Palo Alto PCNSA Exam Study Guide - Q & A with Complete Solutions

Palo Alto PCNSA Exam Study Guide - Q & A with Complete Solutions Which three statements are true regarding a GlobalProtect Gateway? (Choose three.) a. Provides security enforcement for traffic from GlobalProtect clients. b. Requires a tunnel interface for external clients. c. Tunnel interfaces are optional for internal gateways. d. Authenticates users against a Server Profile. For which type of functionality can a GlobalProtect Gateway map IP addresses to the user? a. App-ID b. Content-ID c. User-ID Which three options are aspects of the basic requirements to create a VPN in a PAN-OS release? (Choose three.) a. add a static route to the virtual router b. create the tunnel interface c. configure the IPsec tunnel d. identify proxy ID errors (T/F) When you create a static route for the VPN, no next hop IP address is required. a. true b. false Which two options are true regarding a VPN tunnel interface? (Choose two.) a. The tunnel interface always requires an IP address. b. A tunnel interface is a logical Layer 3 interface. c. The tunnel interface must be added to a Layer 3 security zone. d. The interface name "tunnel" can be renamed to anything you want, up to 20 characters in length. (T/F) IPsec is a set of protocols used to set up a secure tunnel for the VPN traffic. a. true b. false Logs can be forwarded to which four of the following Remote Logging Destinations? (Choose four.) a. Email b. Syslog c. Common access log d. Panorama e. SNMP A log can be exported to which format? a. CSV b. PDF c. PPT d. XLS (T/F) A Report Group must be sent as a scheduled email. It cannot be downloaded directly. a. true b. false A SaaS application that you formally approve for use on your network is which type of application? a. sanctioned b. production c. unsanctioned d. service Which four attributes describe an active/passive HA firewall configuration? (Choose four.) a. only one firewall actively processes traffic b. primarily designed to support asymmetric routing c. no increase in session capacity d. no increase in throughput e. supports Virtual Wire, Layer 2, and Layer 3 deployments Which three types of traffic flow across the HA Control link? (Choose three.) a. configuration synchronization b. session synchronization c. heartbeats d. hellos On a firewall with dedicated HA ports, which option describes the function of the HA2 port? a. Control link b. Data link c. Heartbeat link d. Management link (T/F) A Backup Control link helps prevent split-brain operation in a firewall HA cluster. a. true b. false Which are four failure detection methods in a firewall HA cluster? (Choose four.) a. heartbeats and hellos b. internal health checks c. link groups d. path groups e. polling Which phase is not one of the three phases used in a migration from port-based firewall policies to application-based firewall policies? a. Application Visibility b. Baseline Visibility c. Consolidate, Customize, and Reduce Risk d. Next-Generation Policies Which tab in the ACC provides an overview of traffic and user activity on your network? a. Tunnel Activity b. Blocked Activity c. Network Activity d. Threat Activity You should set all category actions to which level when you create a new URL Filtering Profile? a. alert b. block c. continue d. allow (T/F) Heatmap and BPA are online tool available only to partners and employees. a. true b. false