Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Oracle
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Palo Alto Networks
  3. PCNSA

Palo Alto Networks PCNSA Exam (page: 11)
Palo Alto Networks Certified Network Security Administrator
Updated on: 01-Sep-2025

Viewing Page 11 of 79
PCNSA PDF 420 Questions

The PowerBall Lottery has reached a high payout amount and a company has decided to help employee morale by allowing employees to check the number, but doesn't want to unblock the gambling URL category.
Which two methods will allow the employees to get to the PowerBall Lottery site without the company unlocking the gambling URL category? (Choose two.)

  1. Add all the URLs from the gambling category except powerball.com to the block list and then set the action for the gambling category to allow.
  2. Manually remove powerball.com from the gambling URL category.
  3. Add *.powerball.com to the allow list
  4. Create a custom URL category called PowerBall and add *.powerball.com to the category and set the action to allow.

Answer(s): C,D



Which service protects cloud-based applications such as Dropbox and Salesforce by administering permissions and scanning files for sensitive information?

  1. Aperture
  2. AutoFocus
  3. Panorama
  4. GlobalProtect

Answer(s): A



An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact and command-and-control (C2) server.
Which security profile components will detect and prevent this threat after the firewall's signature database has been updated?

  1. antivirus profile applied to outbound security policies
  2. data filtering profile applied to inbound security policies
  3. data filtering profile applied to outbound security policies
  4. vulnerability profile applied to inbound security policies

Answer(s): A



Which update option is not available to administrators?

  1. New Spyware Notifications
  2. New URLs
  3. New Application Signatures
  4. New Malicious Domains
  5. New Antivirus Signatures

Answer(s): B



A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone. What configuration-changes should the Firewall-admin make?

  1. Create a custom-service-object called SERVICE-SSH for destination-port-TCP-22. Create a security-rule between zone USERS and OUTSIDE to allow traffic from any source IP-address to any destination IP-address for SERVICE-SSH
  2. Create a security-rule that allows traffic from zone USERS to OUTSIDE to allow traffic from any source IP-address to any destination IP-address for application SSH
  3. In addition to option a, a custom-service-object called SERVICE-SSH-RETURN that contains source-port-TCP-22 should be created. A second security-rule is required that allows traffic from zone OUTSIDE to USERS for SERVICE-SSH-RETURN for any source-IP-address to any destination-Ip-address
  4. In addition to option c, an additional rule from zone OUTSIDE to USERS for application SSH from any source-IP-address to any destination-IP-address is required to allow the return-traffic from the SSH-servers to reach the server-admin

Answer(s): B



Viewing Page 11 of 79



Share your comments for Palo Alto Networks PCNSA exam with other users:

Abdullah 9/29/2023 2:06:00 AM

good morning
Anonymous


ethiopia 8/2/2023 2:18:00 AM

seems good..
ETHIOPIA


A\MAM 6/27/2023 5:17:00 PM

q-6 ans-b correct. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-cli-quick-start/use-the-cli/commit-configuration-changes
UNITED STATES