1
PCNSA Exam Questions and Correct
Answers
Question: Recently changes were made to the firewall to optimize the
policies and the security team wants to see if those changes are helping.
What is the quickest way to reset the hit counter to zero in all the security
policy rules?
A. At the CLI enter the command reset rules and press Enter
B. Highlight a rule and use the Reset Rule Hit Counter > Selected Rules
for each rule
C. Reboot the firewall
D. Use the Reset Rule Hit Counter>All Rules option
Answer: D. Use the Reset Rule Hit Counter > All Rules option
Question: Which Two App-ID applications will you need to allow in your
Security policy to use facebook-chat?
A. facebook
B. facebook-chat
C. facebook-base
D. facebook-email
Answer: B. facebook-chat
C. facebook-base
Question: Which User-ID agent would be appropriate in a network with
multiple WAN links, limited network bandwidth, and limited firewall
management plane resources?
A. Windows-based agents deployed on the internal network
B. PAN-OS integrated agent deployed on the internal network
C. Citrix terminal server deployed on the internal network
D. Windows-based agent deployed on each of the WAN Links
Pretest - Stuvia US
,2
Answer: A. Windows-based agent deployed on the internal network
Question: Your company requires positive username attribution of every
IP address used by the wireless devices to support a new compliance
requirement. You must collect IP to user mapping as soon as possible
with the minimal configuration changes to the wireless devices
themselves. the wireless devices are from various manufactures. Given
the scenario, choose the option for sending IP-to user mapping to the
NGFW.
A. syslog
B. RADIUS
C. UID redistribution
D. XFF headers
Answer: A. syslog
Question: An administrator receives a global notification for a new
malware that infects hosts. The infection will result in the infected host
attempting to contact a command- and-control (C2) server. Which two
security profile components will detect and prevent this threat after the
firewall's signature database has been updated? (Choose two.)
A. vulnerability protection profile applied to outbound security policies
B. anti-spyware profile applied to outbound security policies
C. antivirus profile applied to outbound security policies
D. URL filtering profile applied to outbound security policies
Answer: B. anti-spyware profile applied to outbound security polices
D. URL filtering profile applied to out bound security
Question: Which interface does not require a MAC or IP address?
A. Virtual Wire
B. Layer3
C. Layer2
D. Loopback
Pretest - Stuvia US
, 3
Answer: A. Virtual Wire
Question: Order the steps needed to create a new security zone with a
Palo Alto Networks firewall.
Answer: Step 1 : Select Network
Step 2: Select Zones from the list of available items
Step 3: Select add
Step 4: Specify Zone Name
Step 5: Specify Zone type
Step 6: Assign interface as needed
Question: What are two differences between an implicit dependency and
an explicit dependency in App-ID? (Choose two.)
A. An implicit dependency does not require the dependent application to
be added in the security policy
B. An implicit dependency requires the dependent application to be added
in the security policy
C. An explicit dependency does not require the dependent application to
be added in the security policy
D. An explicit dependency requires the dependent application to be added
in the security policy
Answer: A. An implicit dependency does not require the dependent
application to be added in the security policy
D. An explicit dependency requires the dependent application to be added
in the security policy
Question: Which plane on a Palo Alto Networks Firewall provides
configuration, logging, and reporting functions on a separate processor?
A. management
B. network processing
C. data
D. security processing
Answer: A. management
Pretest - Stuvia US
PCNSA Exam Questions and Correct
Answers
Question: Recently changes were made to the firewall to optimize the
policies and the security team wants to see if those changes are helping.
What is the quickest way to reset the hit counter to zero in all the security
policy rules?
A. At the CLI enter the command reset rules and press Enter
B. Highlight a rule and use the Reset Rule Hit Counter > Selected Rules
for each rule
C. Reboot the firewall
D. Use the Reset Rule Hit Counter>All Rules option
Answer: D. Use the Reset Rule Hit Counter > All Rules option
Question: Which Two App-ID applications will you need to allow in your
Security policy to use facebook-chat?
A. facebook
B. facebook-chat
C. facebook-base
D. facebook-email
Answer: B. facebook-chat
C. facebook-base
Question: Which User-ID agent would be appropriate in a network with
multiple WAN links, limited network bandwidth, and limited firewall
management plane resources?
A. Windows-based agents deployed on the internal network
B. PAN-OS integrated agent deployed on the internal network
C. Citrix terminal server deployed on the internal network
D. Windows-based agent deployed on each of the WAN Links
Pretest - Stuvia US
,2
Answer: A. Windows-based agent deployed on the internal network
Question: Your company requires positive username attribution of every
IP address used by the wireless devices to support a new compliance
requirement. You must collect IP to user mapping as soon as possible
with the minimal configuration changes to the wireless devices
themselves. the wireless devices are from various manufactures. Given
the scenario, choose the option for sending IP-to user mapping to the
NGFW.
A. syslog
B. RADIUS
C. UID redistribution
D. XFF headers
Answer: A. syslog
Question: An administrator receives a global notification for a new
malware that infects hosts. The infection will result in the infected host
attempting to contact a command- and-control (C2) server. Which two
security profile components will detect and prevent this threat after the
firewall's signature database has been updated? (Choose two.)
A. vulnerability protection profile applied to outbound security policies
B. anti-spyware profile applied to outbound security policies
C. antivirus profile applied to outbound security policies
D. URL filtering profile applied to outbound security policies
Answer: B. anti-spyware profile applied to outbound security polices
D. URL filtering profile applied to out bound security
Question: Which interface does not require a MAC or IP address?
A. Virtual Wire
B. Layer3
C. Layer2
D. Loopback
Pretest - Stuvia US
, 3
Answer: A. Virtual Wire
Question: Order the steps needed to create a new security zone with a
Palo Alto Networks firewall.
Answer: Step 1 : Select Network
Step 2: Select Zones from the list of available items
Step 3: Select add
Step 4: Specify Zone Name
Step 5: Specify Zone type
Step 6: Assign interface as needed
Question: What are two differences between an implicit dependency and
an explicit dependency in App-ID? (Choose two.)
A. An implicit dependency does not require the dependent application to
be added in the security policy
B. An implicit dependency requires the dependent application to be added
in the security policy
C. An explicit dependency does not require the dependent application to
be added in the security policy
D. An explicit dependency requires the dependent application to be added
in the security policy
Answer: A. An implicit dependency does not require the dependent
application to be added in the security policy
D. An explicit dependency requires the dependent application to be added
in the security policy
Question: Which plane on a Palo Alto Networks Firewall provides
configuration, logging, and reporting functions on a separate processor?
A. management
B. network processing
C. data
D. security processing
Answer: A. management
Pretest - Stuvia US
