©THEBRIGHTSTARS 2024
PCNSA 2024 - Module 1 Exam Questions
With Correct Answers
What 4 methods of access exist for accessing Palo's NGFWs? - answer✔✔1. Web interface
2. CLI
3. Panorama
4. XML API
What is Panorama? - answer✔✔Provides Central Management for multiple PAN NGFW's
What is the difference between control plane and data plane? - answer✔✔Control plane is used
to separate mgmt functions, data plane is used for network traffic processing. The separation
helps safeguard access to the firewall and enhances performance.
What is the XML API used for? - answer✔✔Provides an interface based on REST, used for
accessing firewall configs, operational status, reports, and packet captures.
What can the XML API be used for in automation? - answer✔✔1. Create/modify configurations
2. Retreive reports
3. Manage users through User-ID
4. Execute operational commands
5. Update dynamic objects without modifying/commit new configuration
Can management access be provided over a data interface? - answer✔✔Yes
What configurations are included for each data interface? (3 default, 8 total) - answer✔✔HTTPS
(Default)
SSH (Default)
Ping (Default)
Telnet
HTTP
, ©THEBRIGHTSTARS 2024
SNMP
Resnpose Pages
User-ID
What is an Interface Management Profile used for? - answer✔✔Protects firewall from
unauthorized access by defining the protocol, services, and IP addresses that a firewall interface
permits for management.
What happens if an interface management profile is NOT added to an interface? -
answer✔✔Firewall will deny management access for all IPs, protocols and services by default.
What type of interfaces can Interface Management Profiles be assigned to? - answer✔✔L3
Ethernet Interfaces (incl sub-interfaces)
Logical interfaces, suc has aggregate group, VLAN, loopback, and tunnel interfaces.
What is a service route? - answer✔✔Service routes are used so that the communication between
the firewall and servers go through the data ports on the data plane.
By default the firewall uses management interfaces to communicate with various servers, ex for
EDL, DNS, email, PAN updates.
Which key services must be setup during the initial firewall configuration? - answer✔✔DNS and
NTP
What configuration parameters can DHCP dynamically learn? - answer✔✔IP for mgmt,
subnetmask, default gateway, and at least one DNS server address
What is an authentication profile? - answer✔✔Provides authentication settings that can be
applied to administrator accounts, SSL-VPN access, and Captive Portal.
What authentication profile types can be used? - answer✔✔Local Database
Radius
LDAP
TACACS+
SAML
Kerberos
What is an authentication sequence used for? - answer✔✔Admin roles for external administrator
accounts can be assigned to an authentication sequence, which includes a sequence of one or
more authentication profiles that are processed in a specific order.
PCNSA 2024 - Module 1 Exam Questions
With Correct Answers
What 4 methods of access exist for accessing Palo's NGFWs? - answer✔✔1. Web interface
2. CLI
3. Panorama
4. XML API
What is Panorama? - answer✔✔Provides Central Management for multiple PAN NGFW's
What is the difference between control plane and data plane? - answer✔✔Control plane is used
to separate mgmt functions, data plane is used for network traffic processing. The separation
helps safeguard access to the firewall and enhances performance.
What is the XML API used for? - answer✔✔Provides an interface based on REST, used for
accessing firewall configs, operational status, reports, and packet captures.
What can the XML API be used for in automation? - answer✔✔1. Create/modify configurations
2. Retreive reports
3. Manage users through User-ID
4. Execute operational commands
5. Update dynamic objects without modifying/commit new configuration
Can management access be provided over a data interface? - answer✔✔Yes
What configurations are included for each data interface? (3 default, 8 total) - answer✔✔HTTPS
(Default)
SSH (Default)
Ping (Default)
Telnet
HTTP
, ©THEBRIGHTSTARS 2024
SNMP
Resnpose Pages
User-ID
What is an Interface Management Profile used for? - answer✔✔Protects firewall from
unauthorized access by defining the protocol, services, and IP addresses that a firewall interface
permits for management.
What happens if an interface management profile is NOT added to an interface? -
answer✔✔Firewall will deny management access for all IPs, protocols and services by default.
What type of interfaces can Interface Management Profiles be assigned to? - answer✔✔L3
Ethernet Interfaces (incl sub-interfaces)
Logical interfaces, suc has aggregate group, VLAN, loopback, and tunnel interfaces.
What is a service route? - answer✔✔Service routes are used so that the communication between
the firewall and servers go through the data ports on the data plane.
By default the firewall uses management interfaces to communicate with various servers, ex for
EDL, DNS, email, PAN updates.
Which key services must be setup during the initial firewall configuration? - answer✔✔DNS and
NTP
What configuration parameters can DHCP dynamically learn? - answer✔✔IP for mgmt,
subnetmask, default gateway, and at least one DNS server address
What is an authentication profile? - answer✔✔Provides authentication settings that can be
applied to administrator accounts, SSL-VPN access, and Captive Portal.
What authentication profile types can be used? - answer✔✔Local Database
Radius
LDAP
TACACS+
SAML
Kerberos
What is an authentication sequence used for? - answer✔✔Admin roles for external administrator
accounts can be assigned to an authentication sequence, which includes a sequence of one or
more authentication profiles that are processed in a specific order.
