PCNSA 2 & PCNSA 2.3 |40 Questions with Verified Answers
Which Palo Alto Networks firewall security platform provides network security for mobile
... [Show More] endpoints by inspecting traffic deployment as internet gateways? - CORRECT ANSWER Global Protect
Which statement is true regarding a Prevention Posture Assessment? - CORRECT ANSWER It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture.
Which fiver Zero Trust concepts does a Palo Alto Networks firewall apply to achieve an integrated approach to prevent threats? - CORRECT ANSWER User identification
Vulnerability protection
Antivirus
Application Identification
Anti-spyware
A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone. What configuration-changes should the Firewall-admin make? - CORRECT ANSWER Create a security-rule that allows traffic from zone USERS to OUTSIDE to allow traffic from any source IP-address to any destination IP-address for application SSH.
What must you configure to enable the firewall to access multiple Authentication Profile's to authenticate a non-local account? - CORRECT ANSWER Authentication Sequence
Which URL Filtering Profile action does not generate a log entry when a user attempts to access a URL? - CORRECT ANSWER Allow
An internal host needs to connect through the firewall using source NAT to servers of the internet. Which policy is required to enable source NAT on the firewall? - CORRECT ANSWER NAT policy with internal zone and internet zone specified.
Which Security Profile can provide protection against ICMP floods, based on individual combinations of a packet's source and destination ip addresses? - CORRECT ANSWER DoS protection
Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks Firewall? - CORRECT ANSWER User-ID
App-ID
Which data flow discretion is protected in a zero-trust firewall deployment that is not protected in a perimeter-only firewall deployment? - CORRECT ANSWER east-west
Which protocol is used to map usernames to user groups when User-ID is configured? - CORRECT ANSWER LDAP
Which definition describes the guiding principle of the zero-trust architecture? - CORRECT ANSWER never trust, always verify
The CFO found a malware infected USB drive in the parking lot, when inserted infected their corporate laptop. The malware contacted a known command- and control server, which caused the infected laptop to begin exfiltrating corporate data.
Which security profile feature could have been used to prevent the communication with the command-and-control server? - CORRECT ANSWER Create a Data Filtering Profiles and enable its DNS Sinkhole Feature.
For the firewall to use Active Directory to authenticate users, which Server Profile is required in the Authentication Profile? - CORRECT ANSWER LDAP
Your company occupies one floor in a single building. You have two Active Directory domain controllers on a single network. The firewall's management plane is only slightly utilized.
Which User-ID agent is sufficient in your networks? - CORRECT ANSWER Windows-based agent deployed on each domain controller.
Which type of administrative role must you assign to as firewall administrator account, if the account must include a custom set of firewall permissions? - CORRECT ANSWER Role-Based
Which statement is true regarding a Heatmap report? - CORRECT ANSWER It provides a percentage of adoption for each assessment area.
Access to which feature requires the PAN-OS Filtering license? - CORRECT ANSWER PAN-DB database
Which action results in the firewall blocking network traffic without notifying the sender? - CORRECT ANSWER Deny
Which type of security policy rule will match traffic that flows between the Outside zone and inside zone, but would not match traffic that flows within the zones? - CORRECT ANSWER intrazone
Every 5 minutes -CORRECT ANSWER Published updates from Wildfire (licensed).
Every 24 - 48 hours -CORRECT ANSWER Published updates from Wildfire (NO licensed).
Daily -CORRECT ANSWER Published updates for Brightcloud.
Every 5 - 10 minutes -CORRECT ANSWER Published updates for PAN-DB
Daily -CORRECT ANSWER Published updates for AV signatures
Monthly -CORRECT ANSWER Published updates for new apps.
Weekly -CORRECT ANSWER Published updates for Modified Apps
Weekly -CORRECT ANSWER Published updates for new or modified threats.
GlobalProtect Data File -CORRECT ANSWER Contains vendor-specific information for defining and evaluating host information profile (HIP) data returned by GlobalProtect clients.
Palo Alto Networks (PAN-DB) URL filtering -CORRECT ANSWER Complements App-ID by enabling you to configure the firewall to identify and control access to web (HTTP and HTTPS) traffic and to protect your network from attack.
PAN-DB public cloud and the PAN-DB private cloud. -CORRECT ANSWER Two PAN-DB URL filtering solution
PAN-DB public cloud -CORRECT ANSWER Use this solution if the Palo Alto Networks Next-Generation Firewalls on your network can directly access the internet.
PAN-DB private cloud -CORRECT ANSWER If the network security requirements in your enterprise prohibit the firewalls from directly accessing the internet, you can deploy this solution.
MGT interface -CORRECT ANSWER By default the software downloads are done over this interface.
Data Interface -CORRECT ANSWER This interface can be used to download the software using a service route.
A. 1 minute -CORRECT ANSWER What is the shortest time interval that you can configure a Palo Alto Networks firewall to download WildFire updates?
A. 1 minute
B. 5 minutes
C. 15 minutes
D. 60 minutes
B. 5 minutes -CORRECT ANSWER What is the publishing interval for WildFire updates, with a valid WildFire license?
A. 1 minute
B. 5 minutes
C. 15 minutes
D. 60 minutes
A. true -CORRECT ANSWER True or false. A Palo Alto Networks firewall automatically provides a backup of the configuration during a software upgrade.
A. true
B. false
D. 24 to 48 hours -CORRECT ANSWER If you have a Threat Prevention subscription but not a WildFire subscription, how long must you wait for the WildFire signatures to be added into the antivirus update?
A. 1 to 2 hours
B. 2 to 4 hours
C. 10 to 12 hours
D. 24 to 48 hours
A. Review the release notes to determine any impact of upgrading to a newer version of software.
B. Ensure the firewall is connected to a reliable power source.
D. Create and externally store a backup before you upgrade. -CORRECT ANSWER Which three actions should you complete before you upgrade to a newer version of software? (Choose three.)
A. Review the release notes to determine any impact of upgrading to a newer version of software.
B. Ensure the firewall is connected to a reliable power source.
C. Export the device state.
D. Create and externally store a backup before you upgrade.
E. Put the firewall in maintenance mode. [Show Less]