PCNSA EXAM: LATEST A+ QUESTIONS AND ANSWERS
FOR THE WIN!
Real-time signature lookups for malware domains
Content-ID combines a real-time threat prevention engine with a comprehensive URL database.
Types of entries excluded from an external dynamic list
IP addresses, Domains, URLs
Default deny action for dns-over-https
View the application details in Objects > Applications
Firewall action on virus detection with Antivirus Security profile
It uses the default action assigned to the virus signature.
Security policy rule for traffic between Outside and Inside zones
interzone
Required policy for source NAT on firewall
NAT policy with source zone and destination zone specified
URL Filtering log entry for gambling websites
Security policy = allow, Gambling category in URL profile = alert
Best practice for committing configuration changes
Validate configuration changes prior to committing.
Configuration Changes Validation
Validate configuration changes prior to committing to fix any errors that will cause a commit failure.
Policy Optimizer Feature
The feature shown in the screenshot is 'Rules without App Controls'.
Reset Hit Count on Security Policy Rule
Select a security policy rule, right click Hit Count > Reset.
Application Dependency Reporting
Starting with PAN-OS version 9.1, application dependency information is reported on the App
Dependency tab in the Commit Status window and on the Policy Optimizer's Rule Usage page.
Source NAT Policy Entry
, The entry in the Translated Packet tab that displays options Dynamic IP and Port, Dynamic, Static IP, and
None is 'Translation Type'.
Requirements for EDL Hosting Service
Any supported Palo Alto Networks firewall or Prisma Access firewall is required.
Interface Type for Monitoring Traffic
The Tap interface type is used to monitor traffic and cannot be used to perform traffic shaping.
NAT Rules Processing
NAT rules are processed in order from top to bottom.
Minimum Timeframe for WildFire Signatures
The minimum timeframe that can be set on the firewall to check for new WildFire signatures is every 1
minute.
Security Profile for Compromised Hosts
The Anti-Spyware profile can be used to detect and block compromised hosts from trying to
communicate with external command-and-control (C2) servers.
Custom URL Category Object Type
A valid type for creating a custom URL category object is 'category match'.
Traffic Log Issue with Office365
Traffic matches the interzone-default rule, which does not log traffic by default.
Valid Selections in Anti-Spyware Profile
Two valid selections within an Anti-Spyware profile are 'Drop' and 'Deny'.
Zero Trust Firewall
A security model that requires strict identity verification for every person and device trying to access
resources on a private network.
Outbound Data Flow
Data leaving a network or system.
North South Traffic
Traffic that flows between the data center and the outside world.
Inbound Data Flow
Data entering a network or system.
East West Traffic
FOR THE WIN!
Real-time signature lookups for malware domains
Content-ID combines a real-time threat prevention engine with a comprehensive URL database.
Types of entries excluded from an external dynamic list
IP addresses, Domains, URLs
Default deny action for dns-over-https
View the application details in Objects > Applications
Firewall action on virus detection with Antivirus Security profile
It uses the default action assigned to the virus signature.
Security policy rule for traffic between Outside and Inside zones
interzone
Required policy for source NAT on firewall
NAT policy with source zone and destination zone specified
URL Filtering log entry for gambling websites
Security policy = allow, Gambling category in URL profile = alert
Best practice for committing configuration changes
Validate configuration changes prior to committing.
Configuration Changes Validation
Validate configuration changes prior to committing to fix any errors that will cause a commit failure.
Policy Optimizer Feature
The feature shown in the screenshot is 'Rules without App Controls'.
Reset Hit Count on Security Policy Rule
Select a security policy rule, right click Hit Count > Reset.
Application Dependency Reporting
Starting with PAN-OS version 9.1, application dependency information is reported on the App
Dependency tab in the Commit Status window and on the Policy Optimizer's Rule Usage page.
Source NAT Policy Entry
, The entry in the Translated Packet tab that displays options Dynamic IP and Port, Dynamic, Static IP, and
None is 'Translation Type'.
Requirements for EDL Hosting Service
Any supported Palo Alto Networks firewall or Prisma Access firewall is required.
Interface Type for Monitoring Traffic
The Tap interface type is used to monitor traffic and cannot be used to perform traffic shaping.
NAT Rules Processing
NAT rules are processed in order from top to bottom.
Minimum Timeframe for WildFire Signatures
The minimum timeframe that can be set on the firewall to check for new WildFire signatures is every 1
minute.
Security Profile for Compromised Hosts
The Anti-Spyware profile can be used to detect and block compromised hosts from trying to
communicate with external command-and-control (C2) servers.
Custom URL Category Object Type
A valid type for creating a custom URL category object is 'category match'.
Traffic Log Issue with Office365
Traffic matches the interzone-default rule, which does not log traffic by default.
Valid Selections in Anti-Spyware Profile
Two valid selections within an Anti-Spyware profile are 'Drop' and 'Deny'.
Zero Trust Firewall
A security model that requires strict identity verification for every person and device trying to access
resources on a private network.
Outbound Data Flow
Data leaving a network or system.
North South Traffic
Traffic that flows between the data center and the outside world.
Inbound Data Flow
Data entering a network or system.
East West Traffic
