©THEBRIGHTSTARS 2024
PCNSA Personal Exam Questions With
Correct Answers
What is an "application shift?"
1. an application change during the lifetime of a session
2. a session change during the lifetime of an application
3. a packet change during the lifetime of a session
4. application dependency - answer✔✔an application change during the lifetime of a session
What is the default metric value of static routes?
+1
1
2
10
20 - answer✔✔10
How often are new antivirus signatures published?
hourly
weekly
daily
monthly - answer✔✔Daily
Which interface type can be used to switch traffic between multiple interfaces inside the same
VLAN?
, ©THEBRIGHTSTARS 2024
Tap interfaces
Layer 2 interfaces
Layer 3 interfaces
other subnets - answer✔✔Layer 2
Which type of firewall configuration contains in-progress configuration changes?
running
candidate
named
saved - answer✔✔candidate
Given the topology shown in the graphic, which interface type should you configure for zone A
and zone B?
Layer3
Layer2
Virtual Wire
Ethernet - answer✔✔Layer 3
What does the Save Named Configuration Snapshot option do?
creates a tentative configuration snapshot that does not overwrite the default snapshot
(.snapshot.xml)
creates a candidate configuration snapshot that does not overwrite the default snapshot
(.snapshot.xml)
deletes a candidate configuration snapshot that does not overwrite the default snapshot
(.snapshot.xml)
, ©THEBRIGHTSTARS 2024
creates a candidate configuration snapshot that does not overwrite the default snapshot
(.saved.xml) - answer✔✔creates a candidate configuration snapshot that does not overwrite the
default snapshot (.snapshot.xml)
Which statement is true about the App-ID database?
App-ID always requires an explicit Security policy rule for parent applications.
Some App-IDs implicitly allow required application without the need to explicitly add the parent
to the Security policy.
Every application has a parent application.
If an App-ID has a web-browsing dependency, you will not need to add web-browsing to other
Security polices to use web-browsing - answer✔✔Some App-IDs implicitly allow required
application without the need to explicitly add the parent to the Security policy.
An internal host needs to connect through the firewall using source NAT to servers on the
internet.Which policy is required to enable source NAT on the firewall?
NAT policy with internal zone and internet zone specified
NAT policy with no internal or internet zone selected
pre-NAT policy with external source and any destination address
post-NAT policy with external source and any destination address - answer✔✔NAT policy with
internal zone and internet zone specified
Which two agents can be used to monitor servers and gather User-ID information? (Choose two.)
Built-in agent inside the PAN-OS® firewall
, ©THEBRIGHTSTARS 2024
Windows-based client
Traps agent
Cortex Data Lake - answer✔✔Built-in agent inside the PAN-OS® firewall
Windows-based client
What are two URL Filtering Security Profile actions? (Choose two.)
Continue
Approved
Deny
Allow - answer✔✔Continue, Allow
What are two predefined anti-spyware profiles? (Choose two.)
Default
Standard
Secure
Strict - answer✔✔Default, Strict
What are two types of Security profiles? (Choose two.)
Antivirus
URL Filtering
Spyware Filtering
File Filtering - answer✔✔Antivirus
URL Filtering
PCNSA Personal Exam Questions With
Correct Answers
What is an "application shift?"
1. an application change during the lifetime of a session
2. a session change during the lifetime of an application
3. a packet change during the lifetime of a session
4. application dependency - answer✔✔an application change during the lifetime of a session
What is the default metric value of static routes?
+1
1
2
10
20 - answer✔✔10
How often are new antivirus signatures published?
hourly
weekly
daily
monthly - answer✔✔Daily
Which interface type can be used to switch traffic between multiple interfaces inside the same
VLAN?
, ©THEBRIGHTSTARS 2024
Tap interfaces
Layer 2 interfaces
Layer 3 interfaces
other subnets - answer✔✔Layer 2
Which type of firewall configuration contains in-progress configuration changes?
running
candidate
named
saved - answer✔✔candidate
Given the topology shown in the graphic, which interface type should you configure for zone A
and zone B?
Layer3
Layer2
Virtual Wire
Ethernet - answer✔✔Layer 3
What does the Save Named Configuration Snapshot option do?
creates a tentative configuration snapshot that does not overwrite the default snapshot
(.snapshot.xml)
creates a candidate configuration snapshot that does not overwrite the default snapshot
(.snapshot.xml)
deletes a candidate configuration snapshot that does not overwrite the default snapshot
(.snapshot.xml)
, ©THEBRIGHTSTARS 2024
creates a candidate configuration snapshot that does not overwrite the default snapshot
(.saved.xml) - answer✔✔creates a candidate configuration snapshot that does not overwrite the
default snapshot (.snapshot.xml)
Which statement is true about the App-ID database?
App-ID always requires an explicit Security policy rule for parent applications.
Some App-IDs implicitly allow required application without the need to explicitly add the parent
to the Security policy.
Every application has a parent application.
If an App-ID has a web-browsing dependency, you will not need to add web-browsing to other
Security polices to use web-browsing - answer✔✔Some App-IDs implicitly allow required
application without the need to explicitly add the parent to the Security policy.
An internal host needs to connect through the firewall using source NAT to servers on the
internet.Which policy is required to enable source NAT on the firewall?
NAT policy with internal zone and internet zone specified
NAT policy with no internal or internet zone selected
pre-NAT policy with external source and any destination address
post-NAT policy with external source and any destination address - answer✔✔NAT policy with
internal zone and internet zone specified
Which two agents can be used to monitor servers and gather User-ID information? (Choose two.)
Built-in agent inside the PAN-OS® firewall
, ©THEBRIGHTSTARS 2024
Windows-based client
Traps agent
Cortex Data Lake - answer✔✔Built-in agent inside the PAN-OS® firewall
Windows-based client
What are two URL Filtering Security Profile actions? (Choose two.)
Continue
Approved
Deny
Allow - answer✔✔Continue, Allow
What are two predefined anti-spyware profiles? (Choose two.)
Default
Standard
Secure
Strict - answer✔✔Default, Strict
What are two types of Security profiles? (Choose two.)
Antivirus
URL Filtering
Spyware Filtering
File Filtering - answer✔✔Antivirus
URL Filtering
