PCNSA EXAM QUESTIONS AND ANSWERS LATEST
UPDATE (ALREADY GRADED A+)
External zone type traffic objects
Used to pass traffic between Layer 3 interfaces.
Policy Optimizer rule utilization
It displays rule utilization.
Policy Optimizer details
It details associated zones.
Security policy view filtering
You can't filter or sort rules in PoliciesSecurity.
Dynamic address group match criteria
Can include MAC addresses, IP addresses, Usernames, and Tags.
Anti-Spyware profiles
Blocks spyware on compromised hosts from trying to phone-home or beacon out to external command-
and-control (C2) servers, allowing you to detect malicious traffic leaving the network from infected
clients.
URL filtering
Prevents users from submitting valid corporate credentials online.
Reset Rule Hit Counter
The quickest way to reset all policy rule hit counters to zero is to use the Reset Rule Hit Counter > All
Rules option.
Anti-Spyware Security profile default action
The default action is Reset-both.
Domain generation algorithms
Factors that can be used to create malware include Time of day, Other unique values, and Cryptographic
keys.
DoS Protection profiles
Set thresholds that protect against new session IP flood attacks and provide resource protection,
measuring connections-per-second (CPS) to devices.
Flood Protection thresholds
, Configuring Flood Protection thresholds in a DoS Protection profile is similar to configuring Flood
Protection in a Zone Protection profile.
Palo Alto Networks best practices for DNS Security Service
Implement a threat intel program, Configure a URL Filtering profile, and Train your staff to be security
aware.
Blocking traffic from IP addresses
An administrator would use the source address match condition to block traffic from IP addresses on the
Palo Alto Networks EDL of Known Malicious IP Addresses list.
Creating a Panorama administrator type of Device Group and Template Admin
You must first create a password profile and an access domain.
Type of security rule matching traffic
A universal security rule will match traffic between the Inside zone and Outside zone, within the Inside
zone, and within the Outside zone.
Creating a custom URL category
The correct process is Objects > Security Profiles > URL Filtering > Add.
Export Named Configuration Snapshot
This option exports the current running configuration, a candidate configuration snapshot, or a
previously imported configuration (candidate or running). The firewall exports the configuration as an
XML file with the specified name. You can save the snapshot in any network location.
Path for Content Update Scheduling in PAN-OS 10.2
Panorama > Device Deployment > Dynamic Updates > Schedules > Add
Facebook-chat App-ID Applications
facebook-base and facebook-chat need to be allowed in the same rule.
Security Profile for Illegal Code Execution Protection
Vulnerability Protection profile on allowed traffic
Test Policy Match Function
Confirm that policy rules in the configuration are allowing/denying the correct traffic.
Antivirus Security Profile
Protects against viruses, worms, and trojans as well as spyware downloads.
Policy Type for Enforcing Rules and Taking Action
Authentication
UPDATE (ALREADY GRADED A+)
External zone type traffic objects
Used to pass traffic between Layer 3 interfaces.
Policy Optimizer rule utilization
It displays rule utilization.
Policy Optimizer details
It details associated zones.
Security policy view filtering
You can't filter or sort rules in PoliciesSecurity.
Dynamic address group match criteria
Can include MAC addresses, IP addresses, Usernames, and Tags.
Anti-Spyware profiles
Blocks spyware on compromised hosts from trying to phone-home or beacon out to external command-
and-control (C2) servers, allowing you to detect malicious traffic leaving the network from infected
clients.
URL filtering
Prevents users from submitting valid corporate credentials online.
Reset Rule Hit Counter
The quickest way to reset all policy rule hit counters to zero is to use the Reset Rule Hit Counter > All
Rules option.
Anti-Spyware Security profile default action
The default action is Reset-both.
Domain generation algorithms
Factors that can be used to create malware include Time of day, Other unique values, and Cryptographic
keys.
DoS Protection profiles
Set thresholds that protect against new session IP flood attacks and provide resource protection,
measuring connections-per-second (CPS) to devices.
Flood Protection thresholds
, Configuring Flood Protection thresholds in a DoS Protection profile is similar to configuring Flood
Protection in a Zone Protection profile.
Palo Alto Networks best practices for DNS Security Service
Implement a threat intel program, Configure a URL Filtering profile, and Train your staff to be security
aware.
Blocking traffic from IP addresses
An administrator would use the source address match condition to block traffic from IP addresses on the
Palo Alto Networks EDL of Known Malicious IP Addresses list.
Creating a Panorama administrator type of Device Group and Template Admin
You must first create a password profile and an access domain.
Type of security rule matching traffic
A universal security rule will match traffic between the Inside zone and Outside zone, within the Inside
zone, and within the Outside zone.
Creating a custom URL category
The correct process is Objects > Security Profiles > URL Filtering > Add.
Export Named Configuration Snapshot
This option exports the current running configuration, a candidate configuration snapshot, or a
previously imported configuration (candidate or running). The firewall exports the configuration as an
XML file with the specified name. You can save the snapshot in any network location.
Path for Content Update Scheduling in PAN-OS 10.2
Panorama > Device Deployment > Dynamic Updates > Schedules > Add
Facebook-chat App-ID Applications
facebook-base and facebook-chat need to be allowed in the same rule.
Security Profile for Illegal Code Execution Protection
Vulnerability Protection profile on allowed traffic
Test Policy Match Function
Confirm that policy rules in the configuration are allowing/denying the correct traffic.
Antivirus Security Profile
Protects against viruses, worms, and trojans as well as spyware downloads.
Policy Type for Enforcing Rules and Taking Action
Authentication
