PCNSA QUESTIONS AND ANSWER 100% PASSED
Threat Intelligence Cloud - ✔✔Identifies and inspects all traffic to block known threats.
Next Generation Firewall - ✔✔Gathers, analyzes, correlates, and disseminates threats to and from
network endpoints
Advanced Endpoint Detection - ✔✔Inspects processes and files to prevent known and unknown
exploits
Which firewall plane provides configuration, logging, and reporting functions on a separate processor?
A. control
B. network processing
C. data
D. security processing - ✔✔A. Control
A security administrator has configured App-ID updates to be automatically downloaded and installed.
The company is currently using an application identified by App-ID as SuperApp_base. On a content
update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and
SuperApp_download, which will be deployed in 30 days. Based on the information, how is the SuperApp
traffic affected after the 30 days have passed?
A. All traffic matching the SuperApp_chat, and SuperApp_download is denied because it no longer
matches the SuperApp-base application
B. No impact because the apps were automatically downloaded and installed
,C. No impact because the firewall automatically adds the rules to the App-ID interface
D. All traffic matching the SuperApp_base, SuperApp_chat, and SuperApp_download is denied until the
security administrator approves the applications - ✔✔C. No impact because the firewall automatically
adds the rules to the App-ID interface
How many zones can an interface be assigned with a Palo Alto Networks firewall?
A. two
B. three
C. four
D. one - ✔✔D. One
Which two configuration settings shown are not the default? (Choose two.)
A. Enable Security Log
B. Server Log Monitor Frequency (sec)
C. Enable Session
D. Enable Probing - ✔✔B,C
Which data-plane processor layer of the graphic shown provides uniform matching for spyware and
vulnerability exploits on a Palo Alto Networks Firewall?
A. Signature Matching
B. Network Processing
C. Security Processing
, D. Security Matching - ✔✔A
Which option shows the attributes that are selectable when setting up application filters?
A. Category, Subcategory, Technology, and Characteristic
B. Category, Subcategory, Technology, Risk, and Characteristic
C. Name, Category, Technology, Risk, and Characteristic
D. Category, Subcategory, Risk, Standard Ports, and Technology - ✔✔B
Actions can be set for which two items in a URL filtering security profile? (Choose two.)
A. Block List
B. Custom URL Categories
C. PAN-DB URL Categories
D. Allow List - ✔✔AD
Reconnaissance - ✔✔Stage where the attacker has motivation for attacking a network
Installation - ✔✔Stage where the attacker scans for network vulnerabilities
Command and Control - ✔✔stage where the attacker will explore methods such as a root kit
Act on the objective - ✔✔Stage where the attacker has access to a specific server so they can
communicate and pass data to and from devices.
Which two statements are correct about App-ID content updates? (Choose two.)
Threat Intelligence Cloud - ✔✔Identifies and inspects all traffic to block known threats.
Next Generation Firewall - ✔✔Gathers, analyzes, correlates, and disseminates threats to and from
network endpoints
Advanced Endpoint Detection - ✔✔Inspects processes and files to prevent known and unknown
exploits
Which firewall plane provides configuration, logging, and reporting functions on a separate processor?
A. control
B. network processing
C. data
D. security processing - ✔✔A. Control
A security administrator has configured App-ID updates to be automatically downloaded and installed.
The company is currently using an application identified by App-ID as SuperApp_base. On a content
update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and
SuperApp_download, which will be deployed in 30 days. Based on the information, how is the SuperApp
traffic affected after the 30 days have passed?
A. All traffic matching the SuperApp_chat, and SuperApp_download is denied because it no longer
matches the SuperApp-base application
B. No impact because the apps were automatically downloaded and installed
,C. No impact because the firewall automatically adds the rules to the App-ID interface
D. All traffic matching the SuperApp_base, SuperApp_chat, and SuperApp_download is denied until the
security administrator approves the applications - ✔✔C. No impact because the firewall automatically
adds the rules to the App-ID interface
How many zones can an interface be assigned with a Palo Alto Networks firewall?
A. two
B. three
C. four
D. one - ✔✔D. One
Which two configuration settings shown are not the default? (Choose two.)
A. Enable Security Log
B. Server Log Monitor Frequency (sec)
C. Enable Session
D. Enable Probing - ✔✔B,C
Which data-plane processor layer of the graphic shown provides uniform matching for spyware and
vulnerability exploits on a Palo Alto Networks Firewall?
A. Signature Matching
B. Network Processing
C. Security Processing
, D. Security Matching - ✔✔A
Which option shows the attributes that are selectable when setting up application filters?
A. Category, Subcategory, Technology, and Characteristic
B. Category, Subcategory, Technology, Risk, and Characteristic
C. Name, Category, Technology, Risk, and Characteristic
D. Category, Subcategory, Risk, Standard Ports, and Technology - ✔✔B
Actions can be set for which two items in a URL filtering security profile? (Choose two.)
A. Block List
B. Custom URL Categories
C. PAN-DB URL Categories
D. Allow List - ✔✔AD
Reconnaissance - ✔✔Stage where the attacker has motivation for attacking a network
Installation - ✔✔Stage where the attacker scans for network vulnerabilities
Command and Control - ✔✔stage where the attacker will explore methods such as a root kit
Act on the objective - ✔✔Stage where the attacker has access to a specific server so they can
communicate and pass data to and from devices.
Which two statements are correct about App-ID content updates? (Choose two.)
