1 ||| ||P ||a
|| g ||e
PCNSA EXAM COMPREHENSIVE EXAM Q&A
FOR CERTIFICATION SUCCESS
An administrator encountered problems with inbound decryption. which
|| || || || || || ||
option should the administrator investigate as part of the triage?-correct-
|| || || || || || || || || ||
answer-Security policy rule allowing SSL to the target server
|| || || || || || || ||
Which two virtualization platforms officially support the deployment of the
|| || || || || || || || ||
Palo Alto Networks VM- Series firewalls? (choose two)-correct-answer--
|| || || || || || || ||
Kernel Virtualization Module (KVM)
|| || ||
-Microsoft Hyper-V ||
Which User-ID method maps IP addresses to user names for users
|| || || || || || || || || ||
connecting through an 802x-enabled wireless network device that has no
|| || || || || || || || || ||
native integration with PAN-OS software?-correct-answer-XML API
|| || || || || ||
Decrypted packets from the website https://www.microsoft.com will appear as
|| || || || || || || ||
which application and service within the traffic log?-correct-answer-SSL and 80
|| || || || || || || || || ||
,2 ||| ||P ||a
|| g ||e
Which PAN-OS policy must you configure to force a user to provide
|| || || || || || || || || || ||
additional credentials before he is allowed to access an internal
|| || || || || || || || || ||
application that contains highly-sensitive business data?-correct-answer-
|| || || || || ||
Authentication Policy ||
A Security policy rule is configured with a vulnerability protection profile and
|| || || || || || || || || || ||
an action of "Deny". which action will this cause configuration on the
|| || || || || || || || || || || ||
matched
||
traffic?-correct-answer-The configuration will allow the matched session unless || || || || || || ||
a vulnerability signature is detected. the "deny" action will supersede the
|| || || || || || || || || || ||
per-
||
severity defined actions in the associated vulnerability protection profile.
|| || || || || || || ||
A user traffic traversing a Palo Alto Network NGFW sometimes can reach
|| || || || || || || || || || ||
http://www.company.com. At other times the session times out. The NGFW has || || || || || || || || || ||
been configured with a PBF rule if the next hop does down?-correct-
|| || || || || || || || || || || ||
answer- Create and add a monitor profile with an action of failover in the
|| || || || || || || || || || || || ||
PBF rule in question
|| || || ||
What are the benefits of nested device groups in Panorama?-correct-answer--
|| || || || || || || || ||
Reuse of the existing security policy rules and objects
|| || || || || || || || ||
-All device groups inherit setting from the shared group
|| || || || || || || ||
Which captive portal mode must be configured to supported
|| || || || || || || ||
MFA authentications?-correct-answer-Redirect
|| ||
, 3 ||| ||P ||a
|| g ||e
An administrator needs to implement an NGFW between their DMZ and core
|| || || || || || || || || || ||
network. EIGRP Routing between the two environments is required. Which
|| || || || || || || || || ||
interface type would support this business requirement?-correct-answer-Virtual
|| || || || || ||
Wire interface to permit EIGRP routing to remain between the core and
|| || || || || || || || || || || ||
DMZ
||
A speed/duplex negotiation mismatch is between the Palo Alto Networks
|| || || || || || || || ||
management port and the switch port to which it connects. How would an
|| || || || || || || || || || || || ||
administrator configure the interface to 1 Gbps?-correct-answer-Set device
|| || || || || || ||
config system speed-duplex 1 gbps-gull-duplex
|| || || || ||
A web server is hosted in the DMZ, and he servers is configured to listen for
|| || || || || || || || || || || || || || ||
incoming connections only on the TCP port 8080. a security policy rule
|| || || || || || || || || || ||
allowing
||
access from the trust zone to the DMZ zone need to be configured to enable
|| || || || || || || || || || || || || ||
web browsing access tot he server. Which application and service need to
|| || || || || || || || || || || ||
be configured to allow only cleartext web-browsing traffic to thins server on
|| || || || || || || || || || || ||
tcp/8080?-correct-answer-application: web browsing; service: application || || || ||
default
||
Which method does an administrator use to integrate all non-native MFA
|| || || || || || || || || ||
platforms in PAN-OS software?-correct-answer-RADIUS
