PCNSA Online Practice Questions and Answers
An administrator is creating a NAT policy.
Which combination of address and zone are used as match conditions? (Choose two.)
A. Pre-NAT address
B. Pre-NAT zone
C. Post-NAT address
D. Post-NAT zone
How many levels can there be in a device-group hierarchy, below the shared level?
A. 2
B. 3
C. 4
D. 5
An administrator creates a new Security policy rule to allow DNS traffic from the LAN to the DMZ zones. The administrator does not change the rule type from its default value. What type of Security policy rule is created?
A. Intrazone
B. Interzone
C. Universal
D. Tagged
Based on the screenshot what is the purpose of the included groups?
A. They are only groups visible based on the firewall's credentials.
B. They are used to map usernames to group names.
C. They contain only the users you allow to manage the firewall.
D. They are groups that are imported from RADIUS authentication servers.
Which type of administrative role must you assign to a firewall administrator account, if the account must include a custom set of firewall permissions?
A. SAML
B. Multi-Factor Authentication
C. Role-based
D. Dynamic
Which Security profile would you apply to identify infected hosts on the protected network using DNS traffic?
A. URL traffic
B. vulnerability protection
C. anti-spyware
D. antivirus
Which statement is true regarding NAT rules?
A. Static NAT rules have precedence over other forms of NAT.
B. Translation of the IP address and port occurs before security processing.
C. NAT rules are processed in order from top to bottom.
D. Firewall supports NAT on Layer 3 interfaces only.
A website is unexpectedly allowed due to miscategorization.
What are two ways to resolve this issue for a proper response? (Choose two.)
A. Identify the URL category being assigned to the website. Edit the active URL Filtering profile and update that category's site access settings to block.
B. Create a URL category and assign the affected URL. Update the active URL Filtering profile site access setting for the custom URL category to block.
C. Review the categorization of the website on https://urlfiltering.paloaltonetworks.com. Submit for "request change*, identifying the appropriate categorization, and wait for confirmation before testing again.
D. Create a URL category and assign the affected URL. Add a Security policy with a URL category qualifier of the custom URL category below the original policy. Set the policy action to Deny.
Given the detailed log information above, what was the result of the firewall traffic inspection?
A. It denied the category DNS phishing.
B. It denied the traffic because of unauthorized attempts.
C. It was blocked by the Anti-Virus Security profile action.
D. It was blocked by the Anti-Spyware Profile action.
Within an Anti-Spyware security profile, which tab is used to enable machine learning based engines?
A. Signature Policies
B. Signature Exceptions
C. Machine Learning Policies
D. Inline Cloud Analysis