Palo Alto Networks PCNSA Übungsprüfungen
Zuletzt aktualisiert am 17.06.2025 - Prüfungscode: PCNSA
- Prüfungsname: Palo Alto Networks Certified Network Security Administrator
- Zertifizierungsanbieter: Palo Alto Networks
- Zuletzt aktualisiert am: 17.06.2025
How would a Security policy need to be written to allow outbound traffic using Secure Shell (SSH) to destination ports tcp/22 and tcp/4422?
- A . The admin creates a custom service object named "tcp-4422" with port tcp/4422.
The admin then creates a Security policy allowing application "ssh" and service "tcp-4422". - B . The admin creates a custom service object named "tcp-4422" with port tcp/4422.
The admin then creates a Security policy allowing application "ssh", service "tcp-4422", and service "application-default". - C . The admin creates a custom service object named "tcp-4422" with port tcp/4422. The admin also creates a custom service object named "tcp-22" with port tcp/22.
The admin then creates a Security policy allowing application "ssh", service "tcp-4422", and service "tcp-22". - D . The admin creates a Security policy allowing application "ssh" and service "application-default".
How would a Security policy need to be written to allow outbound traffic using Secure Shell (SSH) to destination ports tcp/22 and tcp/4422?
- A . The admin creates a custom service object named "tcp-4422" with port tcp/4422.
The admin then creates a Security policy allowing application "ssh" and service "tcp-4422". - B . The admin creates a custom service object named "tcp-4422" with port tcp/4422.
The admin then creates a Security policy allowing application "ssh", service "tcp-4422", and service "application-default". - C . The admin creates a custom service object named "tcp-4422" with port tcp/4422. The admin also creates a custom service object named "tcp-22" with port tcp/22.
The admin then creates a Security policy allowing application "ssh", service "tcp-4422", and service "tcp-22". - D . The admin creates a Security policy allowing application "ssh" and service "application-default".
To enable DNS sinkholing, which two addresses should be reserved? (Choose two.)
- A . MAC
- B . IPv6
- C . Email
- D . IPv4
An address object of type IP Wildcard Mask can be referenced in which part of the configuration?
- A . Security policy rule
- B . ACC global filter
- C . external dynamic list
- D . NAT address pool
Which firewall feature do you need to configure to query Palo Alto Networks service updates over a data-plane interface instead of the management interface?
- A . service route
- B . dynamic updates
- C . SNMP setup
- D . data redistribution
When an ethernet interface is configured with an IPv4 address, which type of zone is it a
member of?
- A . Layer 3
- B . Virtual Wire
- C . Tap
- D . Tunnel
Which dynamic update type includes updated anti-spyware signatures?
- A . Applications and Threats
- B . GlobalProtect Data File
- C . Antivirus
- D . PAN-DB
Which statement best describes a common use of Policy Optimizer?
- A . Policy Optimizer can display which Security policies have not been used in the last 90 days
- B . Policy Optimizer on a VM-50 firewall can display which Layer 7 App-ID Security policies have unused applications
- C . Policy Optimizer can add or change a Log Forwarding profile for each Security policy selected.
- D . Policy Optimizer can be used on a schedule to automatically create a disabled Layer 7 App-ID Security policy for every Layer 4 policy that exists Admins can then manually enable policies they want to keep and delete ones they want to remove
An administrator would like to override the default deny action for a given application, and instead would like to block the traffic.
Which security policy action causes this?
- A . Drop
- B . Drop, send ICMP Unreachable
- C . Reset both
- D . Reset client
Which type of address object is www.paloaltonetworks.com?
- A . IP range
- B . IP netmask
- C . named address
- D . FQDN