PCNSA Exam Questions and Answers
(2022/2023) (Verified Answers)
1. Recently changes were made to the firewall to optimize the policies
and the security team wants to see if those changes are helping. What is
the quickest way to reset the hit counter to zero in all the security policy
rules?
A. At the CLI enter the command reset rules and press Enter
B. Highlight a rule and use the Reset Rule Hit Counter > Selected Rules
for each rule
C. Reboot the firewall
D. Use the Reset Rule Hit Counter>All Rules option✔✔✔ D. Use the Reset
Rule Hit Counter > All Rules option
2. Which Two App-ID applications will you need to allow in your
Security policy to use facebook-chat?
A. facebook
B. facebook-chat
C. facebook-base
D. facebook-email✔✔✔ B. facebook-chat
C. facebook-base
,3. Which User-ID agent would be appropriate in a network with multiple
WAN links, limited network bandwidth, and limited firewall management
plane resources?
A. Windows-based agents deployed on the internal network
B. PAN-OS integrated agent deployed on the internal network
C. Citrix terminal server deployed on the internal network
D. Windows-based agent deployed on each of the WAN Links✔✔✔
A. Win- dows-based agent deployed on the internal network
4. Your company requires positive username attribution of every IP
address used by the wireless devices to support a new compliance
requirement. You must collect IP to user mapping as soon as possible with
the minimal con- figuration changes to the wireless devices themselves.
the wireless devices are from various manufactures. Given the scenario,
choose the option for sending IP-to user mapping to the NGFW.
A. syslog
B. RADIUS
C. UID redistribution
D. XFF headers✔✔✔ A. syslog
5. An administrator receives a global notification for a new malware
that infects hosts. The infection will result in the infected host
attempting to
, contact a command- and-control (C2) server. Which two security profile
components will detect and prevent this threat after the firewall's signature
database has been updated? (Choose two.)
A. vulnerability protection profile applied to outbound security policies
B. anti-spyware profile applied to outbound security policies
C. antivirus profile applied to outbound security policies
D. URL filtering profile applied to outbound security policies✔✔✔ B. anti-
spyware profile applied to outbound security polices
D. URL filtering profile applied to out bound security
6. Which interface does not require a MAC or IP address?
A. Virtual Wire
B. Layer3
C. Layer2
D. Loopback✔✔✔ A. Virtual Wire
7. Order the steps needed to create a new security zone with a Palo
Alto Networks firewall.✔✔✔ Step 1 Select Network
Step 2Select Zones from the list of available
items Step 3 Select add
Step 4 Specify Zone
Name Step 5 Specify
Zone type
Step 6Assign interface as needed
8. What are two differences between an implicit dependency and an
explicit dependency in App-ID? (Choose two.)
(2022/2023) (Verified Answers)
1. Recently changes were made to the firewall to optimize the policies
and the security team wants to see if those changes are helping. What is
the quickest way to reset the hit counter to zero in all the security policy
rules?
A. At the CLI enter the command reset rules and press Enter
B. Highlight a rule and use the Reset Rule Hit Counter > Selected Rules
for each rule
C. Reboot the firewall
D. Use the Reset Rule Hit Counter>All Rules option✔✔✔ D. Use the Reset
Rule Hit Counter > All Rules option
2. Which Two App-ID applications will you need to allow in your
Security policy to use facebook-chat?
A. facebook
B. facebook-chat
C. facebook-base
D. facebook-email✔✔✔ B. facebook-chat
C. facebook-base
,3. Which User-ID agent would be appropriate in a network with multiple
WAN links, limited network bandwidth, and limited firewall management
plane resources?
A. Windows-based agents deployed on the internal network
B. PAN-OS integrated agent deployed on the internal network
C. Citrix terminal server deployed on the internal network
D. Windows-based agent deployed on each of the WAN Links✔✔✔
A. Win- dows-based agent deployed on the internal network
4. Your company requires positive username attribution of every IP
address used by the wireless devices to support a new compliance
requirement. You must collect IP to user mapping as soon as possible with
the minimal con- figuration changes to the wireless devices themselves.
the wireless devices are from various manufactures. Given the scenario,
choose the option for sending IP-to user mapping to the NGFW.
A. syslog
B. RADIUS
C. UID redistribution
D. XFF headers✔✔✔ A. syslog
5. An administrator receives a global notification for a new malware
that infects hosts. The infection will result in the infected host
attempting to
, contact a command- and-control (C2) server. Which two security profile
components will detect and prevent this threat after the firewall's signature
database has been updated? (Choose two.)
A. vulnerability protection profile applied to outbound security policies
B. anti-spyware profile applied to outbound security policies
C. antivirus profile applied to outbound security policies
D. URL filtering profile applied to outbound security policies✔✔✔ B. anti-
spyware profile applied to outbound security polices
D. URL filtering profile applied to out bound security
6. Which interface does not require a MAC or IP address?
A. Virtual Wire
B. Layer3
C. Layer2
D. Loopback✔✔✔ A. Virtual Wire
7. Order the steps needed to create a new security zone with a Palo
Alto Networks firewall.✔✔✔ Step 1 Select Network
Step 2Select Zones from the list of available
items Step 3 Select add
Step 4 Specify Zone
Name Step 5 Specify
Zone type
Step 6Assign interface as needed
8. What are two differences between an implicit dependency and an
explicit dependency in App-ID? (Choose two.)
