Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)
Last Update May 3, 2024
Total Questions : 362
We are offering FREE PCNSA Paloalto Networks exam questions. All you do is to just go and sign up. Give your details, prepare PCNSA free exam questions and then go for complete pool of Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0) test questions that will help you more.
To use Active Directory to authenticate administrators, which server profile is required in the authentication profile?
Given the cyber-attack lifecycle diagram identify the stage in which the attacker can run malicious code against a vulnerability in a targeted machine.
Which path is used to save and load a configuration with a Palo Alto Networks firewall?
Which objects would be useful for combining several services that are often defined together?
Which three statement describe the operation of Security Policy rules or Security Profiles? (Choose three)
An administrator is configuring a NAT rule
At a minimum, which three forms of information are required? (Choose three.)
Your company requires positive username attribution of every IP address used by wireless devices to support a new compliance requirement. You must collect IP –to-user mappings as soon as possible with minimal downtime and minimal configuration changes to the wireless devices themselves. The wireless devices are from various manufactures.
Given the scenario, choose the option for sending IP-to-user mappings to the NGFW.
Which three types of authentication services can be used to authenticate user traffic flowing through the firewalls data plane? (Choose three )
In a File Blocking profile, which two actions should be taken to allow file types that support critical apps? (Choose two.)
Which firewall feature do you need to configure to query Palo Alto Networks service updates over a data-plane interface instead of the management interface?
By default, what is the maximum number of templates that can be added to a template stack?
Which setting is available to edit when a tag is created on the local firewall?
Assume that traffic matches a Security policy rule but the attached Security Profiles is configured to block matching traffic
Which statement accurately describes how the firewall will apply an action to matching traffic?
What are three configurable interface types for a data-plane ethernet interface? (Choose three.)
Which feature enables an administrator to review the Security policy rule base for unused rules?
An administrator is troubleshooting traffic that should match the interzone-default rule. However, the administrator doesn't see this traffic in the traffic logs on the firewall. The interzone-default was never changed from its default configuration.
Why doesn't the administrator see the traffic?
What are three characteristics of the Palo Alto Networks DNS Security service? (Choose three.)
An administrator is reviewing the Security policy rules shown in the screenshot below.
Which statement is correct about the information displayed?
Where in the PAN-OS GUI can an administrator monitor the rule usage for a specified period of time?
Which User-ID mapping method should be used for an environment with clients that do not authenticate to Windows Active Directory?
In which two Security Profiles can an action equal to the block IP feature be configured? (Choose two.)
Which license is required to use the Palo Alto Networks built-in IP address EDLs?
In the PAN-OS Web Interface, which is a session distribution method offered under NAT Translated Packet Tab to choose how the firewall assigns sessions?
Which feature would be useful for preventing traffic from hosting providers that place few restrictions on content, whose services are frequently used by attackers to distribute illegal or unethical material?
According to the best practices for mission critical devices, what is the recommended interval for antivirus updates?
Which feature enables an administrator to review the Security policy rule base for unused rules?
An administrator is updating Security policy to align with best practices.
Which Policy Optimizer feature is shown in the screenshot below?
Which two firewall components enable you to configure SYN flood protection thresholds? (Choose two.)
Which two statements are true for the DNS security service introduced in PAN-OS version 10.0?
What are three valid ways to map an IP address to a username? (Choose three.)
How does the Policy Optimizer policy view differ from the Security policy view?
Place the following steps in the packet processing order of operations from first to last.
Refer to the exhibit. An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and Host B (10.1.1.101) receives SSH traffic.
Which two Security policy rules will accomplish this configuration? (Choose two.)
An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?
If users from the Trusted zone need to allow traffic to an SFTP server in the DMZ zone, how should a Security policy with App-ID be configured?
A)
B)
C)
D)
An administrator manages a network with 300 addresses that require translation. The administrator configured NAT with an address pool of 240 addresses and found that connections from addresses that needed new translations were being dropped.
Which type of NAT was configured?
Which action related to App-ID updates will enable a security administrator to view the existing security policy rule that matches new application signatures?
Identify the correct order to configure the PAN-OS integrated USER-ID agent.
3. add the service account to monitor the server(s)
2. define the address of the servers to be monitored on the firewall
4. commit the configuration, and verify agent connection status
1. create a service account on the Domain Controller with sufficient permissions to execute the User- ID agent
In which three places on the PAN-OS interface can the application characteristics be found? (Choose three.)
Which object would an administrator create to block access to all high-risk applications?
Which Security profile can you apply to protect against malware such as worms and Trojans?
You receive notification about new malware that is being used to attack hosts The malware exploits a software bug in a common application
Which Security Profile detects and blocks access to this threat after you update the firewall's threat signature database?
The NetSec Manager asked to create a new firewall Local Administrator profile with customized privileges named NewAdmin. This new administrator has to authenticate without inserting any username or password to access the WebUI.
What steps should the administrator follow to create the New_Admin Administrator profile?
What can be achieved by disabling the Share Unused Address and Service Objects with Devices setting on Panorama?
