Try 2022 Free PCNSA Certification Practice Exam

test2022-03-05T03:53:04+00:00

Palo Alto Networks Certified Network Security Administrator (PCNSA) is a formal, third‐party proctored certification that indicates that those who have passed it possess the in‐depth knowledge to design, install, configure, and maintain most implementations based on the Palo Alto Networks platform. We have prepared PCNSA practice questions to assist you in properly preparing for the PCNSA test. It covers 100% real PCNSA exam questions and answers to help you pass the PCNSA exam easily! Now is the time to put your skills to the test with these online practice exams!

Try these 100% real PCNSA exam questions and answers for free.

Page 1 of 2

1. Based on the show security policy rule would match all FTP traffic from the inside zone to the outside zone?

internal-inside-dmz

engress outside

inside-portal

intercone-default

2. Which information is included in device state other than the local configuration?

uncommitted changes

audit logs to provide information of administrative account changes

system logs to provide information of PAN-OS changes

device group and template settings pushed from Panorama

3. Which plane on a Palo alto networks firewall provides configuration logging and reporting functions on a separate processor?

data

network processing

management

security processing

4. Your company requires positive username attribution of every IP address used by wireless devices to support a new compliance requirement. You must collect IP Cto-user mappings as soon as possible with minimal downtime and minimal configuration changes to the wireless devices themselves. The wireless devices are from various manufactures.

Given the scenario, choose the option for sending IP-to-user mappings to the NGFW.

syslog

RADIUS

UID redistribution

XFF headers

5. DRAG DROP

Match the Cyber-Attack Lifecycle stage to its correct description.

6. What must be configured for the firewall to access multiple authentication profiles for external services to authenticate a non-local account?

authentication sequence

LDAP server profile

authentication server list

authentication list profile

7. Which file is used to save the running configuration with a Palo Alto Networks firewall?

running-config.xml

run-config.xml

running-configuration.xml

run-configuratin.xml

8. Which three configuration settings are required on a Palo Alto networks firewall management interface?

default gateway

netmask

IP address

hostname

auto-negotiation

9. How many zones can an interface be assigned with a Palo Alto Networks firewall?

two

three

four

one

10. An administrator wishes to follow best practices for logging traffic that traverses the firewall

Which log setting is correct?

Disable all logging

Enable Log at Session End

Enable Log at Session Start

Enable Log at both Session Start and End

Page 2 of 2

11. Which type of administrator account cannot be used to authenticate user traffic flowing through the firewall’s

data plane?

Kerberos user

SAML user

local database user

local user

12. Which dynamic update type includes updated anti-spyware signatures?

Applications and Threats

GlobalProtect Data File

Antivirus

PAN-DB

13. Which tab would an administrator click to create an address object?

Device

Policies

Monitor

Objects

14. Which action results in the firewall blocking network traffic without notifying the sender?

Deny

No notification

Drop

Reset Client

15. An administrator would like to override the default deny action for a given application and instead would like to block the traffic and send the ICMP code "communication with the destination is administratively prohibited"

Which security policy action causes this?

Drop

Drop, send ICMP Unreachable

Reset both

Reset server

16. The PowerBall Lottery has reached a high payout amount and a company has decided to help employee morale by allowing employees to check the number, but doesn’t want to unblock the gambling URL category.

Which two methods will allow the employees to get to the PowerBall Lottery site without the company unlocking the gambling URL category? (Choose two.)

Add all the URLs from the gambling category except powerball.com to the block list and then set the action for the gambling category to allow.

Manually remove powerball.com from the gambling URL category.

Add *.powerball.com to the allow list

Create a custom URL category called PowerBall and add *.powerball.com to the category and set the action to allow.

17. Given the cyber-attack lifecycle diagram identify the stage in which the attacker can run malicious code against a vulnerability in a targeted machine.

Exploitation

Installation

Reconnaissance

Act on the Objective

18. During the packet flow process, which two processes are performed in application identification? (Choose two.)

pattern based application identification

application override policy match

session application identified

application changed from content inspection

19. 1. create a service account on the Domain Controller with sufficient permissions to execute the User- ID agent

2-3-4-1

1-4-3-2

3-1-2-4

1-3-2-4

20. Which Security profile can you apply to protect against malware such as worms and Trojans?

data filtering

antivirus

vulnerability protection

anti-spyware