PCNSA QUESTIONS AND ANSWERS ALREADY PASSED. Graded A

Document Content and Description Below

PCNSA QUESTIONS AND ANSWERS ALREADY PASSED A client downloads a malicious file from the internet. The Palo Alto firewall has a valid WildFire subscription. The Security policy rule shown above matc... hes the client HTTP session: Which three actions take place when the firewall's Content-ID engine detects a virus in the file and the decoder action is set to "block"? (Choose three.) ✔✔A threat log entry is generated. The file download is terminated. The client receives a block page. A company has a pair of PA-3050s running PAN-OS 6.0.4. Antivirus, Threat Prevention, and URL Filtering Profiles are in place and properly configured on both inbound and outbound policies. A Security Operation Center (SOC) engineer starts his shift and faces the traffic logs presented in the screenshot shown above. He notices that the traffic is being allowed outbound. Which actions should the SOC engineer take to safely allow known but not yet qualified applications, without disrupting the remaining traffic policies? ✔✔Create Application Override policies after a packet capture to identify the applications that are triggering the "unknown-tcp". Then create new custom applications for those policies, and add these new policies above the current policy that allows the traffic. A company has a Palo Alto Networks firewall configured with the following three zones: Internet DMZ Inside. All users are located on the Inside zone and are using public DNS servers for name resolution. The company hosts a publicly accessible web application on a server in the DMZ zone. Which NAT rule configuration will allow users on the Inside zone to access the web application using its public IP address? ✔✔Three zone U-turn NAT A company has a Palo Alto Networks firewall configured with the following three zones: UntrustL3 DMZ Trust-L3. The company hosts a publicly accessible web application on a server thatresides in the Trust-L3 zone. The web server is associated with the following IP addresses: Web Server Public IP: 2.2.2.1/24 , Web Server Private IP: 192.168.1.10/24 . The security administrator configures the following two-zone U-Turn NAT rule to allow users using 10.10.1.0/24 on the "Trust-L3" zone to access the web server using its public IP address in the Untrust-L3 zone: Which statement is true in this situation? ✔✔The traffic will be considered intra-zone based on the translated destination zone. A company is deploying a pair of PA-5060 firewalls in an environment requiring support for asymmetric routing. Which High Availability (HA) mode best supports this design requirement? ✔✔Active-Active mode A company policy dictates that logs must be retained in their original format for a period of time that would exceed the space limitations of the Palo Alto Networks firewall's internal storage. Which two options will allow the company to meet this requirement? (Choose two.) ✔✔Palo Alto Networks Log Collector Panorama Virtual Machine with NFS storage A company uses Active Directory and RADIUS to capture User-ID information and implement user-based policies to control web access. Many Linux and Mac computers in the environment that do not have IP-address-to-user mappings. What is the best way to collect user information for those systems? ✔✔Use Captive Portal to capture user information A company wants to run their pair of PA-200 firewalls in a High Availability active/passive mode and will be using HA-Lite. Which capability can be used in this situation? ✔✔Configuration Sync A Management Profile to allow SSH access has been created and applied to interface ethernet1/1. A security rule with the action "deny" is applied to packets from "any" source zone to "any" destination zone. What will happen when someone attempts to initiate an SSH connection to ethernet1/1? ✔✔SSH access to the interface will be denied because intra-zone traffic is denied.A network administrator needs to view the default action for a specific spyware signature. The administrator follows the tabs and menus through Objects > Security Profiles > Anti-Spyware, and selects the default Profile. What should be done next? ✔✔Click the Exceptions tab and then click Show all signatures. A Palo Alto Networks firewall has been configured with multiple virtual systems and is administered by multiple personnel. Several administrators are logged into the firewall and are making configuration changes to separate virtual systems at the same time. Which option will ensure that no single administrator's changes are interrupted or undone by another administrator while still allowing all administrators to complete their changes prior to issuing a commit? ✔✔Each administrator sets a configuration and commit lock for the vsys to which they are making changes. A Palo Alto Networks firewall is being targeted by a DoS attack from the Internet that is creating a flood of bogus TCP connections to internal servers behind the firewall. This traffic is allowed by security policies, and other than creating half-open TCP connections, it is indistinguishable from legitimate inbound traffic. Which Zone Protection Profile with SYN Flood Protection action, when enabled with the correct threshold, would mitigate this attack without dropping legitimate traffic? ✔✔SYN Cookies applied on the internet-facing zone A Palo Alto Networks firewall is configured with a NAT policy rule that performs the following source translation: Which filters need to be configured to match traffic originating from 192.168.1.10 in the "Trust-L3" zone to 2.2.2.2 in the "Untrust-L3" zone in the Transmit stage? ✔✔Filter 1 source 192.168.1.10 destination 2.2.2.2 Filter 2 source 2.2.2.2 destination 192.168.1.10 A security engineer has been asked by management to optimize how Palo Alto Networks firewall syslog messages are forwarded to a syslog receiver. There are currently 20 PA-5060 firewalls, each of which is configured to forward syslogs individually. The security engineer wants to leverage their two M-100 appliances to send syslog messages from a single source and already hasdeployed one in Panorama mode and the other as a Log Collector. What is the remaining step in this solution? ✔✔Configure Collector Log Forwarding A Security Operations Center (SOC) has been provided a list of 10,000 malicious URLs. They were asked not to share this list outside of the organization. The Chief Information Security Officer has requested that all user access to these URLs be filtered and blocked immediately to prevent potential breaches. However, the inline Palo Alto Networks firewall is NOT licensed for URL Filtering. What is an efficient method for blocking access to these URLs? ✔✔Import the URLs to a Custom URL Category and reference the URL Category in a Security policy rule set to deny. A US-CERT notification is published regarding a newly discovered piece of malware. The infection is spread using spear phishing emails that prompt users to click an HTTP hyperlink, which then downloads the malware. Palo Alto Networks has just released signatures to detect this malware as a high severity threat and the firewall is configured to dynamically update to the latest databases automatically. Which component and implementation will detect and prevent this threat? ✔✔Antivirus Profiles applied to outbound Security policy rules with action set to block highseverity threats A US-CERT notification is published regarding a newly-discovered piece of malware. The infection is spread using spear phishing e-mails that prompt users to click an HTTP hyperlink, which then downloads the malware. Palo Alto Networks has just released signatures to detect this malware as a high severity threat and the firewall is configured to dynamically update to the latest databases automatically. Which component and implementation will detect and prevent this threat? ✔✔Antivirus profiles applied to outbound security policy rules with action set to block high severity threats A website is presenting an RSA 2048-bit key. By default, what will the size of the key in the certificate sent by the firewall to the client be when doing SSL Decryption? ✔✔2048 bitsA workstation at a company was infected with malware on September 18, 2014. Palo Alto Networks released an antivirus signature for that malware on September 17, 2014. The company's firewall is licensed with Threat Prevention and URL Filtering. The Threat log in the Monitor tab of the firewall shows no indications of traffic related to the infection. However, the Traffic log shows traffic between the workstation and the command-and-control server. Given the company's Dynamic Updates configuration: What is the cause of traffic not matching a malware signature? ✔✔The update schedule is set to "download only" and not to "download and insta [Show More]

Last updated: 1 year ago

Preview 1 out of 11 pages