PCNSA Exam
Recently changes were made to the firewall to optimize the policies and the security team wants to see
if those changes are helping. What is the quickest way to reset the hit counter to zero in all the security
policy rules?
A. At the CLI enter the command reset rules and press Enter
B. Highlight a rule and use the Reset Rule Hit Counter > Selected Rules for each rule
C. Reboot the firewall
D. Use the Reset Rule Hit Counter>All Rules option - ✔✔D. Use the Reset Rule Hit Counter > All Rules
option
Which Two App-ID applications will you need to allow in your Security policy to use facebook-chat?
A. facebook
B. facebook-chat
C. facebook-base
D. facebook-email - ✔✔B. facebook-chat
C. facebook-base
Which User-ID agent would be appropriate in a network with multiple WAN links, limited network
bandwidth, and limited firewall management plane resources?
A. Windows-based agents deployed on the internal network
B. PAN-OS integrated agent deployed on the internal network
C. Citrix terminal server deployed on the internal network
D. Windows-based agent deployed on each of the WAN Links - ✔✔A. Windows-based agent deployed
on the internal network
,Your company requires positive username attribution of every IP address used by the wireless devices to
support a new compliance requirement. You must collect IP to user mapping as soon as possible with
the minimal configuration changes to the wireless devices themselves. the wireless devices are from
various manufactures. Given the scenario, choose the option for sending IP-to user mapping to the
NGFW.
A. syslog
B. RADIUS
C. UID redistribution
D. XFF headers - ✔✔A. syslog
An administrator receives a global notification for a new malware that infects hosts. The infection will
result in the infected host attempting to contact a command- and-control (C2) server. Which two
security profile components will detect and prevent this threat after the firewall's signature database
has been updated? (Choose two.)
A. vulnerability protection profile applied to outbound security policies
B. anti-spyware profile applied to outbound security policies
C. antivirus profile applied to outbound security policies
D. URL filtering profile applied to outbound security policies - ✔✔B. anti-spyware profile applied to
outbound security polices
D. URL filtering profile applied to out bound security
Which interface does not require a MAC or IP address?
A. Virtual Wire
B. Layer3
C. Layer2
D. Loopback - ✔✔A. Virtual Wire
, Order the steps needed to create a new security zone with a Palo Alto Networks firewall. - ✔✔Step 1 :
Select Network
Step 2: Select Zones from the list of available items
Step 3: Select add
Step 4: Specify Zone Name
Step 5: Specify Zone type
Step 6: Assign interface as needed
What are two differences between an implicit dependency and an explicit dependency in App-ID?
(Choose two.)
A. An implicit dependency does not require the dependent application to be added in the security policy
B. An implicit dependency requires the dependent application to be added in the security policy
C. An explicit dependency does not require the dependent application to be added in the security policy
D. An explicit dependency requires the dependent application to be added in the security policy - ✔✔A.
An implicit dependency does not require the dependent application to be added in the security policy
D. An explicit dependency requires the dependent application to be added in the security policy
Which plane on a Palo Alto Networks Firewall provides configuration, logging, and reporting functions
on a separate processor?
A. management
B. network processing
C. data
D. security processing - ✔✔A. management
A security administrator has configured App-ID updates to be automatically downloaded and installed.
The company is currently using an application identified byApp-ID as SuperApp_base.On a content
update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and
Recently changes were made to the firewall to optimize the policies and the security team wants to see
if those changes are helping. What is the quickest way to reset the hit counter to zero in all the security
policy rules?
A. At the CLI enter the command reset rules and press Enter
B. Highlight a rule and use the Reset Rule Hit Counter > Selected Rules for each rule
C. Reboot the firewall
D. Use the Reset Rule Hit Counter>All Rules option - ✔✔D. Use the Reset Rule Hit Counter > All Rules
option
Which Two App-ID applications will you need to allow in your Security policy to use facebook-chat?
A. facebook
B. facebook-chat
C. facebook-base
D. facebook-email - ✔✔B. facebook-chat
C. facebook-base
Which User-ID agent would be appropriate in a network with multiple WAN links, limited network
bandwidth, and limited firewall management plane resources?
A. Windows-based agents deployed on the internal network
B. PAN-OS integrated agent deployed on the internal network
C. Citrix terminal server deployed on the internal network
D. Windows-based agent deployed on each of the WAN Links - ✔✔A. Windows-based agent deployed
on the internal network
,Your company requires positive username attribution of every IP address used by the wireless devices to
support a new compliance requirement. You must collect IP to user mapping as soon as possible with
the minimal configuration changes to the wireless devices themselves. the wireless devices are from
various manufactures. Given the scenario, choose the option for sending IP-to user mapping to the
NGFW.
A. syslog
B. RADIUS
C. UID redistribution
D. XFF headers - ✔✔A. syslog
An administrator receives a global notification for a new malware that infects hosts. The infection will
result in the infected host attempting to contact a command- and-control (C2) server. Which two
security profile components will detect and prevent this threat after the firewall's signature database
has been updated? (Choose two.)
A. vulnerability protection profile applied to outbound security policies
B. anti-spyware profile applied to outbound security policies
C. antivirus profile applied to outbound security policies
D. URL filtering profile applied to outbound security policies - ✔✔B. anti-spyware profile applied to
outbound security polices
D. URL filtering profile applied to out bound security
Which interface does not require a MAC or IP address?
A. Virtual Wire
B. Layer3
C. Layer2
D. Loopback - ✔✔A. Virtual Wire
, Order the steps needed to create a new security zone with a Palo Alto Networks firewall. - ✔✔Step 1 :
Select Network
Step 2: Select Zones from the list of available items
Step 3: Select add
Step 4: Specify Zone Name
Step 5: Specify Zone type
Step 6: Assign interface as needed
What are two differences between an implicit dependency and an explicit dependency in App-ID?
(Choose two.)
A. An implicit dependency does not require the dependent application to be added in the security policy
B. An implicit dependency requires the dependent application to be added in the security policy
C. An explicit dependency does not require the dependent application to be added in the security policy
D. An explicit dependency requires the dependent application to be added in the security policy - ✔✔A.
An implicit dependency does not require the dependent application to be added in the security policy
D. An explicit dependency requires the dependent application to be added in the security policy
Which plane on a Palo Alto Networks Firewall provides configuration, logging, and reporting functions
on a separate processor?
A. management
B. network processing
C. data
D. security processing - ✔✔A. management
A security administrator has configured App-ID updates to be automatically downloaded and installed.
The company is currently using an application identified byApp-ID as SuperApp_base.On a content
update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and
