PCNSA EXAM QUESTIONS AND ANSWERS LATEST
UPDATE (ALREADY GRADED A+)
What allows a security administrator to preview the Security policy rules that match new application
signatures?
A) Dynamic Updates--Review App
B) Review Release Notes
C) Policy Optimizer--New App Viewer
D) Dynamic Updates--Review Policies
Dynamic Updates--Review Policies
Which file is used to save the running configuration on a Palo Alto Networks firewall?
A) run-config.xml
B) running-configuration.xml
C) running-config.xml
D) run-configuration.xml
running-config.xml
Which license must an administrator acquire prior to downloading Antivirus updates for use with the
firewall?
A) Antivirus
B) Threat Prevention
C) URL Filtering
D) WildFire
Threat Prevention
In a Security policy, what is the quickest way to reset all policy rule hit counters to zero?
A) Reboot the firewall
B) Highlight each rule and use the Reset Rule Hit Counter > Selected Rules
C) Use the Reset Rule Hit Counter > All Rules option
D) Use the CLI enter the command reset rules all
Use the Reset Rule Hit Counter > All Rules option
Which type of Security policy rule would match traffic that flows between different zones, but would
not match traffic that flows within the same zones?
A) intrazone
B) interzone
, C) universal
D) global
interzone
What is the advantage of using application tags?
A) Identify applications with unknown vulnerabilities
B) Dynamically enforce new and updated App-IDs
C) Use to determine application tunneling
D) Identify applications capable of exploitation
Dynamically enforce new and updated App-IDs
What process would an administrator use to customize the entries in a built-in IP address EDL?
A) Administrators cannot modify the content of the built-in lists
B) Objects -> Address Groups -> Add
C) Objects -> External Dynamic Lists -> Edit
D) Device -> Dynamic Updates -> Upload
Administrators cannot modify the content of the built-in lists
Which data-plane feature identifies and defends against malware and exploits?
A) Security Matching
B) Network Processing
C) Security Processing
D) Signature Matching
Signature Matching
Given the following information with regards to traffic flow and session initiation requirements, which
NAT type needs to be configured?
Session initiated from DMZ to Internet:
Original Packet: Src IP 10.10.10.10 and Dst IP 204.204.204.204
Translated Packet: Src IP 20.20.20.20 and Dst IP 204.204.204.204
Session initiated from Internet to DMZ:
Original Packet: Src IP 204.204.204.204 and Dst IP 20.20.20.20
Translated Packet: Src IP 204.204.204.204 and Dst IP 10.10.10.10
A) Bi-Directional NAT
B) U-Turn NAT
C) Source NAT
D) Source DIPP NAT
UPDATE (ALREADY GRADED A+)
What allows a security administrator to preview the Security policy rules that match new application
signatures?
A) Dynamic Updates--Review App
B) Review Release Notes
C) Policy Optimizer--New App Viewer
D) Dynamic Updates--Review Policies
Dynamic Updates--Review Policies
Which file is used to save the running configuration on a Palo Alto Networks firewall?
A) run-config.xml
B) running-configuration.xml
C) running-config.xml
D) run-configuration.xml
running-config.xml
Which license must an administrator acquire prior to downloading Antivirus updates for use with the
firewall?
A) Antivirus
B) Threat Prevention
C) URL Filtering
D) WildFire
Threat Prevention
In a Security policy, what is the quickest way to reset all policy rule hit counters to zero?
A) Reboot the firewall
B) Highlight each rule and use the Reset Rule Hit Counter > Selected Rules
C) Use the Reset Rule Hit Counter > All Rules option
D) Use the CLI enter the command reset rules all
Use the Reset Rule Hit Counter > All Rules option
Which type of Security policy rule would match traffic that flows between different zones, but would
not match traffic that flows within the same zones?
A) intrazone
B) interzone
, C) universal
D) global
interzone
What is the advantage of using application tags?
A) Identify applications with unknown vulnerabilities
B) Dynamically enforce new and updated App-IDs
C) Use to determine application tunneling
D) Identify applications capable of exploitation
Dynamically enforce new and updated App-IDs
What process would an administrator use to customize the entries in a built-in IP address EDL?
A) Administrators cannot modify the content of the built-in lists
B) Objects -> Address Groups -> Add
C) Objects -> External Dynamic Lists -> Edit
D) Device -> Dynamic Updates -> Upload
Administrators cannot modify the content of the built-in lists
Which data-plane feature identifies and defends against malware and exploits?
A) Security Matching
B) Network Processing
C) Security Processing
D) Signature Matching
Signature Matching
Given the following information with regards to traffic flow and session initiation requirements, which
NAT type needs to be configured?
Session initiated from DMZ to Internet:
Original Packet: Src IP 10.10.10.10 and Dst IP 204.204.204.204
Translated Packet: Src IP 20.20.20.20 and Dst IP 204.204.204.204
Session initiated from Internet to DMZ:
Original Packet: Src IP 204.204.204.204 and Dst IP 20.20.20.20
Translated Packet: Src IP 204.204.204.204 and Dst IP 10.10.10.10
A) Bi-Directional NAT
B) U-Turn NAT
C) Source NAT
D) Source DIPP NAT
