Palo Alto Networks PCNSA Übungsprüfungen
Zuletzt aktualisiert am 13.07.2025- Prüfungscode: PCNSA
- Prüfungsname: Palo Alto Networks Certified Network Security Administrator
- Zertifizierungsanbieter: Palo Alto Networks
- Zuletzt aktualisiert am: 13.07.2025
An administrator needs to allow users to use their own office applications.
How should the administrator configure the firewall to allow multiple applications in a dynamic environment?
- A . Create an Application Filter and name it Office Programs, the filter it on the business-systems category, office-programs subcategory
- B . Create an Application Group and add business-systems to it
- C . Create an Application Filter and name it Office Programs, then filter it on the business-systems category
- D . Create an Application Group and add Office 365, Evernote, Google Docs, and Libre Office
When configuring a security policy, what is a best practice for User-ID?
- A . Use only one method for mapping IP addresses to usernames.
- B . Allow the User-ID agent in zones where agents are not monitoring services.
- C . Limit User-ID to users registered in an Active Directory server.
- D . Deny WMI traffic from the User-ID agent to any external zone.
An administrator is creating a NAT policy.
Which combination of address and zone are used as match conditions? (Choose two.)
- A . Pre-NAT address
- B . Pre-NAT zone
- C . Post-NAT address
- D . Post-NAT zone
Which Security profile must be added to Security policies to enable DNS Signatures to be checked?
- A . URL Filtering
- B . Vulnerability Protection
- C . Anti-Spyware
- D . Antivirus
Which type of administrative role must you assign to a firewall administrator account, if the account must include a custom set of firewall permissions?
- A . Role-based
- B . Multi-Factor Authentication
- C . Dynamic
- D . SAML
What must you configure to enable the firewall to access multiple Authentication Profiles to authenticate a non-local account?
- A . authentication sequence
- B . LDAP server profile
- C . authentication server list
- D . authentication list profile
An administrator is troubleshooting an issue with traffic that matches the intrazone-default rule, which is set to default configuration.
What should the administrator do?
- A . change the logging action on the rule
- B . review the System Log
- C . refresh the Traffic Log
- D . tune your Traffic Log filter to include the dates
untrust to the internet
Based on the capabilities of the Palo Alto Networks NGFW, what are two ways to configure a security policy using App-ID to comply with this request? (Choose two)
- A . Create a deny rule at the top of the policy from trust to untrust over any service and select evasive as the application
- B . Create a deny rule at the top of the policy from trust to untrust with service application-default and select evasive as the application.
- C . Create a deny rule at the top of the policy from trust to untrust over any service and add an application filter with the evasive characteristic.
- D . Create a deny rule at the top of the policy from trust to untrust with service application-default and add an application filter with the evasive characteristic
Which statement is true regarding a Best Practice Assessment?
- A . The BPA tool can be run only on firewalls
- B . It provides a percentage of adoption for each assessment data
- C . The assessment, guided by an experienced sales engineer, helps determine the areas of greatest risk where you should focus prevention activities
- D . It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture
The Port Mapping user mapping method can monitor which two types of environments? (Choose two.)
- A . Citrix
- B . Microsoft terminal servers
- C . Exchange Servers
- D . Linux servers