PCNSA EXAM: LATEST A+ QUESTIONS AND ANSWERS
FOR THE WIN!
Zone Protection profiles
Configured in Panorama under Templates.
Custom URL category
Combines URL categories 'high-risk' and 'known-risk' to prevent access to risky media content websites.
Cyber-Attack Lifecycle
The stage where the attacker can run malicious code is called Exploitation.
Antivirus updates interval
The recommended interval for antivirus updates for mission critical devices is daily.
IP Wildcard Mask
An address object of type IP Wildcard Mask can only be referenced in a Security policy rule.
IP Wildcard Mask format
Enter an IP wildcard address in the format of an IPv4 address followed by a slash and a mask (e.g.,
10.182.1.1/0.127.248.0).
Authentication methods for role-based access control
SAML and TACACS+ support authentication and authorization.
Service groups
Used to set up a group of objects based on their ports alone.
Security Profile
Can block or allow traffic after it is matched to a Security policy rule that allows traffic.
Application Filter
Available filter columns include Parent App, Category, and Risk.
Domain Generation Algorithms (DGAs)
Algorithms used to auto-generate domains, typically in large numbers, for malicious command-and-
control (C2) communications.
Factors in Domain Generation Algorithms
Three factors that can be used include cryptographic keys, time of day, and other unique values.
DNS Signatures
, Security profiles must be configured to enable DNS Signatures to be checked, specifically the Anti-
Spyware profile.
URL Filtering Security Profile Actions
Actions can be set for Custom URL Categories and PAN-DB URL Categories.
Virtual Wire Interface
An interface type that requires no routing or switching but applies Security or NAT policy rules before
passing allowed traffic.
Exploit Kits Protection
The Vulnerability Protection profile should be configured to protect users against exploit kits that exploit
vulnerabilities.
Palo Alto Networks Built-in IP Address EDLs License
An active Threat Prevention license is required to use the built-in IP address EDLs.
Packet Count Attack Prevention Technique
Zone protection profile is the technique that prevents attacks based on packet count.
Palo Alto Networks Known Malicious IP Addresses
An EDL that contains IP addresses verified as malicious based on WildFire analysis and telemetry data.
DNS Sinkholing Action
An action that can be enabled in Anti-Spyware profiles to forge a response to a DNS query for a known
malicious domain.
DGA-based Malware Examples
Examples include Pushdo, BankPatch, and CryptoLocker.
Traffic Classification in Virtual Wire
You can create virtual wire subinterfaces to classify traffic according to an IP address, IP range, or
subnet.
Built-in EDLs Purpose
Built-in EDLs protect your network against malicious hosts.
DoS Protection
Adds another layer of defense against attacks on individual devices based on Zone Protection profile
thresholds.
Palo Alto Networks C&C IP Addresses
An EDL that contains IP addresses associated with command-and-control servers.
FOR THE WIN!
Zone Protection profiles
Configured in Panorama under Templates.
Custom URL category
Combines URL categories 'high-risk' and 'known-risk' to prevent access to risky media content websites.
Cyber-Attack Lifecycle
The stage where the attacker can run malicious code is called Exploitation.
Antivirus updates interval
The recommended interval for antivirus updates for mission critical devices is daily.
IP Wildcard Mask
An address object of type IP Wildcard Mask can only be referenced in a Security policy rule.
IP Wildcard Mask format
Enter an IP wildcard address in the format of an IPv4 address followed by a slash and a mask (e.g.,
10.182.1.1/0.127.248.0).
Authentication methods for role-based access control
SAML and TACACS+ support authentication and authorization.
Service groups
Used to set up a group of objects based on their ports alone.
Security Profile
Can block or allow traffic after it is matched to a Security policy rule that allows traffic.
Application Filter
Available filter columns include Parent App, Category, and Risk.
Domain Generation Algorithms (DGAs)
Algorithms used to auto-generate domains, typically in large numbers, for malicious command-and-
control (C2) communications.
Factors in Domain Generation Algorithms
Three factors that can be used include cryptographic keys, time of day, and other unique values.
DNS Signatures
, Security profiles must be configured to enable DNS Signatures to be checked, specifically the Anti-
Spyware profile.
URL Filtering Security Profile Actions
Actions can be set for Custom URL Categories and PAN-DB URL Categories.
Virtual Wire Interface
An interface type that requires no routing or switching but applies Security or NAT policy rules before
passing allowed traffic.
Exploit Kits Protection
The Vulnerability Protection profile should be configured to protect users against exploit kits that exploit
vulnerabilities.
Palo Alto Networks Built-in IP Address EDLs License
An active Threat Prevention license is required to use the built-in IP address EDLs.
Packet Count Attack Prevention Technique
Zone protection profile is the technique that prevents attacks based on packet count.
Palo Alto Networks Known Malicious IP Addresses
An EDL that contains IP addresses verified as malicious based on WildFire analysis and telemetry data.
DNS Sinkholing Action
An action that can be enabled in Anti-Spyware profiles to forge a response to a DNS query for a known
malicious domain.
DGA-based Malware Examples
Examples include Pushdo, BankPatch, and CryptoLocker.
Traffic Classification in Virtual Wire
You can create virtual wire subinterfaces to classify traffic according to an IP address, IP range, or
subnet.
Built-in EDLs Purpose
Built-in EDLs protect your network against malicious hosts.
DoS Protection
Adds another layer of defense against attacks on individual devices based on Zone Protection profile
thresholds.
Palo Alto Networks C&C IP Addresses
An EDL that contains IP addresses associated with command-and-control servers.
