PCNSA Exam 62 Questions with Verified Answers
What are two firewall management methods? - CORRECT ANSWER CLI
XML API
Which two devices are used to
... [Show More] connect a computer to the firewall for management purposes? - CORRECT ANSWER Serial cable
RJ-45 Ethernet cable
What is the default IP address assigned to the MGT interfaces of a Palo Alto Networks firewall? - CORRECT ANSWER 192.168.1.1
What are the two default services that are available on the MGT interface? - CORRECT ANSWER HTTPS
SSH
True or false? Service route traffic has Security policy rules applied against it - CORRECT ANSWER True
Service routes may be used to forward which two traffic types out of a data port? - CORRECT ANSWER External dynamic lists
Palo Alto Networks updates
Which command must be performed on the firewall to activate any changes? - CORRECT ANSWER Commit
Which command backs up configuration files to a remote network device? - CORRECT ANSWER Export
The command load named configuration snapshot overwrites the current candidate configuration with which three items? - CORRECT ANSWER Custom-named candidate configuration snapshot (instead of the default snapshot)
Current running configuration (running-config.xml)
Palo Alto Networks updates
What are two firewall management methods? - CORRECT ANSWER CLI
XML API
True or false? A Palo Alto Networks firewall automatically provides a backup of the configuration during a software upgrade. - CORRECT ANSWER True
If you have a Threat Prevention subscription but not a WildFire subscription, how long must you wait for the WildFire signatures to be added into the antivirus update? - CORRECT ANSWER 24 to 48 hours
Which three actions should you complete before you upgrade to a newer version of software? - CORRECT ANSWER Review the release notes to determine any impact of upgrading to a newer version of software.
Ensure that the firewall is connected to a reliable power source.
Create and externally store a backup before you upgrade.
Which two default zones are included with the PAN-OS software? - CORRECT ANSWER Interzone
Intrazone
Which two zone types are valid options? - CORRECT ANSWER Tap
Virtual wire
Which two statements about interfaces are correct? - CORRECT ANSWER Interfaces do not have to be configured before you can create a zone.
An interface can belong to only one zone.
Which two interface types can belong in a Layer 3 zone? - CORRECT ANSWER Looback
Tunnel
What are used to control traffic through zones? - CORRECT ANSWER Security policy rules
For inbound inspection, which two actions can be done with a Tap interface? - CORRECT ANSWER Decrypt traffic
Log traffic
Which two actions can be done with a Virtual Wire interface? - CORRECT ANSWER NAT
Log traffic
Which two actions can be done with a Layer 3 interface? - CORRECT ANSWER NAT
Route
Layer 3 interfaces support which two items? - CORRECT ANSWER NAT
IPv6
Layer 3 interfaces support which three advanced settings? - CORRECT ANSWER NDP configuration
Link speed configuration
Link duplex configuration
Layer 2 interfaces support which three items? - CORRECT ANSWER Traffic examination
Forwarding of spanning tree BPDUs
Traffic shaping via QoS
Which two interface types support subinterfaces? - CORRECT ANSWER Virtual Wire
Layer2
Which two statements are true regarding Layer 3 interfaces? - CORRECT ANSWER A Layer 3 interface can only have one DHCP assigned address.
You can apply an Interface Management profile to the interface.
Which statement is true regarding aggregate Ethernet interfaces? - CORRECT ANSWER . A Layer 3 aggregate interface group can have more than one IP assigned to it.
What is the default administrative distance of a static route within the PAN-OS software? - CORRECT ANSWER 10
Which two dynamic routing protocols are available in the PAN-OS software? - CORRECT ANSWER RIPv2
OSPFv3
Which value is used to distinguish the preference of routing protocols? - CORRECT ANSWER Administrative distance
Which value is used to distinguish the best route within the same routing protocol? - CORRECT ANSWER Metric
In path monitoring, what is used to monitor remote network devices? - CORRECT ANSWER Ping
Which two statements are true about a Role Based Admin Role Profile role? - CORRECT ANSWER It can be used for CLI commands.
It can be used for XML API
The management console supports which two authentication types? - CORRECT ANSWER RADIUS
TACACS+
Which two Dynamic Admin Role types are available on the PAN-OS software? - CORRECT ANSWER Superuser
Device administrator (read-only
Which type of profile does an authentication sequence include? - CORRECT ANSWER Authentication
An Authentication profile includes which other type of profile? - CORRECT ANSWER Server
True or false? Dynamic Admin Roles are called "dynamic" because you can customize them. - CORRECT ANSWER False
Which profile is used to override global minimum password complexity requirements? - CORRECT ANSWER Password
What does an application filter enable an administrator to do? - CORRECT ANSWER Dynamically categorize multiple applications.
Which two items can be added to an application group? - CORRECT ANSWER Application groups
Application Filters
What are two application characteristics? - CORRECT ANSWER Excessive bandwidth use
Evasive
What will be the result of one or more occurrences of shadowing? - CORRECT ANSWER A warning
Which column in the Applications and Threats screen includes the options Review Apps and Review Policies? - CORRECT ANSWER Action
Which link can you select in the web interface to minimize the risk of installing new App-ID updates? - CORRECT ANSWER Disable new apps in content update.
Which two protocols are implicitly allowed when you select the facebook-base application? - CORRECT ANSWER Web-browsing
SSL
What are the two default (predefined) Security policy rule types in PAN-OS software? (Choose two.) - CORRECT ANSWER Interzone
Intrazone
Which type of Security policy rules most often exist above the two predefined Security policies? - CORRECT ANSWER Universal
What does the TCP Half Closed setting mean? - CORRECT ANSWER Maximum length of time that a session remains in the session table between reception of the first FIN and reception of the second FIN or RST.
What are two application characteristics? - CORRECT ANSWER Excessive bandwidth use
Evasive
Which two HTTP Header Logging options are within a URL Filtering profile? - CORRECT ANSWER User-Agent
X-Forwarded-For
What are two source NAT types? - CORRECT ANSWER Static
Dynamic
Which phrase is a simple way to remember how to configure Security policy rules where NAT was implemented? - CORRECT ANSWER Pre-NAT IP, post-NAT zone
What are two types of destination NAT? - CORRECT ANSWER Dynamic IP (with session distribution)
Static
What are two possible values for DIPP (Dynamic IP and Port NAT) oversubscription? (Choose two.) - CORRECT ANSWER 1x
4x
Which statement is true regarding bidirectional NAT? - CORRECT ANSWER For static translations, bidirectional NAT enables the firewall to create a corresponding translation in the opposite direction of the translation you configure?
The Policy Optimizer does not analyze which statistics? - CORRECT ANSWER Which users matched Security policies.
if you have a Threat Prevention subscription but not a WildFire subscription, how long must you wait for the WildFire signatures to be added into the antivirus update? - CORRECT ANSWER 24 to 48 hours
What are two benefits of Vulnerability Protection Security profiles? - CORRECT ANSWER They prevent exploitation of system flaws.
They prevent unauthorized access to systems.
Which two actions are required to implement DNS Security inspections of traffic? - CORRECT ANSWER Add an Anti-Spyware Security profile with DNS remediations to a Security policy.
Configure an Anti-Spyware Security profile with DNS remediations.
Which two types of attacks does the PAN-DB prevent? - CORRECT ANSWER Phishing site
HTTP-based command and control
Which two valid URLs can be used in a custom URL category? - CORRECT ANSWER www.youtube.com
*.youtube.com [Show Less]