Starting with PAN-OS version 9.1, application dependency information is now reported in which two locations? (Choose two.)
Which administrator type utilizes predefined roles for a local administrator account?
Given the network diagram, traffic should be permitted for both Trusted and Guest users to access general Internet and DMZ servers using SSH. web-browsing and SSL applications
Which policy achieves the desired results?
A)
B)
C)
D)
When a security rule is configured as Intrazone, which field cannot be changed?
Based on the screenshot presented which column contains the link that when clicked opens a window to display all applications matched to the policy rule?
An administrator wants to prevent users from submitting corporate credentials in a phishing attack.
Which Security profile should be applied?
Which two options does the firewall use to dynamically populate address group members? (Choose two.)
What are the requirements for using Palo Alto Networks EDL Hosting Sen/ice?
What are three factors that can be used in domain generation algorithms? (Choose three.)
Which profile should be used to obtain a verdict regarding analyzed files?
Within a WildFire Analysis Profile, what match criteria can be defined to forward samples for analysis?
At which point in the app-ID update process can you determine if an existing policy rule is affected by an app-ID update?
An administrator wants to create a No-NAT rule to exempt a flow from the default NAT rule. What is the best way to do this?
If using group mapping with Active Directory Universal Groups, what must you do when configuring the User-ID?
What are three differences between security policies and security profiles? (Choose three.)
Which link in the web interface enables a security administrator to view the security policy rules that match new application signatures?
Which type firewall configuration contains in-progress configuration changes?
A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone. What configuration-changes should the Firewall-admin make?
Which Security policy match condition would an administrator use to block traffic from IP addresses on the Palo Alto Networks EDL of Known Malicious IP Addresses list?
Which two features implement one-to-one translation of a source IP address while allowing the source port to change? (Choose two.)
Which Security policy set should be used to ensure that a policy is applied first?
What is a recommended consideration when deploying content updates to the firewall from Panorama?
An administrator has configured a Security policy where the matching condition includes a single application and the action is deny
If the application s default deny action is reset-both what action does the firewall take*?
When HTTPS for management and GlobalProtect are enabled on the same data plane interface, which TCP port is used for management access?
An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?
Why should a company have a File Blocking profile that is attached to a Security policy?
Which security policy rule would be needed to match traffic that passes between the Outside zone and Inside zone, but does not match traffic that passes within the zones?
Which type of security policy rule will match traffic that flows between the Outside zone and inside zone, but would not match traffic that flows within the zones?
Which two Palo Alto Networks security management tools provide a consolidated creation of policies, centralized management and centralized threat intelligence. (Choose two.)
What is a prerequisite before enabling an administrative account which relies on a local firewall user database?
Given the scenario, which two statements are correct regarding multiple static default routes? (Choose two.)
Which URL Filtering Profile action does not generate a log entry when a user attempts to access a URL?
Which rule type is appropriate for matching traffic occurring within a specified zone?
The PowerBall Lottery has reached a high payout amount and a company has decided to help employee morale by allowing employees to check the number, but doesn’t want to unblock the gambling URL category.
Which two methods will allow the employees to get to the PowerBall Lottery site without the company unlocking the gambling URL category? (Choose two.)
Which two types of profiles are needed to create an authentication sequence? (Choose two.)
Which Security policy action will message a user's browser thai their web session has been terminated?
Which two statements are correct about App-ID content updates? (Choose two.)
An administrator would like to override the default deny action for a given application and instead would like to block the traffic and send the ICMP code "communication with the destination is administratively prohibited"
Which security policy action causes this?
What do you configure if you want to set up a group of objects based on their ports alone?
An administrator creates a new Security policy rule to allow DNS traffic from the LAN to the DMZ zones. The administrator does not change the rule type from its default value.
What type of Security policy rule is created?
Which two features can be used to tag a username so that it is included in a dynamic user group? (Choose two.)
A network has 10 domain controllers, multiple WAN links, and a network infrastructure with bandwidth needed to support mission-critical applications. Given the scenario, which type of User-ID agent is considered a best practice by Palo Alto Networks?
Which three configuration settings are required on a Palo Alto networks firewall management interface?
How can a complete overview of the logs be displayed to an administrator who has permission in the system to view them?
A website is unexpectedly allowed due to miscategorization.
What are two way-s to resolve this issue for a proper response? (Choose two.)
All users from the internal zone must be allowed only HTTP access to a server in the DMZ zone.
Complete the empty field in the Security policy using an application object to permit only this type of access.
Source Zone: Internal -
Destination Zone: DMZ Zone -
Application: __________
Service: application-default -
Action: allow
The CFO found a USB drive in the parking lot and decide to plug it into their corporate laptop. The USB drive had malware on it that loaded onto their computer and then contacted a known command and control (CnC) server, which ordered the infected machine to begin Exfiltrating data from the laptop.
Which security profile feature could have been used to prevent the communication with the CnC server?
Selecting the option to revert firewall changes will replace what settings?