PCNSA Quiz 1 – Questions With Detailed Solutions
A Security Policy rule displayed in italic font indicates which condition?
Correct Ans - The rule is disabled
A server profile enables a firewall to locate which server type? Correct
Ans - A server with remote user accounts
An Interface management profile can be attached to which two interface
types Correct Ans - Loopback and Layer 3
Application block pages can be enabled for which applications Correct
Ans - web-based
because a firewall examines every packet in a session, a firewall can detect
application_____________? Correct Ans - shifts
Finding URLs matched to the not-resolved url category in the url filtering
log might indicate that you should take which action Correct Ans -
Validate connectivity to the PAN-DB cloud
If a dns sinkhole is configured, any sinkhole actions indicating a potentially
infected host are recorded in which log type? Correct Ans - threat
in a security profile, which action does a firewall take when the profiles
action is configured as a reset server Correct Ans - The traffic
responder is reset
for udp sessions, the connection is dropped
in a HA configuration which 3 components are synchronized between the
pair of firewalls Correct Ans - objects
policies
networks
in an HA configuration, which three functions are associated with the HA1
control link? Correct Ans - Exchanging HELLOS
exchanging Heartbeats
synchronizing configurations
, in an HA configuration, which 2 failure detection methods rely on ICMP
pings? Correct Ans - heartbeats
path monitoring
on a firwall that has 32 ethernet ports and it configured with a dynamic IP
and Port (DIPP) NAT oversubscription rate of 2x, what is the maximum
number of concurrent sessions supported by each available IP? Correct
Ans - 128K
which two user mapping methods are supported by the User-ID integrated
agent? Correct Ans - WMI probing
client probing
SSL inbound inspection requires that the firewall be configured with which
2 components? Correct Ans - server's private key
server's digital certificate
the firewall acts as a proxy for which 2 types of traffic? Correct Ans -
ssl outbound
ssl inbound inspection
the threat log records events from wich 3 security profiles Correct Ans
- vulnerability protection
antivirus
url filtering
what are 2 benefits of attaching a decryption profile to a decryption policy
no-decrypt rule? Correct Ans - expired certificate checking
untrusted certificate checking
what is a use care for deploying PANetworks NGFW in the public cloud?
Correct Ans - extending the corporate data center into the public cloud
when SSL traffic passes through the firewall, which component is evaluated
first? Correct Ans - decryption policy
where does a GlobalProtect client connect to first when trying to connect to
a network? Correct Ans - GlobalProtect portal
A Security Policy rule displayed in italic font indicates which condition?
Correct Ans - The rule is disabled
A server profile enables a firewall to locate which server type? Correct
Ans - A server with remote user accounts
An Interface management profile can be attached to which two interface
types Correct Ans - Loopback and Layer 3
Application block pages can be enabled for which applications Correct
Ans - web-based
because a firewall examines every packet in a session, a firewall can detect
application_____________? Correct Ans - shifts
Finding URLs matched to the not-resolved url category in the url filtering
log might indicate that you should take which action Correct Ans -
Validate connectivity to the PAN-DB cloud
If a dns sinkhole is configured, any sinkhole actions indicating a potentially
infected host are recorded in which log type? Correct Ans - threat
in a security profile, which action does a firewall take when the profiles
action is configured as a reset server Correct Ans - The traffic
responder is reset
for udp sessions, the connection is dropped
in a HA configuration which 3 components are synchronized between the
pair of firewalls Correct Ans - objects
policies
networks
in an HA configuration, which three functions are associated with the HA1
control link? Correct Ans - Exchanging HELLOS
exchanging Heartbeats
synchronizing configurations
, in an HA configuration, which 2 failure detection methods rely on ICMP
pings? Correct Ans - heartbeats
path monitoring
on a firwall that has 32 ethernet ports and it configured with a dynamic IP
and Port (DIPP) NAT oversubscription rate of 2x, what is the maximum
number of concurrent sessions supported by each available IP? Correct
Ans - 128K
which two user mapping methods are supported by the User-ID integrated
agent? Correct Ans - WMI probing
client probing
SSL inbound inspection requires that the firewall be configured with which
2 components? Correct Ans - server's private key
server's digital certificate
the firewall acts as a proxy for which 2 types of traffic? Correct Ans -
ssl outbound
ssl inbound inspection
the threat log records events from wich 3 security profiles Correct Ans
- vulnerability protection
antivirus
url filtering
what are 2 benefits of attaching a decryption profile to a decryption policy
no-decrypt rule? Correct Ans - expired certificate checking
untrusted certificate checking
what is a use care for deploying PANetworks NGFW in the public cloud?
Correct Ans - extending the corporate data center into the public cloud
when SSL traffic passes through the firewall, which component is evaluated
first? Correct Ans - decryption policy
where does a GlobalProtect client connect to first when trying to connect to
a network? Correct Ans - GlobalProtect portal
