PCNSA Exam 62 Questions with Verified Answers 100% CORRECT

Document Content and Description Below

PCNSA Exam 62 Questions with Verified Answers What are two firewall management methods? - CORRECT ANSWER CLI XML API Which two devices are used to connect a computer to the firewall for managem... ent purposes? - CORRECT ANSWER Serial cable RJ-45 Ethernet cable What is the default IP address assigned to the MGT interfaces of a Palo Alto Networks firewall? - CORRECT ANSWER 192.168.1.1 What are the two default services that are available on the MGT interface? - CORRECT ANSWER HTTPS SSH True or false? Service route traffic has Security policy rules applied against it - CORRECT ANSWER True Service routes may be used to forward which two traffic types out of a data port? - CORRECT ANSWER External dynamic lists Palo Alto Networks updates Which command must be performed on the firewall to activate any changes? - CORRECT ANSWER Commit Which command backs up configuration files to a remote network device? - CORRECT ANSWER Export The command load named configuration snapshot overwrites the current candidate configuration with which three items? - CORRECT ANSWER Custom-named candidate configuration snapshot (instead of the default snapshot) Current running configuration (running-config.xml) Palo Alto Networks updates What are two firewall management methods? - CORRECT ANSWER CLI XML API True or false? A Palo Alto Networks firewall automatically provides a backup of the configuration during a software upgrade. - CORRECT ANSWER True If you have a Threat Prevention subscription but not a WildFire subscription, how long must you wait for the WildFire signatures to be added into the antivirus update? - CORRECT ANSWER 24 to 48 hours Which three actions should you complete before you upgrade to a newer version of software? - CORRECT ANSWER Review the release notes to determine any impact of upgrading to a newer version of software. Ensure that the firewall is connected to a reliable power source. Create and externally store a backup before you upgrade. Which two default zones are included with the PAN-OS software? - CORRECT ANSWER Interzone Intrazone Which two zone types are valid options? - CORRECT ANSWER Tap Virtual wire Which two statements about interfaces are correct? - CORRECT ANSWER Interfaces do not have to be configured before you can create a zone. An interface can belong to only one zone. Which two interface types can belong in a Layer 3 zone? - CORRECT ANSWER Looback Tunnel What are used to control traffic through zones? - CORRECT ANSWER Security policy rules For inbound inspection, which two actions can be done with a Tap interface? - CORRECT ANSWER Decrypt traffic Log traffic Which two actions can be done with a Virtual Wire interface? - CORRECT ANSWER NAT Log traffic Which two actions can be done with a Layer 3 interface? - CORRECT ANSWER NAT Route Layer 3 interfaces support which two items? - CORRECT ANSWER NAT IPv6 Layer 3 interfaces support which three advanced settings? - CORRECT ANSWER NDP configuration Link speed configuration Link duplex configuration Layer 2 interfaces support which three items? - CORRECT ANSWER Traffic examination Forwarding of spanning tree BPDUs Traffic shaping via QoS Which two interface types support subinterfaces? - CORRECT ANSWER Virtual Wire Layer2 Which two statements are true regarding Layer 3 interfaces? - CORRECT ANSWER A Layer 3 interface can only have one DHCP assigned address. You can apply an Interface Management profile to the interface. Which statement is true regarding aggregate Ethernet interfaces? - CORRECT ANSWER . A Layer 3 aggregate interface group can have more than one IP assigned to it. What is the default administrative distance of a static route within the PAN-OS software? - CORRECT ANSWER 10 Which two dynamic routing protocols are available in the PAN-OS software? - CORRECT ANSWER RIPv2 OSPFv3 Which value is used to distinguish the preference of routing protocols? - CORRECT ANSWER Administrative distance Which value is used to distinguish the best route within the same routing protocol? - CORRECT ANSWER Metric In path monitoring, what is used to monitor remote network devices? - CORRECT ANSWER Ping Which two statements are true about a Role Based Admin Role Profile role? - CORRECT ANSWER It can be used for CLI commands. It can be used for XML API The management console supports which two authentication types? - CORRECT ANSWER RADIUS TACACS+ Which two Dynamic Admin Role types are available on the PAN-OS software? - CORRECT ANSWER Superuser Device administrator (read-only Which type of profile does an authentication sequence include? - CORRECT ANSWER Authentication An Authentication profile includes which other type of profile? - CORRECT ANSWER Server True or false? Dynamic Admin Roles are called "dynamic" because you can customize them. - CORRECT ANSWER False Which profile is used to override global minimum password complexity requirements? - CORRECT ANSWER Password What does an application filter enable an administrator to do? - CORRECT ANSWER Dynamically categorize multiple applications. Which two items can be added to an application group? - CORRECT ANSWER Application groups Application Filters What are two application characteristics? - CORRECT ANSWER Excessive bandwidth use Evasive What will be the result of one or more occurrences of shadowing? - CORRECT ANSWER A warning Which column in the Applications and Threats screen includes the options Review Apps and Review Policies? - CORRECT ANSWER Action Which link can you select in the web interface to minimize the risk of installing new App-ID updates? - CORRECT ANSWER Disable new apps in content update. Which two protocols are implicitly allowed when you select the facebook-base application? - CORRECT ANSWER Web-browsing SSL What are the two default (predefined) Security policy rule types in PAN-OS software? (Choose two.) - CORRECT ANSWER Interzone Intrazone Which type of Security policy rules most often exist above the two predefined Security policies? - CORRECT ANSWER Universal What does the TCP Half Closed setting mean? - CORRECT ANSWER Maximum length of time that a session remains in the session table between reception of the first FIN and reception of the second FIN or RST. What are two application characteristics? - CORRECT ANSWER Excessive bandwidth use Evasive Which two HTTP Header Logging options are within a URL Filtering profile? - CORRECT ANSWER User-Agent X-Forwarded-For What are two source NAT types? - CORRECT ANSWER Static Dynamic Which phrase is a simple way to remember how to configure Security policy rules where NAT was implemented? - CORRECT ANSWER Pre-NAT IP, post-NAT zone What are two types of destination NAT? - CORRECT ANSWER Dynamic IP (with session distribution) Static What are two possible values for DIPP (Dynamic IP and Port NAT) oversubscription? (Choose two.) - CORRECT ANSWER 1x 4x Which statement is true regarding bidirectional NAT? - CORRECT ANSWER For static translations, bidirectional NAT enables the firewall to create a corresponding translation in the opposite direction of the translation you configure? The Policy Optimizer does not analyze which statistics? - CORRECT ANSWER Which users matched Security policies. if you have a Threat Prevention subscription but not a WildFire subscription, how long must you wait for the WildFire signatures to be added into the antivirus update? - CORRECT ANSWER 24 to 48 hours What are two benefits of Vulnerability Protection Security profiles? - CORRECT ANSWER They prevent exploitation of system flaws. They prevent unauthorized access to systems. Which two actions are required to implement DNS Security inspections of traffic? - CORRECT ANSWER Add an Anti-Spyware Security profile with DNS remediations to a Security policy. Configure an Anti-Spyware Security profile with DNS remediations. Which two types of attacks does the PAN-DB prevent? - CORRECT ANSWER Phishing site HTTP-based command and control Which two valid URLs can be used in a custom URL category? - CORRECT ANSWER www.youtube.com *.youtube.com [Show More]

Last updated: 8 months ago

Preview 1 out of 7 pages