Palo Alto Networks PCNSA Practice Exams
Last updated on Apr 14,2025- Exam Code: PCNSA
- Exam Name: Palo Alto Networks Certified Network Security Administrator
- Certification Provider: Palo Alto Networks
- Latest update: Apr 14,2025
To use Active Directory to authenticate administrators, which server profile is required in the authentication profile?
- A . domain controller
- B . TACACS+
- C . LDAP
- D . RADIUS
An administrator is creating a Security policy rule and sees that the destination zone is grayed out.
While creating the rule, which option was selected to cause this?
- A . Interzone
- B . Source zone
- C . Universal (default)
- D . Intrazone
Which path in PAN-OS 10.2 is used to schedule a content update to managed devices using Panorama?
- A . Panorama > Device Deployment > Dynamic Updates > Schedules > Add
- B . Panorama > Device Deployment > Content Updates > Schedules > Add
- C . Panorama > Dynamic Updates > Device Deployment > Schedules > Add
- D . Panorama > Content Updates > Device Deployment > Schedules > Add
An administrator configured a Security policy rule with an Antivirus Security profile. The administrator did not change the action for the profile.
If a virus gets detected, how will the firewall handle the traffic?
- A . It allows the traffic but generates an entry in the Threat logs.
- B . It drops the traffic because the profile was not set to explicitly allow the traffic.
- C . It allows the traffic because the profile was not set the explicitly deny the traffic.
- D . It uses the default action assigned to the virus signature.
An administrator is trying to implement an exception to an external dynamic list manually. Some entries are shown underlined in red.
What would cause this error?
- A . Entries contain symbols.
- B . Entries are wildcards.
- C . Entries contain regular expressions.
- D . Entries are duplicated.
Which two configuration settings shown are not the default? (Choose two.)
- A . Enable Security Log
- B . Server Log Monitor Frequency (sec)
- C . Enable Session
- D . Enable Probing
Which two configuration settings shown are not the default? (Choose two.)
- A . Enable Security Log
- B . Server Log Monitor Frequency (sec)
- C . Enable Session
- D . Enable Probing
Which two matching criteria are used when creating a Security policy involving NAT? (Choose two.)
- A . Pre-NAT address
- B . Post-NAT address
- C . Pre-NAT zone
- D . Post-NAT zone
Palo Alto Networks firewall architecture accelerates content inspection performance while minimizing latency using which two components? (Choose two.)
- A . Network Processing Engine
- B . Policy Engine
- C . Parallel Processing Hardware
- D . Single Stream-based Engine
Based on the screenshot, what is the purpose of the group in User labelled "it"?
- A . Allows "any" users to access servers in the DMZ zone.
- B . Allows users to access IT applications on all ports.
- C . Allow users in group "it" to access IT applications.
- D . Allow users in group "DMZ" to access IT applications.