Palo Alto Networks PCNSA Exam Practice Test Instant Access

Question 1

What must first be created on the firewall for SAML authentication to be configured?

AServer Policy

BServer Profile

CServer Location

DServer Group

Answer : B

A server profile identifies the external authentication service and instructs the firewall on how to connect to that authentication service and access the authentication credentials for your users. To configure SAML authentication, you must create a server profile and register the firewall and the identity provider (IdP) with each other. You can import a SAML metadata file from the IdP to automatically create a server profile and populate the connection, registration, and IdP certificate information.Reference:Configure SAML Authentication,Set Up SAML Authentication,Introduction to SAML

Question 2

What is a default setting for NAT Translated Packets when the destination NAT translation is selected as Dynamic IP (with session distribution)?

AIP Hash

BSource IP Hash

CRound Robin

DLeast Sessions

Answer : C

When the destination NAT translation is selected as Dynamic IP (with session distribution), the firewall uses a round-robin algorithm to distribute sessions among the available IP addresses that are resolved from the FQDN.This option allows you to load-balance traffic to multiple servers that have dynamic IP addresses1.Reference:Destination NAT,NAT,Getting Started: Network Address Translation (NAT).

Question 3

What is used to monitor Security policy applications and usage?

APolicy Optimizer

BApp-ID

CSecurity profile

DPolicy-based forwarding

Answer : A

Question 4

A systems administrator momentarily loses track of which is the test environment firewall and which is the production firewall. The administrator makes changes to the candidate configuration of the production firewall, but does not commit the changes. In addition, the configuration was not saved prior to

making the changes.

Which action will allow the administrator to undo the changes?

ALoad configuration version, and choose the first item on the list.

BLoad named configuration snapshot, and choose the first item on the list.

CRevert to last saved configuration.

DRevert to running configuration.

Answer : D

Reverting to the running configuration will undo the changes made to the candidate configuration since the last commit. This operation will replace the settings in the current candidate configuration with the settings from the running configuration.The firewall provides the option to revert all the changes or only specific changes by administrator or location1.Reference:Revert Firewall Configuration Changes,How to Revert to a Previous Configuration,How to revert uncommitted changes on the firewall?.

Question 5

Which two addresses should be reserved to enable DNS sinkholing? (Choose two.)

AIPv6

BEmail

CIPv4

DMAC

Answer : A, C

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGECA0

Question 6

Which path in PAN-OS 10.2 is used to schedule a content update to managed devices using Panorama?

APanorama > Device Deployment > Dynamic Updates > Schedules > Add

BPanorama > Device Deployment > Content Updates > Schedules > Add

CPanorama > Dynamic Updates > Device Deployment > Schedules > Add

DPanorama > Content Updates > Device Deployment > Schedules > Add

Answer : A

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-upgrade/upgrade-panorama/deploy-updates-to-firewalls-log-collectors-and-wildfire-appliances-using-panorama/schedule-a-content-update-using-panorama

Question 7

Which two actions are needed for an administrator to get real-time WildFire signatures? (Choose two.)

AObtain a Threat Prevention subscription.

BEnable Dynamic Updates.

CMove within the WildFire public cloud region.

DObtain a WildFire subscription.

Answer : B, D

https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-whats-new/wildfire-features-in-panos-100/wildfire-real-time-signature-updates

Palo Alto Networks Certified Network Security Administrator Exam Practice Test