PCNSA Free Practice Test

Which type of security policy rule will match traffic that flows between the Outside zone and inside zone, but would not match traffic that flows within the zones?

1. A. global
2. B. intrazone
3. C. interzone
4. D. universal

Correct Answer: C
Reference:
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/software-and-content- updates/dynamic- contentupdates.html#:~:text=WildFire signature updates are made,within a minute of availability

The CFO found a malware infected USB drive in the parking lot, which when inserted infected their corporate laptop the malware contacted a known command-and-control server which exfiltrating corporate data.
Which Security profile feature could have been used to prevent the communications with the command-and-control server?

1. A. Create a Data Filtering Profile and enable its DNS sinkhole feature.
2. B. Create an Antivirus Profile and enable its DNS sinkhole feature.
3. C. Create an Anti-Spyware Profile and enable its DNS sinkhole feature.
4. D. Create a URL Filtering Profile and block the DNS sinkhole URL category.

Correct Answer: C

An administrator would like to determine the default deny action for the application dns- over-https
Which action would yield the information?

1. A. View the application details in beacon paloaltonetworks.com
2. B. Check the action for the Security policy matching that traffic
3. C. Check the action for the decoder in the antivirus profile
4. D. View the application details in Objects > Applications

Correct Answer: D

At which point in the app-ID update process can you determine if an existing policy rule is affected by an app-ID update?

1. A. after clicking Check New in the Dynamic Update window
2. B. after connecting the firewall configuration
3. C. after downloading the update
4. D. after installing the update

Correct Answer: A
Reference:https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-web-interface-help/device/device-dynamicupdates

Which statements is true regarding a Heatmap report?

1. A. When guided by authorized sales engineer, it helps determine te areas of greatest security risk.
2. B. It provides a percentage of adoption for each assessment area.
3. C. It runs only on firewall.
4. D. It provides a set of questionnaires that help uncover security risk prevention gaps acrossall areas of network and security architecture.

Correct Answer: B
Reference:https://live.paloaltonetworks.com/t5/best-practice-assessment-blogs/the-best-practice-assessment-bpa-tool-for-ngfw-and-panorama/ba-p/248343