PCNSA EXAM: LATEST A+ QUESTIONS AND ANSWERS
FOR THE WIN!
Which URL Filtering Profile action does not generate a log entry when a user attempts to access a
URL?
A. Override
B. Allow
C. Block
D. Continue
B. Allow
An internal host needs to connect through the firewall using source NAT to servers of the internet.
Which policy is required to enable source NAT on the firewall?
A. NAT policy with internal zone and internet zone specified
B. post-NAT policy with external source and any destination address
C. NAT policy with no internal or internet zone selected
D. pre-NAT policy with external source and any destination address
A. NAT policy with internal zone and internet zone specified
Which Security Profile can provide protection against ICMP floods, based on individual combinations
of a packets source and destination IP addresses?
A. DoS protection
B. URL filtering
C. packet buffering
D. anti-spyware
A. DoS protection
Which path in PAN-OS 9.0 displays the list of port-based security policy rules?
A. Policies> Security> Rule Usage> No App Specified
B. Policies> Security> Rule Usage> Port only specified
C. Policies> Security> Rule Usage> Port-based Rules
D. Policies> Security> Rule Usage> Unused Apps
Answer : C
Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo
Alto Networks Firewall? (Choose two.)
A. Layer-ID
B. User-ID
C. QoS-ID
D. App-ID
B. User-ID
D. App-ID
, Which path is used to save and load a configuration with a Palo Alto Networks firewall?
A. Device>Setup>Services
B. Device>Setup>Management
C. Device>Setup>Operations
D. Device>Setup>Interfaces
C. Device>Setup>Operations
Which action related to App-ID updates will enable a security administrator to view the existing
security policy rule that matches new application signatures?
A. Review Policies
B. Review Apps
C. Pre-analyze
D. Review App Matches
A. Review Policies
How do you reset the hit count on a Security policy rule?
A. Select a Security policy rule, and then select Hit Count > Reset.
B. Reboot the data-plane.
C. First disable and then re-enable the rule.
D. Type the CLI command reset hitcount <POLICY-NAME>.
A. Select a Security policy rule, and then select Hit Count > Reset.
Which interface type is part of a Layer 3 zone with a Palo Alto Networks firewall?
A. Management
B. High Availability
C. Aggregate
D. Aggregation
C. Aggregate
Which security policy rule would be needed to match traffic that passes between the Outside zone
and Inside zone, but does not match traffic that passes within the zones?
A. intrazone
B. interzone
C. universal
D. global
B. interzone
Four configuration choices are listed, and each could be used to block access to a specific URL. If you
configured each choice to block the same URL then which choice would be the last to block access to
the URL?
A. EDL in URL Filtering Profile
B. Custom URL category in URL Filtering Profile
C. Custom URL category in Security policy rule
D. PAN-DB URL category in URL Filtering Profile
FOR THE WIN!
Which URL Filtering Profile action does not generate a log entry when a user attempts to access a
URL?
A. Override
B. Allow
C. Block
D. Continue
B. Allow
An internal host needs to connect through the firewall using source NAT to servers of the internet.
Which policy is required to enable source NAT on the firewall?
A. NAT policy with internal zone and internet zone specified
B. post-NAT policy with external source and any destination address
C. NAT policy with no internal or internet zone selected
D. pre-NAT policy with external source and any destination address
A. NAT policy with internal zone and internet zone specified
Which Security Profile can provide protection against ICMP floods, based on individual combinations
of a packets source and destination IP addresses?
A. DoS protection
B. URL filtering
C. packet buffering
D. anti-spyware
A. DoS protection
Which path in PAN-OS 9.0 displays the list of port-based security policy rules?
A. Policies> Security> Rule Usage> No App Specified
B. Policies> Security> Rule Usage> Port only specified
C. Policies> Security> Rule Usage> Port-based Rules
D. Policies> Security> Rule Usage> Unused Apps
Answer : C
Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo
Alto Networks Firewall? (Choose two.)
A. Layer-ID
B. User-ID
C. QoS-ID
D. App-ID
B. User-ID
D. App-ID
, Which path is used to save and load a configuration with a Palo Alto Networks firewall?
A. Device>Setup>Services
B. Device>Setup>Management
C. Device>Setup>Operations
D. Device>Setup>Interfaces
C. Device>Setup>Operations
Which action related to App-ID updates will enable a security administrator to view the existing
security policy rule that matches new application signatures?
A. Review Policies
B. Review Apps
C. Pre-analyze
D. Review App Matches
A. Review Policies
How do you reset the hit count on a Security policy rule?
A. Select a Security policy rule, and then select Hit Count > Reset.
B. Reboot the data-plane.
C. First disable and then re-enable the rule.
D. Type the CLI command reset hitcount <POLICY-NAME>.
A. Select a Security policy rule, and then select Hit Count > Reset.
Which interface type is part of a Layer 3 zone with a Palo Alto Networks firewall?
A. Management
B. High Availability
C. Aggregate
D. Aggregation
C. Aggregate
Which security policy rule would be needed to match traffic that passes between the Outside zone
and Inside zone, but does not match traffic that passes within the zones?
A. intrazone
B. interzone
C. universal
D. global
B. interzone
Four configuration choices are listed, and each could be used to block access to a specific URL. If you
configured each choice to block the same URL then which choice would be the last to block access to
the URL?
A. EDL in URL Filtering Profile
B. Custom URL category in URL Filtering Profile
C. Custom URL category in Security policy rule
D. PAN-DB URL category in URL Filtering Profile
