicious IP Addresses
- D . Palo Alto Networks High-Risk IP Addresses
A
Explanation:
To block hosts that use bulletproof hosts to provide malicious, illegal, and/or unethical content, use the bulletproof IP address list in policy. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PM0pCAG
Which statement is true about Panorama managed devices?
- A . Panorama automatically removes local configuration locks after a commit from Panorama.
- B . Local configuration locks prohibit Security policy changes for a Panorama managed device.
- C . Security policy rules configured on local firewalls always take precedence.
- D . Local configuration locks can be manually unlocked from Panorama.
B
Explanation:
When a user has a configuration lock, it is not possible to perform a commit or push a policy from Panorama. If the administrator is not available to remove the lock, a device WebGUI or CLI command can be used by a superuser to force the removal of the configuration lock. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CltACAS
When an ethernet interface is configured with an IPv4 address, which type of zone is it a
member of?
- A . Layer 3
- B . Virtual Wire
- C . Tap
- D . Tunnel
A network administrator created an intrazone Security policy rule on the firewall. The source zones were set to IT. Finance, and HR.
Which two types of traffic will the rule apply to? (Choose two)
- A . traffic between zone IT and zone Finance
- B . traffic between zone Finance and zone HR
- C . traffic within zone IT
- D . traffic within zone HR
Latest PCNSA Dumps Valid Version with 115 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
