PCNSA Online Practice Questions and Answers

You need to allow users to access the office-suite application of their choice. How should you configure the firewall to allow access to any office-suite application?

A. Create an Application Group and add Office 365, Evernote Google Docs and Libre Office

B. Create an Application Group and add business-systems to it.

C. Create an Application Filter and name it Office Programs, then filter it on the office programs subcategory.

D. Create an Application Filter and name it Office Programs then filter on the business- systems category.

An administrator wants to prevent users from unintentionally accessing malicious domains where data can be exfiltrated through established connections to remote systems. From the Pre-defined Categories tab within the URL Filtering profile, what is the right configuration to prevent such connections?

A. Set the hacking category to continue.

B. Set the phishing category to override.

C. Set the malware category to block.

D. Set the Command and Control category to block.

Which type of policy allows an administrator to both enforce rules and take action?

A. Authentication

B. Security

C. NAT

D. Decryption

With the DNS Security subscription, when will the cloud-based signature database provide users access to newly added DNS signatures?

A. Within five minutes, after downloading updates

B. Instantly, after downloading updates

C. Within five minutes, without downloading updates

D. Instantly, without downloading updates

What is the maximum volume of concurrent administrative account sessions?

A. Unlimited

B. 2

C. 10

D. 1

Which update option is not available to administrators?

A. New Spyware Notifications

B. New URLs

C. New Application Signatures

D. New Malicious Domains

E. New Antivirus Signatures

What can be achieved by selecting a policy target prior to pushing policy rules from Panorama?

A. Doing so limits the templates that receive the policy rules

B. Doing so provides audit information prior to making changes for selected policy rules

C. You can specify the firewalls m a device group to which to push policy rules

D. You can specify the location as pre can - or post-rules to push policy rules

All users from the internal zone must be allowed only HTTP access to a server in the DMZ zone. Complete the empty field in the Security policy using an application object to permit only this type of access. Source Zone: Internal Destination Zone: DMZ Zone Application: __________ Service: application-default Action: allow

A. Application = "any"

B. Application = "web-browsing"

C. Application = "ssl"

D. Application = "http"

Given the network diagram, which two statements are true about traffic between the User and Server networks? (Choose two.)

A. Traffic is permitted through the default Intrazone “allow” rule.

B. Traffic restrictions are not possible because the networks are in the same zone.

C. Traffic is permitted through the default Interzone “allow” rule.

D. Traffic restrictions are possible by modifying Intrazone rules.

How are service routes used in PAN-OS?

A. By the OSPF protocol, as part of Dijkstra's algorithm, to give access to the various services offered in the network

B. To statically route subnets so they are joinable from, and have access to, the Palo Alto Networks external services

C. For routing, because they are the shortest path selected by the BGP routing protocol

D. To route management plane services through data interfaces rather than the management interface