Tag - PCNSA exam

How would a Security policy need to be written to allow outbound traffic using Secure Shell (SSH) to destination ports tcp/22 and tcp/4422?A . The admin creates a custom service object named "tcp-4422" with port tcp/4422. The admin then creates a Security policy allowing application "ssh" and service "tcp-4422". B....

An administrator wants to prevent access to media content websites that are risky. Which two URL categories should be combined in a custom URL category to accomplish this goal? (Choose two.)A . recreation-and-hobbies B. streaming-media C. known-risk D. high-riskView AnswerAnswer: BD Explanation: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/content-inspection-features/url-filtering-multi-category.html https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/content-inspection-features/url-filtering-security-categories.html

Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?A . DNS Malicious signatures B. DNS Security signatures C. DNS Malware signatures D. DNS Block signaturesView AnswerAnswer: B Explanation: https://docs.paloaltonetworks.com/dns-security/administration/configure-dns-security/enable-dns-security#tabs-id066476b2-c4dd-4fc0-b7e4-f4ba32e19f60

You receive notification about a new malware that infects hosts. An infection results in the infected host attempting to contact a command-and-control server. Which Security Profile when applied to outbound Security policy rules detects and prevents this threat from establishing a command-and-control connection?A . Antivirus Profile B. Data Filtering Profile...

The data plane provides which two data processing features of the firewall? (Choose two.)A . signature matching B. reporting C. network processing D. loggingView AnswerAnswer: AC

Which interface type requires no routing or switching but applies Security or NAT policy rules before passing allowed traffic?A . Tap B. Virtual Wire C. Layer 2 D. Layer 3View AnswerAnswer: B Explanation: A virtual wire logically binds two Ethernet interfaces together, allowing for all traffic to pass between the...

Which three types of authentication services can be used to authenticate user traffic flowing through the firewall's data plane? (Choose three.)A . SAML 2.0 B. Kerberos C. TACACS D. TACACS+ E. SAML 1.0View AnswerAnswer: ABD Explanation: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/authentication/authentication-types.html

In order to protect users against exploit kits that exploit a vulnerability and then automatically download malicious payloads, which Security profile should be configured?A . Anti-Spyware B. WildFire C. Vulnerability Protection D. AntivirusView AnswerAnswer: C Explanation: https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/policy/security-profiles

Where in Panorama would Zone Protection profiles be configured?A . Templates B. Device Groups C. Shared D. Panorama tabView AnswerAnswer: A Explanation: Create a Zone Protection profile for the firewalls in the data center template (T_DataCenter). Select the Network tab and, in the Template drop-down, select T_DataCenter. Select Network ProfilesZone...

What are the requirements for using Palo Alto Networks EDL Hosting Sen/ice?A . any supported Palo Alto Networks firewall or Prisma Access firewall B. an additional subscription free of charge C. a firewall device running with a minimum version of PAN-OS 10.1 D. an additional paid subscriptionView AnswerAnswer: A