Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
MuleSoft
Okta
Oracle
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Palo Alto Networks
  3. PCNSA

Palo Alto Networks PCNSA Exam (page: 5)
Palo Alto Networks Certified Network Security Administrator
Updated on: 01-Sep-2025

Viewing Page 5 of 79
PCNSA PDF 420 Questions

Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping.
What is the quickest way to reset the hit counter to zero in all the security policy rules?

  1. At the CLI enter the command reset rules and press Enter
  2. Highlight a rule and use the Reset Rule Hit Counter > Selected Rules for each rule
  3. Reboot the firewall
  4. Use the Reset Rule Hit Counter > All Rules option

Answer(s): D


Reference:

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/policies/policies-security/creating-and-managing-policies



Which two App-ID applications will you need to allow in your Security policy to use facebook-chat? (Choose two.)

  1. facebook
  2. facebook-chat
  3. facebook-base
  4. facebook-email

Answer(s): B,C


Reference:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV0CAK



Which User-ID agent would be appropriate in a network with multiple WAN links, limited network bandwidth, and limited firewall management plane resources?

  1. Windows-based agent deployed on the internal network
  2. PAN-OS integrated agent deployed on the internal network
  3. Citrix terminal server deployed on the internal network
  4. Windows-based agent deployed on each of the WAN Links

Answer(s): A



Your company requires positive username attribution of every IP address used by wireless devices to support a new compliance requirement. You must collect IP
`"to-user mappings as soon as possible with minimal downtime and minimal configuration changes to the wireless devices themselves. The wireless devices are from various manufactures.
Given the scenario, choose the option for sending IP-to-user mappings to the NGFW.

  1. syslog
  2. RADIUS
  3. UID redistribution
  4. XFF headers

Answer(s): A



An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command- and-control (C2) server.
Which two security profile components will detect and prevent this threat after the firewall's signature database has been updated? (Choose two.)

  1. vulnerability protection profile applied to outbound security policies
  2. anti-spyware profile applied to outbound security policies
  3. antivirus profile applied to outbound security policies
  4. URL filtering profile applied to outbound security policies

Answer(s): B,C


Reference:

https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/policy/create-best-practice-security-profiles



Viewing Page 5 of 79



Share your comments for Palo Alto Networks PCNSA exam with other users:

Abdullah 9/29/2023 2:06:00 AM

good morning
Anonymous


ethiopia 8/2/2023 2:18:00 AM

seems good..
ETHIOPIA


A\MAM 6/27/2023 5:17:00 PM

q-6 ans-b correct. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-cli-quick-start/use-the-cli/commit-configuration-changes
UNITED STATES