[Jan-9th-2021] Updated Palo Alto Networks PCNSA Exam Questions (98 Q&As)

New Palo Alto Networks PCNSA Exam Questions are updated from PassQuestion! You can download the newest PassQuestion Palo Alto Networks PCNSA Questions and Answers: https://www.passquestion.com/pcnsa.html (98 Q&As)

Test Online Palo Alto Networks PCNSA Free Questions

1. Which plane on a Palo Alto Networks Firewall provides configuration, logging, and reporting functions on a separate processor?


2. A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base. On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days. Based on the information, how is the SuperApp traffic affected after the 30 days have passed?


3. How many zones can an interface be assigned with a Palo Alto Networks firewall?


4. Which two configuration settings shown are not the default? (Choose two.)


5. Which dataplane layer of the graphic shown provides pattern protection for spyware and vulnerability exploits on a Palo Alto Networks Firewall?


6. Which option shows the attributes that are selectable when setting up application filters?


7. Actions can be set for which two items in a URL filtering security profile? (Choose two.)



Match the Cyber-Attack Lifecycle stage to its correct description.

9. Which two statements are correct about App-ID content updates? (Choose two.)


10. Which User-ID mapping method should be used for an environment with clients that do not authenticate to Windows Active Directory?


11. An administrator needs to allow users to use their own office applications.

How should the administrator configure the firewall to allow multiple applications in a dynamic environment?


12. Which statement is true regarding a Best Practice Assessment?


13. Employees are shown an application block page when they try to access YouTube.

Which security policy is blocking the YouTube application?


14. Choose the option that correctly completes this statement. A Security Profile can block or allow traffic ____________.


15. When creating a Source NAT policy, which entry in the Translated Packet tab will display the options Dynamic IP and Port, Dynamic, Static IP, and None?


16. Which interface does not require a MAC or IP address?


17. A company moved its old port-based firewall to a new Palo Alto Networks NGFW 60 days ago.

Which utility should the company use to identify out-of-date or unused rules on the firewall?



Order the steps needed to create a new security zone with a Palo Alto Networks firewall.

19. What are two differences between an implicit dependency and an explicit dependency in App-ID? (Choose two.)


20. Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping.

What is the quickest way to reset the hit counter to zero in all the security policy rules?


21. Which two App-ID applications will need to be allowed to use facebook-chat? (Choose two.)


22. Which User-ID agent would be appropriate in a network with multiple WAN links, limited network bandwidth, and limited firewall management plane resources?


23. Your company requires positive username attribution of every IP address used by wireless devices to support a new compliance requirement. You must collect IP Cto-user mappings as soon as possible with minimal downtime and minimal configuration changes to the wireless devices themselves. The wireless devices are from various manufactures.

Given the scenario, choose the option for sending IP-to-user mappings to the NGFW.


24. An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command-and-control (C2) server.

Which two security profile components will detect and prevent this threat after the firewall’s signature database has been updated? (Choose two.)


25. At which stage of the Cyber-Attack Lifecycle would the attacker attach an infected PDF file to an email?


26. commit the configuration, and verify agent connection status


27. Users from the internal zone need to be allowed to Telnet into a server in the DMZ zone.

Complete the security policy to ensure only Telnet is allowed.

Security Policy: Source Zone: Internal to DMZ Zone __________services “Application defaults”, and action = Allow


28. Based on the security policy rules shown, ssh will be allowed on which port?


29. Which license must an Administrator acquire prior to downloading Antivirus Updates for use with the firewall?



Match the Palo Alto Networks Security Operating Platform architecture to its description.

Question 1 of 30

Palo Alto Networks PSE PrismaCloud Exam Questions (60 Q&As)

Leave a Reply

Your email address will not be published. Required fields are marked *