PCNSA Exam Dumps - Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)

Reset-server

Block

Deny

Drop

every 30 minutes

every 5 minutes

once every 24 hours

every 1 minute

URL Filtering Profile

Anti-Spyware Profile

Zone Protection Profile

Antivirus Profile

by minute

hourly

daily

weekly

syslog

RADIUS

UID redistribution

XFF headers

Palo Alto Networks C&C IP Addresses

Palo Alto Networks Bulletproof IP Addresses

Palo Alto Networks High-Risk IP Addresses

Palo Alto Networks Known Malicious IP Addresses

Add zones attached to interfaces to the virtual router

Add interfaces to the virtual router

Enable the redistribution profile to redistribute connected routes

Add a static routes to route between the two interfaces

system log

test command

threat log

config audit

Configure an authentication policy

Configure an authentication sequence

Configure an authentication profile

Isolate the management interface on a dedicated management VLAN

SAML

TACACS+

LDAP

Kerberos

Disable the automatic commit feature that prioritizes content database installations before committing

Validate configuration changes prior to committing

Wait until all running and pending jobs are finished before committing

Export configuration after each single configuration change performed

antivirus

DDoS protection

threat

vulnerability

verify that policy rules from Expedition are valid

confirm that rules meet or exceed the Best Practice Assessment recommendations

confirm that policy rules in the configuration are allowing/denying the correct traffic

ensure that policy rules are not shadowing other policy rules

Panorama automatically removes local configuration locks after a commit from Panorama

Local configuration locks prohibit Security policy changes for a Panorama managed device

Security policy rules configured on local firewalls always take precedence

Local configuration locks can be manually unlocked from Panorama

streaming-media

high-risk

recreation-and-hobbies

known-risk

New Spyware Notifications

New URLs

New Application Signatures

New Malicious Domains

New Antivirus Signatures

Root

Dynamic

Role-based

Superuser

enabling the Content-ID filter

administrative management services

restricting HTTP and telnet using App-ID

permitted IP addresses

HIP profile

application filter

application group

Vulnerability Protection profile

after the application has been identified

after the SSL Proxy re-encrypts the packet

before the packet forwarding process

before session lookup

override

allow

block

continue

reduce load on the management plane by highlighting combinable security rules

migrate other firewall vendors’ security rules to Palo Alto Networks configuration

eliminate “Log at Session Start” security rules

convert port-based security rules to application-based security rules

create the service object in the specific template

uncheck the shared option

ensure that disable override is selected

ensure that disable override is cleared

NAT policy with source zone and destination zone specified

post-NAT policy with external source and any destination address

NAT policy with no source of destination zone selected

pre-NAT policy with external source and any destination address

Windows session monitoring via a domain controller

passive server monitoring using the Windows-based agent

Captive Portal

passive server monitoring using a PAN-OS integrated User-ID agent

select a security policy rule, right click Hit Count > Reset

with a dataplane reboot

Device > Setup > Logging and Reporting Settings > Reset Hit Count

in the CLI, type command reset hitcount

on the App Dependency tab in the Commit Status window

on the Policy Optimizer's Rule Usage page

C on the Application tab in the Security Policy Rule creation window

on the Objects > Applications browser pages