Palo Alto Firewall PCNSA Exam Questions with Correct Answers
7 views 0 purchase
Course
Palo Alto Firewall PCNSA
Institution
Palo Alto Firewall PCNSA
Palo Alto Firewall PCNSA Exam Questions with Correct Answers
What are the 3 source NAT types? - Answer-1. DIPP
2. Dynamic IP
3. Static IP
What is DIPP NAT Oversubscription? - Answer-DIPP NAT Oversubscription enables reuse of port numbers as an alternative NAT session identifier by using the...
Palo Alto Firewall PCNSA
Exam Questions with
Correct Answers
What are the 3 source NAT types? - Answer-1. DIPP
2. Dynamic IP
3. Static IP
What is DIPP NAT Oversubscription? - Answer-DIPP NAT Oversubscription enables
reuse of port numbers as an alternative NAT session identifier by using the destination
IP address
In a TCP exchange how many packets does it take to identify the application? - Answer-
Four or Five. App-ID cannot identify the traffic from only a TCP handshake. After 3-way
TCP handshake comes the application communication. Hence after 3 packets (TCP
handshake) come identification of App-ID
TRUE OR FALSE? Telemetry is an opt-out feature - Answer-FALSE. Telemetry is an
opt-in feature; nothing is selected by default
TRUE OR FALSE? NGFW, device administrator cannot manage other administrator -
Answer-TRUE. Device administrator cannot manage administrator accounts or create
new virtual systems, and a virtual system administrator can manage only virtual
systems assigned to them.
What does DoS Protection Policy and DoS protection Profile protects? - Answer-
Destination zone and Destination host
What is Ingress in Firewall? - Answer-Ingress is the incoming traffic
What is Egress in Firewall? - Answer-Egress is outgoing traffic
Where is Zone Protection profile applied to? - Answer-Zone protection always is applied
to the ingress interfaces in the protected zone, regardless of the zone where the
destination hosts are located.
,Is DoS Protection packet or signature based? - Answer-Packet based. DoS protection
uses packet header information to detect threats.
TRUE or FALSE: DoS protection is linked to Security Policy - Answer-FALSE
What six protocols are in default Antivirus Profile? - Answer-pop3, imap, smtp, http/2,
smb, ftp
When configuring a File Blocking Profile, what actions you can set? - Answer-1.
Continue (Allows download with warning)
2. Alert (allows download)
3. Block (deny download)
In which FW plane is the CPU, SSD and RAM located? - Answer-Control Plane
A Virtual Wire object is capable of blocking or allowing traffic based on? - Answer-
802.1Q VLAN tag values
What are the 4 information you will find in the Security Policy Rule - Usage tab -
Answer-Basics, Activity, Applications and Traffic
What are 2 approaches to mitigate DoS attacks? - Answer-1. Zone-based protection
2. End host protection
YES OR NO: Do Layer 2 Interfaces participate in Spanning Tree? - Answer-NO.
However, they do forward BPDU messages.
Which interface types can have Interface Management Profiles assigned to them? -
Answer-Layer 3 interface permits for management traffic.
TRUE OR FALSE: Layer 3 interface can have one or more STATIC IPv4 addresses -
Answer-TRUE. However these IP address must be on different subnets.
TRUE OR FALSE: Layer 3 sub-interface must be assigned to 802.1Q VLAN - Answer-
TRUE. A virtual router object is required to route traffic between each VLAN
What are the benefits of implementing an aggregate interface group? - Answer-1.
Increases Bandwidth
2. Provides redundancy
What FW models does not support aggregate interface groups? - Answer-VM-series
Firewall
Which FW series support up to 16 Aggregate Interface Groups - Answer-PA-3200
Series
PA-5200 Series
, and most PA-7000 Series
What is Palo Alto's 3 data processing feature on its Data Plane? - Answer-Signature
matching, Security Processing and Network Processing
What are the 2 planes of PAN-FW? - Answer-Control (Management) Plane and Data
plane
What is the principle of Zero Trust model? - Answer-Never trust, always verify
What visibility does a Zero Trust network provides? - Answer-Both North-South and
East-West traffic (Lateral and Horizontal)
What is Zero Trust 3 main components - Answer-All resources are accessed in a secure
manner regardless of location, Access control is on a "need to know" basis and strictly
enforced, and All traffic is logged and inspected.
What is the default IP address on the MGT interface of PAN-FW - Answer-192.168.1.1
Ways to connect to PAN-FW - Answer-in-band MGT (IP address) and out-of-band MGT
(cable)
What are the 4 methods to manage PAN-FW - Answer-Web interface, CLI, Panorama
and XML API
What firewall action blocks traffic and does not notify the sender? - Answer-When the
firewall DROP the traffic it does not notify the sender.
What is the default metric for static route? - Answer-10
When is the shortest time can you configure the FW to check for Wildfire updates? -
Answer-1 minute
What intervals does the firewall dashboard Refresh Rate have? - Answer-1 min, 2 mins,
5 mins or Manual
What are the 4 tabs of Application Command Center (ACC)? - Answer-Network Activity,
Threat Activity, Blocked Activity and Tunnel Activity.
What is Application Command Center (ACC) for? - Answer-Application Command
Center provides a visual summary of the applications traversing the network,
categorized by sessions, bytes, ports, threats and time.
What port number is available for setting up a Syslog Server Profile? - Answer-
UDP/TCP port 514 or SSL 6514
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Scholarsstudyguide. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.
