PCNSA Full SG Questions and Answers Already Graded A

Document Content and Description Below

PCNSA Full SG Questions and Answers Already Graded A Which four models are the Palo Alto Networks next-generation firewall models? (Choose four.) a. PA-200 Series b. PA-2000 Series c. PA-300 Seri... es d. PA-3200 Series e. PA-400 Series f. PA-5000 Series g. PA-7000 Series ✔✔a. PA-200 Series d. PA-3200 Series f. PA-5000 Series g. PA-7000 Series Which two planes are found in Palo Alto Networks single-pass platform architecture? (Choose two.) a. control b. single pass c. data d. parallel processing ✔✔a. control c. data (T/F) The strength of the Palo Alto Networks firewall is its Single-Pass Parallel Processing (SP3) engine. a. true b. false ✔✔a. trueWhich new firewall model was introduced with PAN-OS 8.1 with double the data-plane memory? a. PA-5260 b. PA-5270 c. PA-5280 d. PA-5290 ✔✔c. PA-5280 Palo Alto Networks firewalls are built with a dedicated out-of-band management port that has which three attributes? (Choose three.) a. Labeled MGT by default. b. Passes only management traffic for the device and cannot be configured as a standard traffic port. c. Administrators use the out-of-band management port for direct connectivity to the management plane of the firewall. d. Cannot be configured to use DHCP. ✔✔a. Labeled MGT by default. b. Passes only management traffic for the device and cannot be configured as a standard traffic port. c. Administrators use the out-of-band management port for direct connectivity to the management plane of Which three statements are true regarding the candidate configuration? (Choose three.) a. You can roll back the candidate configuration by pressing the Undo button. b. You can revert the candidate configuration to the running configuration. c. Clicking Save creates a copy of the current candidate configuration. d. Choosing Commit updates the running configuration with the contents of the candidate configuration. ✔✔b. You can revert the candidate configuration to the running configuration. c. Clicking Save creates a copy of the current candidate configuration.d. Choosing Commit updates the running configuration with the contents of the candidate configuration. (T/F) Firewall administrator accounts can be individualized for user needs, granting or restricting permissions as appropriate? a. true b. false ✔✔a. true Firewall administration can be done using which four interfaces? (Choose four.) a. web interface b. Panorama c. command line interface d. Java API e. XML API ✔✔a. web interface b. Panorama c. command line interface e. XML API (T/F) Service routes can be used to configure an in-band port to access external services. a. true b. false ✔✔a. true Virtual routers provide support for static routing and dynamic routing using which three protocols? (Choose three.) a. OSPF b. RIPv2 c. EGPd. BGP ✔✔a. OSPF b. RIPv2 d. BGP Which three interface types are valid on a Palo Alto Networks firewall? (Choose three.) a. FC b. Layer 3 c. FCoE d. Tap e. Virtual Wire ✔✔b. Layer 3 d. Tap e. Virtual Wire (T/F) Intrazone traffic is allowed by default but interzone traffic is blocked by default. a. true b. false ✔✔a. true Which three attributes are true regarding a Virtual Wire (vwire) interface? (Choose three.) a. sometimes called a Bump in the Wire or Transparent In-Line b. no support for routing or device management c. supports NAT, Content-ID, and User-ID d. supports SSL Decrypt Inbound traffic only ✔✔a. sometimes called a Bump in the Wire or Transparent In-Line b. no support for routing or device management c. supports NAT, Content-ID, and User-ID (T/F) A Layer 3 interface can be configured as dual stack with both IPv4 and IPv6 addresses.a. true b. false ✔✔a. true Which four items are possible network traffic match criteria in a Security policy on a Palo Alto Networks firewall? (Choose four.) a. Source Zone b. Username c. DNS Domain d. URL e. Application ✔✔a. Source Zone b. Username d. URL e. Application Which of the three types of Security policy rules that can be created is the default rule type? a. intrazone b. interzone c. universal ✔✔c. universal (T/F) The intrazone-default and interzone-default rules cannot be modified. a. true b. false ✔✔b. false Which three items are names of valid source NAT translation types? (Choose three.) a. dynamic IP b. dynamic IP/Port c. port forwardingd. static ✔✔a. dynamic IP b. dynamic IP/Port d. static (T/F) Logging on intrazone-default and interzone-default Security policy rules is enabled by default. a. true b. false ✔✔b. false Which item is the name of an object that dynamically groups applications based on application attributes that you define: Category, Subcategory, Technology, Risk, and Characteristic? a. application b. application filter c. application group d. Application Profile ✔✔b. application filter (T/F) In Palo Alto Networks terms, an application is a specific program or feature that can be detected, monitored, and blocked if necessary. a. true b. false ✔✔a. true Before App-ID would identify traffic as facebook-base, it would first identify the traffic as which application? a. unknown-tcp b. unknown-udp c. web-browsing ✔✔c. web-browsingWhich three statements are true regarding App-ID? (Choose three.) a. It addresses the traffic classification limitations of traditional firewalls. b. It is the Palo Alto Networks traffic classification mechanism. c. It uses multiple identification mechanisms to determine the exact identity of applications traversing the network. d. It still is in the developmental stage and is not yet released. ✔✔a. It addresses the traffic classification limitations of traditional firewalls. b. It is the Palo Alto Networks traffic classification mechanism. c. It uses multiple identification mechanisms to determine the exact identity of applications traversing the network. Application groups can contain applications, filters, or other application groups. a. true b. false ✔✔a. true Which anti-spyware feature enables an administrator to quickly identify a potentially infected host on the network? a. Data Filtering log entry b. continue response page c. DNS sinkhole d. CVE number ✔✔c. DNS sinkhole (T/F) A Security Profile attached to a Security policy rule is evaluated on [Show More]

Last updated: 1 year ago

Preview 1 out of 31 pages