Palo Alto Networks Certified Network Security Administrator PCNSA Exam Practice Test

Page: 1 / 14
Total 362 questions
Question 1

Which attribute can a dynamic address group use as a filtering condition to determine its membership?



Answer : A

Dynamic Address Groups: A dynamic address group populates its members dynamically using looks ups for tags and tag-based filters. Dynamic address groups are very useful if you have an extensive virtual infrastructure where changes in virtual machine location/IP address are frequent. For example, you have a sophisticated failover setup or provision new virtual machines frequently and would like to apply policy to traffic from or to the new machine without modifying the configuration/rules on the firewall.

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/objects/objects-address-groups


Question 2

An administrator would like to apply a more restrictive Security profile to traffic for file sharing applications. The administrator does not want to update the Security policy or object when new applications are released.

Which object should the administrator use as a match condition in the Security policy?



Answer : D


Question 3

Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choices to block the sameURL then which choice would be the last to block access to the URL?



Answer : D

The precedence is from the top down; First Match Wins: 1) Block list: Manually entered blocked URLs Objects - 2) Allow list: Manually entered allowed URLs Objects - 3) Custom URL Categories - 4) Cached Cached: URLs learned from External Dynamic Lists (EDLs) - 5) Pre-Defined Categories: PAN-DB or Brightcloud categories.


Question 4

Which objects would be useful for combining several services that are often defined together?



Question 5

Given the topology, which zone type should zone A and zone B to be configured with?



Answer : A


Question 6

Given the topology, which zone type should you configure for firewall interface E1/1?



Answer : A


Question 7

Your company is highly concerned with their Intellectual property being accessed by unauthorized resources. There is a mature process to store and include metadata tags for all confidential documents.

Which Security profile can further ensure that these documents do not exit the corporate network?



Page:    1 / 14   
Total 362 questions