|| || || ||
|| g ||e
PCNSA EXAM COMPREHENSIVE EXAM Q&A
FOR CERTIFICATION SUCCESS
An administrator encountered problems with inbound decryption. which
|| || || || || || ||
option should the administrator investigate as part of the triage?-correct-
|| || || || || || || || || ||
answer-Security policy rule allowing SSL to the target server
|| || || || || || || ||
Which two virtualization platforms officially support the deployment of the
|| || || || || || || || ||
Palo Alto Networks VM- Series firewalls? (choose two)-correct-answer--
|| || || || || || || ||
Kernel Virtualization Module (KVM)
|| || ||
-Microsoft Hyper-V ||
Which User-ID method maps IP addresses to user names for users
|| || || || || || || || || ||
connecting through an 802x-enabled wireless network device that has no
|| || || || || || || || || ||
native integration with PAN-OS software?-correct-answer-XML API
|| || || || || ||
Decrypted packets from the website https://www.microsoft.com will appear as
|| || || || || || || ||
which application and service within the traffic log?-correct-answer-SSL and 80
|| || || || || || || || || ||
,2 ||| ||P ||a
|| g ||e
Which PAN-OS policy must you configure to force a user to provide
|| || || || || || || || || || ||
additional credentials before he is allowed to access an internal
|| || || || || || || || || ||
application that contains highly-sensitive business data?-correct-answer-
|| || || || || ||
Authentication Policy ||
A Security policy rule is configured with a vulnerability protection profile and
|| || || || || || || || || || ||
an action of "Deny". which action will this cause configuration on the
|| || || || || || || || || || || ||
matched
||
traffic?-correct-answer-The configuration will allow the matched session unless || || || || || || ||
a vulnerability signature is detected. the "deny" action will supersede the
|| || || || || || || || || || ||
per-
||
severity defined actions in the associated vulnerability protection profile.
|| || || || || || || ||
A user traffic traversing a Palo Alto Network NGFW sometimes can reach
|| || || || || || || || || || ||
http://www.company.com. At other times the session times out. The NGFW has || || || || || || || || || ||
been configured with a PBF rule if the next hop does down?-correct-
|| || || || || || || || || || || ||
answer- Create and add a monitor profile with an action of failover in the
|| || || || || || || || || || || || ||
PBF rule in question
|| || || ||
What are the benefits of nested device groups in Panorama?-correct-answer--
|| || || || || || || || ||
Reuse of the existing security policy rules and objects
|| || || || || || || || ||
-All device groups inherit setting from the shared group
|| || || || || || || ||
Which captive portal mode must be configured to supported
|| || || || || || || ||
MFA authentications?-correct-answer-Redirect
|| ||
, 3 ||| ||P ||a
|| g ||e
An administrator needs to implement an NGFW between their DMZ and core
|| || || || || || || || || || ||
network. EIGRP Routing between the two environments is required. Which
|| || || || || || || || || ||
interface type would support this business requirement?-correct-answer-Virtual
|| || || || || ||
Wire interface to permit EIGRP routing to remain between the core and
|| || || || || || || || || || || ||
DMZ
||
A speed/duplex negotiation mismatch is between the Palo Alto Networks
|| || || || || || || || ||
management port and the switch port to which it connects. How would an
|| || || || || || || || || || || || ||
administrator configure the interface to 1 Gbps?-correct-answer-Set device
|| || || || || || ||
config system speed-duplex 1 gbps-gull-duplex
|| || || || ||
A web server is hosted in the DMZ, and he servers is configured to listen for
|| || || || || || || || || || || || || || ||
incoming connections only on the TCP port 8080. a security policy rule
|| || || || || || || || || || ||
allowing
||
access from the trust zone to the DMZ zone need to be configured to enable
|| || || || || || || || || || || || || ||
web browsing access tot he server. Which application and service need to
|| || || || || || || || || || || ||
be configured to allow only cleartext web-browsing traffic to thins server on
|| || || || || || || || || || || ||
tcp/8080?-correct-answer-application: web browsing; service: application || || || ||
default
||
Which method does an administrator use to integrate all non-native MFA
|| || || || || || || || || ||
platforms in PAN-OS software?-correct-answer-RADIUS
|| || || ||
