PCNSA EXAM: LATEST A+ QUESTIONS AND ANSWERS
FOR THE WIN!
Application tab
The tab where a user can assign a tag group to a policy rule in the policy creation window.
Management interface access restriction
Restricting HTTP and telnet using App-ID is one of the settings to restrict access.
Aggregate interface
An interface type that is part of a Layer 3 zone with a Palo Alto Networks firewall.
Dynamic Administrator account
One of the types of Administrator accounts that is not Role Based or Local.
Security improvement tracking
The BPA tool shows the rate of security improvement as you adopt new capabilities, fix gaps, and
progress toward a Zero-Trust network.
ICMP code for traffic blocking
The ICMP code 'communication with the destination is administratively prohibited' is sent when blocking
traffic.
Palo Alto Networks recommendations
The Best Practice Assessment evaluates a device's configuration by measuring the adoption of
capabilities and validating whether the policies adhere to best practices.
post-NAT policy
A policy with external source and any destination address that is required for certain NAT
configurations.
pre-NAT policy
A policy with external source and any destination address that is required for specific NAT
configurations.
Drop action
An action that silently drops the traffic.
Reset both action
An action that resets both the client and server connections.
TCP reset
, Silently drops the traffic; for an application, it overrides the default deny action. A TCP reset is not sent
to the host/application.
ICMP unreachable response
To optionally send an ICMP unreachable response to the client, set Action: Drop and enable the Send
ICMP Unreachable check box.
ICMPv4: Type 3, Code 13
ICMP code for communication with the destination is administratively prohibited.
ICMPv6: Type 1, Code 1
ICMP code for communication with the destination is administratively prohibited.
DNS policy actions
Actions that can be chosen in the Anti-Spyware Security Profile to prevent hacking attacks through DNS
queries to malicious domains.
SAML 2.0
One of the types of authentication services that can be used to authenticate user traffic flowing through
the firewall's data plane.
Kerberos
One of the types of authentication services that can be used to authenticate user traffic flowing through
the firewall's data plane.
TACACS
One of the types of authentication services that can be used to authenticate user traffic flowing through
the firewall's data plane.
TACACS+
One of the types of authentication services that can be used to authenticate user traffic flowing through
the firewall's data plane.
Universal security rule
A rule created for source zones A & B and destination zones A & B that applies to all traffic within zones
A & B.
Dynamic routing protocol
Protocols supported by the NGFW Virtual Router for network connectivity.
RIP
One of the dynamic routing protocols supported by the NGFW Virtual Router.
OSPF
FOR THE WIN!
Application tab
The tab where a user can assign a tag group to a policy rule in the policy creation window.
Management interface access restriction
Restricting HTTP and telnet using App-ID is one of the settings to restrict access.
Aggregate interface
An interface type that is part of a Layer 3 zone with a Palo Alto Networks firewall.
Dynamic Administrator account
One of the types of Administrator accounts that is not Role Based or Local.
Security improvement tracking
The BPA tool shows the rate of security improvement as you adopt new capabilities, fix gaps, and
progress toward a Zero-Trust network.
ICMP code for traffic blocking
The ICMP code 'communication with the destination is administratively prohibited' is sent when blocking
traffic.
Palo Alto Networks recommendations
The Best Practice Assessment evaluates a device's configuration by measuring the adoption of
capabilities and validating whether the policies adhere to best practices.
post-NAT policy
A policy with external source and any destination address that is required for certain NAT
configurations.
pre-NAT policy
A policy with external source and any destination address that is required for specific NAT
configurations.
Drop action
An action that silently drops the traffic.
Reset both action
An action that resets both the client and server connections.
TCP reset
, Silently drops the traffic; for an application, it overrides the default deny action. A TCP reset is not sent
to the host/application.
ICMP unreachable response
To optionally send an ICMP unreachable response to the client, set Action: Drop and enable the Send
ICMP Unreachable check box.
ICMPv4: Type 3, Code 13
ICMP code for communication with the destination is administratively prohibited.
ICMPv6: Type 1, Code 1
ICMP code for communication with the destination is administratively prohibited.
DNS policy actions
Actions that can be chosen in the Anti-Spyware Security Profile to prevent hacking attacks through DNS
queries to malicious domains.
SAML 2.0
One of the types of authentication services that can be used to authenticate user traffic flowing through
the firewall's data plane.
Kerberos
One of the types of authentication services that can be used to authenticate user traffic flowing through
the firewall's data plane.
TACACS
One of the types of authentication services that can be used to authenticate user traffic flowing through
the firewall's data plane.
TACACS+
One of the types of authentication services that can be used to authenticate user traffic flowing through
the firewall's data plane.
Universal security rule
A rule created for source zones A & B and destination zones A & B that applies to all traffic within zones
A & B.
Dynamic routing protocol
Protocols supported by the NGFW Virtual Router for network connectivity.
RIP
One of the dynamic routing protocols supported by the NGFW Virtual Router.
OSPF
