Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Oracle
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Palo Alto Networks
  3. PCNSA

Palo Alto Networks PCNSA Exam (page: 3)
Palo Alto Networks Certified Network Security Administrator
Updated on: 29-Aug-2025

Viewing Page 3 of 79
PCNSA PDF 420 Questions

Which User-ID mapping method should be used for an environment with users that do not authenticate to Active Directory?

  1. Windows session monitoring
  2. passive server monitoring using the Windows-based agent
  3. Captive Portal
  4. passive server monitoring using a PAN-OS integrated User-ID agent

Answer(s): C



An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?

  1. Create an Application Filter and name it Office Programs, then filter it on the business-systems category, office-programs subcategory
  2. Create an Application Group and add business-systems to it
  3. Create an Application Filter and name it Office Programs, then filter it on the business-systems category
  4. Create an Application Group and add Office 365, Evernote, Google Docs, and Libre Office

Answer(s): A



Which statement is true regarding a Best Practice Assessment?

  1. The BPA tool can be run only on firewalls
  2. It provides a percentage of adoption for each assessment area
  3. The assessment, guided by an experienced sales engineer, helps determine the areas of greatest risk where you should focus prevention activities
  4. It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture

Answer(s): B


Reference:

https://docs.paloaltonetworks.com/best-practices/8-1/data-center-best-practices/data-center-best-practice-security-policy/use-palo-alto-networks- assessment-and-review-tools



Employees are shown an application block page when they try to access YouTube. Which security policy is blocking the YouTube application?

  1. intrazone-default
  2. Deny Google
  3. allowed-security services
  4. interzone-default

Answer(s): D



Choose the option that correctly completes this statement. A Security Profile can block or allow traffic ____________.

  1. on either the data place or the management plane.
  2. after it is matched by a security policy rule that allows traffic.
  3. before it is matched to a Security policy rule.
  4. after it is matched by a security policy rule that allows or blocks traffic.

Answer(s): D


Reference:

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/security-policy.html



Viewing Page 3 of 79



Share your comments for Palo Alto Networks PCNSA exam with other users:

Abdullah 9/29/2023 2:06:00 AM

good morning
Anonymous


ethiopia 8/2/2023 2:18:00 AM

seems good..
ETHIOPIA


A\MAM 6/27/2023 5:17:00 PM

q-6 ans-b correct. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-cli-quick-start/use-the-cli/commit-configuration-changes
UNITED STATES