Palo Alto Networks PCNSA Übungsprüfungen
Zuletzt aktualisiert am 16.07.2025- Prüfungscode: PCNSA
- Prüfungsname: Palo Alto Networks Certified Network Security Administrator
- Zertifizierungsanbieter: Palo Alto Networks
- Zuletzt aktualisiert am: 16.07.2025
Which statement is true regarding a Best Practice Assessment?
- A . It runs only on firewalls.
- B . It shows how current configuration compares to Palo Alto Networks recommendations.
- C . When guided by an authorized sales engineer, it helps determine the areas of greatest risk where you should focus prevention activities.
- D . It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture.
Which Security profile prevents users from submitting valid corporate credentials online?
- A . WildFire
- B . URL filtering
- C . Advanced threat prevention
- D . SSL decryption
An administrator would like to override the default deny action for a given application, and instead would like to block the traffic and send the ICMP code "communication with the destination is administratively prohibited".
Which security policy action causes this?
- A . Drop
- B . Drop, send ICMP Unreachable
- C . Reset both
- D . Reset server
A website is unexpectedly allowed due to miscategorization.
What are two ways to resolve this issue for a proper response? (Choose two.)
- A . Create a URL category and assign the affected URL.
Update the active URL Filtering profile site access setting for the custom URL category to block. - B . Review the categorization of the website on https://urlfiltering paloaltonetworks.com.
Submit for "request change", identifying the appropriate categorization, and wait for confirmation before testing again. - C . Identify the URL category being assigned to the website.
Edit the active URL Filtering profile and update that category’s site access settings to block. - D . Create a URL category and assign the affected URL.
Add a Security policy with a URL category qualifier of the custom URL category below the original policy.
Set the policy action to Deny.
A website is unexpectedly allowed due to miscategorization.
What are two ways to resolve this issue for a proper response? (Choose two.)
- A . Create a URL category and assign the affected URL.
Update the active URL Filtering profile site access setting for the custom URL category to block. - B . Review the categorization of the website on https://urlfiltering paloaltonetworks.com.
Submit for "request change", identifying the appropriate categorization, and wait for confirmation before testing again. - C . Identify the URL category being assigned to the website.
Edit the active URL Filtering profile and update that category’s site access settings to block. - D . Create a URL category and assign the affected URL.
Add a Security policy with a URL category qualifier of the custom URL category below the original policy.
Set the policy action to Deny.
After making multiple changes to the candidate configuration of a firewall, the administrator would like to start over with a candidate configuration that matches the running configuration.
Which command in Device > Setup > Operations would provide the most operationally efficient way to accomplish this?
- A . Import named config snapshot
- B . Load named configuration snapshot
- C . Revert to running configuration
- D . Revert to last saved configuration
After making multiple changes to the candidate configuration of a firewall, the administrator would like to start over with a candidate configuration that matches the running configuration.
Which command in Device > Setup > Operations would provide the most operationally efficient way to accomplish this?
- A . Import named config snapshot
- B . Load named configuration snapshot
- C . Revert to running configuration
- D . Revert to last saved configuration
In a Security policy, what is the quickest way to reset all policy rule hit counters to zero?
- A . Highlight each rule and use the Reset Rule Hit Counter > Selected Rules
- B . Reboot the firewall
- C . Use the Reset Rule Hit Counter > All Rules option
- D . Use the CLI enter the command reset rules all
In a Security policy, what is the quickest way to reset all policy rule hit counters to zero?
- A . Highlight each rule and use the Reset Rule Hit Counter > Selected Rules
- B . Reboot the firewall
- C . Use the Reset Rule Hit Counter > All Rules option
- D . Use the CLI enter the command reset rules all
What are the two ways to implement an exception to an external dynamic list? (Choose two.)
- A . Edit the external dynamic list by removing the entries to exclude.
- B . Select the entries to exclude from the List Entries list.
- C . Manually add an entry to the Manual Exceptions list.
- D . Edit the external dynamic list by adding the "-" symbol before the entries to exclude.