PCNSA Personal
What is an "application shift?"
1. an application change during the lifetime of a session
2. a session change during the lifetime of an application
3. a packet change during the lifetime of a session
4. application dependency - ✔✔an application change during the lifetime of a session
What is the default metric value of static routes?
+1
1
2
10
20 - ✔✔10
How often are new antivirus signatures published?
hourly
weekly
daily
monthly - ✔✔Daily
Which interface type can be used to switch traffic between multiple interfaces inside the same VLAN?
,Tap interfaces
Layer 2 interfaces
Layer 3 interfaces
other subnets - ✔✔Layer 2
Which type of firewall configuration contains in-progress configuration changes?
running
candidate
named
saved - ✔✔candidate
Given the topology shown in the graphic, which interface type should you configure for zone A and zone
B?
Layer3
Layer2
Virtual Wire
Ethernet - ✔✔Layer 3
What does the Save Named Configuration Snapshot option do?
creates a tentative configuration snapshot that does not overwrite the default snapshot (.snapshot.xml)
,creates a candidate configuration snapshot that does not overwrite the default snapshot (.snapshot.xml)
deletes a candidate configuration snapshot that does not overwrite the default snapshot (.snapshot.xml)
creates a candidate configuration snapshot that does not overwrite the default snapshot (.saved.xml) -
✔✔creates a candidate configuration snapshot that does not overwrite the default snapshot
(.snapshot.xml)
Which statement is true about the App-ID database?
App-ID always requires an explicit Security policy rule for parent applications.
Some App-IDs implicitly allow required application without the need to explicitly add the parent to the
Security policy.
Every application has a parent application.
If an App-ID has a web-browsing dependency, you will not need to add web-browsing to other Security
polices to use web-browsing - ✔✔Some App-IDs implicitly allow required application without the need
to explicitly add the parent to the Security policy.
An internal host needs to connect through the firewall using source NAT to servers on the
internet.Which policy is required to enable source NAT on the firewall?
NAT policy with internal zone and internet zone specified
NAT policy with no internal or internet zone selected
, pre-NAT policy with external source and any destination address
post-NAT policy with external source and any destination address - ✔✔NAT policy with internal zone
and internet zone specified
Which two agents can be used to monitor servers and gather User-ID information? (Choose two.)
Built-in agent inside the PAN-OS® firewall
Windows-based client
Traps agent
Cortex Data Lake - ✔✔Built-in agent inside the PAN-OS® firewall
Windows-based client
What are two URL Filtering Security Profile actions? (Choose two.)
Continue
Approved
Deny
Allow - ✔✔Continue, Allow
What are two predefined anti-spyware profiles? (Choose two.)
What is an "application shift?"
1. an application change during the lifetime of a session
2. a session change during the lifetime of an application
3. a packet change during the lifetime of a session
4. application dependency - ✔✔an application change during the lifetime of a session
What is the default metric value of static routes?
+1
1
2
10
20 - ✔✔10
How often are new antivirus signatures published?
hourly
weekly
daily
monthly - ✔✔Daily
Which interface type can be used to switch traffic between multiple interfaces inside the same VLAN?
,Tap interfaces
Layer 2 interfaces
Layer 3 interfaces
other subnets - ✔✔Layer 2
Which type of firewall configuration contains in-progress configuration changes?
running
candidate
named
saved - ✔✔candidate
Given the topology shown in the graphic, which interface type should you configure for zone A and zone
B?
Layer3
Layer2
Virtual Wire
Ethernet - ✔✔Layer 3
What does the Save Named Configuration Snapshot option do?
creates a tentative configuration snapshot that does not overwrite the default snapshot (.snapshot.xml)
,creates a candidate configuration snapshot that does not overwrite the default snapshot (.snapshot.xml)
deletes a candidate configuration snapshot that does not overwrite the default snapshot (.snapshot.xml)
creates a candidate configuration snapshot that does not overwrite the default snapshot (.saved.xml) -
✔✔creates a candidate configuration snapshot that does not overwrite the default snapshot
(.snapshot.xml)
Which statement is true about the App-ID database?
App-ID always requires an explicit Security policy rule for parent applications.
Some App-IDs implicitly allow required application without the need to explicitly add the parent to the
Security policy.
Every application has a parent application.
If an App-ID has a web-browsing dependency, you will not need to add web-browsing to other Security
polices to use web-browsing - ✔✔Some App-IDs implicitly allow required application without the need
to explicitly add the parent to the Security policy.
An internal host needs to connect through the firewall using source NAT to servers on the
internet.Which policy is required to enable source NAT on the firewall?
NAT policy with internal zone and internet zone specified
NAT policy with no internal or internet zone selected
, pre-NAT policy with external source and any destination address
post-NAT policy with external source and any destination address - ✔✔NAT policy with internal zone
and internet zone specified
Which two agents can be used to monitor servers and gather User-ID information? (Choose two.)
Built-in agent inside the PAN-OS® firewall
Windows-based client
Traps agent
Cortex Data Lake - ✔✔Built-in agent inside the PAN-OS® firewall
Windows-based client
What are two URL Filtering Security Profile actions? (Choose two.)
Continue
Approved
Deny
Allow - ✔✔Continue, Allow
What are two predefined anti-spyware profiles? (Choose two.)
