Palo Alto Networks PCNSA Übungsprüfungen
Zuletzt aktualisiert am 13.07.2025- Prüfungscode: PCNSA
- Prüfungsname: Palo Alto Networks Certified Network Security Administrator
- Zertifizierungsanbieter: Palo Alto Networks
- Zuletzt aktualisiert am: 13.07.2025
Given the screenshot, what two types of route is the administrator configuring? (Choose two.)
- A . BGP
- B . static route
- C . default route
- D . OSPF
Given the topology, which zone type should zone A and zone B to be configured with?
- A . Layer3
- B . Ethernet
- C . Layer2
- D . Virtual Wire
Application groups enable access to what?
- A . Applications that are explicitly unsanctioned for use within a company
- B . Applications that are not explicitly unsanctioned and that an administrator wants users to be able to access
- C . Applications that are explicitly sanctioned for use within a company
- D . Applications that are not explicitly sanctioned and that an administrator wants users to be able to access
Application groups enable access to what?
- A . Applications that are explicitly unsanctioned for use within a company
- B . Applications that are not explicitly unsanctioned and that an administrator wants users to be able to access
- C . Applications that are explicitly sanctioned for use within a company
- D . Applications that are not explicitly sanctioned and that an administrator wants users to be able to access
Which Palo Alto networks security operating platform service protects cloud-based application such as Dropbox and salesforce by monitoring permissions and shared and scanning files for Sensitive information?
- A . Prisma SaaS
- B . AutoFocus
- C . Panorama
- D . GlobalProtect
What is the default action for the SYN Flood option within the DoS Protection profile?
- A . Reset-client
- B . Alert
- C . Sinkhole
- D . Random Early Drop
A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS-and the OUTSIDE-zone.
What configuration-changes should the Firewall-admin make?
- A . Create a custom-service-object called SERVICE-SSH for destination-port-TCP-22. Create a security-rule between zone USERS and OUTSIDE to allow traffic from any source IP-address to any destination IP-address for SERVICE-SSH
- B . Create a security-rule that allows traffic from zone USERS to OUTSIDE to allow traffic from any source IP-address to any destination IP-address for application SSH
- C . In addition to option a, a custom-service-object called SERVICE-SSH-RETURN that contains source-port-TCP-22 should be created. A second security-rule is required that allows traffic from zone OUTSIDE to USERS for SERVICE-SSH-RETURN for any source-IP-address to any destination-Ip-address
- D . In addition to option c, an additional rule from zone OUTSIDE to USERS for application SSH from any source-IP-address to any destination-IP-address is required to allow the return-traffic from the SSH-servers to reach the server-admin
An administrator is trying to enforce policy on some (but not all) of the entries in an external dynamic list.
What is the maximum number of entries that they can be excluded?
- A . 50
- B . 100
- C . 200
- D . 1,000
An administrator is trying to enforce policy on some (but not all) of the entries in an external dynamic list.
What is the maximum number of entries that they can be excluded?
- A . 50
- B . 100
- C . 200
- D . 1,000