PCNSA · topic practice

Core Concepts practice questions

Practise Palo Alto Networks Certified Network Security Administrator PCNSA Core Concepts practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Core Concepts

What the exam tests

What to know about Core Concepts

Core Concepts questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Core Concepts exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Core Concepts questions

20 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Read the full Core Concepts explanation →

A network administrator notices that traffic from the internal network to a specific external server is being blocked unexpectedly. The firewall policy allows any-to-any outbound traffic. The administrator checks the Unified Policy and sees a Security policy rule that permits the traffic, but the traffic is still blocked. What is the most likely cause?

Question 2hardmultiple choice
Review the full routing breakdown →

An organization is deploying a Palo Alto Networks firewall in a data center with multiple virtual routers. The network team wants to ensure that traffic between two different virtual routers can be inspected by the firewall. Which configuration is required?

Question 3easymultiple choice
Read the full Core Concepts explanation →

A security administrator wants to block users from accessing social media websites during business hours. The firewall is connected to the internet and has a Security policy that allows general web browsing. What is the most efficient way to block social media?

Question 4mediummultiple choice
Read the full Core Concepts explanation →

Refer to the exhibit. A firewall administrator is troubleshooting a performance issue. The number of half-open TCP connections is unusually high. What is a likely cause?

Exhibit

Refer to the exhibit.

admin@PA-500> show counter global | match tcp

tcp-conn-init           1500
tcp-conn-established    1200
tcp-conn-closed         1400
tcp-conn-failed         200
tcp-conn-reset          100
tcp-conn-half-open      50
tcp-conn-timeout        30

A security engineer is configuring a Palo Alto Networks firewall to protect a web server. The engineer wants to ensure that only HTTP and HTTPS traffic is allowed to the server, and that the traffic is inspected for threats. Which TWO actions should the engineer take?

A network administrator is configuring a new Palo Alto Networks firewall for the first time. Which THREE initial configuration steps are required to allow basic outbound internet access from the internal network?

Question 7hardmultiple choice
Review the full OSPF breakdown →

Your organization has deployed a Palo Alto Networks PA-5250 firewall in a high-availability active/passive configuration. The firewall is connected to two ISPs for redundancy. The internal network uses OSPF with the firewall as an ASBR redistributing a default route. Recently, users reported intermittent connectivity to external resources. During troubleshooting, you notice that the active firewall's management interface has high CPU usage, and the show session all command displays many sessions in the 'active' state but with minimal data transfer. The passive firewall shows no such issues. The OSPF neighbor relationships are stable. What is the most likely cause of the intermittent connectivity?

Question 8mediummultiple choice
Review the full routing breakdown →

Refer to the exhibit. A firewall has learned three routes for the 10.0.1.0/24 network. Which route will be used for forwarding traffic destined to 10.0.1.1?

Exhibit

Refer to the exhibit.

show routing route 10.0.1.0/24

vr: default
10.0.1.0/24
  via 10.0.0.2, interface ethernet1/3, metric 10, preference 10, route-type static
  via 10.0.0.3, interface ethernet1/4, metric 20, preference 10, route-type static
  via 10.0.0.4, interface ethernet1/5, metric 10, preference 30, route-type ospf

Which THREE actions can a Security policy rule perform on traffic?

Question 10hardmultiple choice
Read the full VPN explanation →

A security administrator is troubleshooting a site-to-site IPsec VPN between two Palo Alto Networks firewalls. The Phase 1 proposal includes AES-256, SHA-256, and DH Group 14 with a lifetime of 28800 seconds. The Phase 2 proposal includes AES-256, SHA-256, and PFS with DH Group 14. The tunnel is established and traffic is flowing, but intermittently the tunnel drops and re-establishes. The logs show the following error: 'Phase 2 negotiation failed because no suitable proposal found.' Both firewalls have identical IKE gateway and IPsec crypto profile configurations. Which option is the most likely cause of this issue?

Question 11mediumdrag order
Read the full NAT/PAT explanation →

Drag and drop the steps to configure a NAT policy on a Palo Alto Networks firewall into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Match each log type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Records session information

Records blocked attacks

Records web browsing activity

Records files sent for analysis

Question 13mediummultiple choice
Review the full subnetting walkthrough →

A security administrator notices that traffic from a specific subnet is not being logged in the Traffic logs, although the traffic is allowed by a security policy rule. Which configuration setting should be verified?

Question 14easymultiple choice
Read the full Core Concepts explanation →

A company wants to ensure that all internet-bound HTTP traffic is decrypted for inspection before being forwarded to the next-generation firewall for policy enforcement. Which deployment method should be used?

Question 15hardmultiple choice
Read the full Core Concepts explanation →

An organization is experiencing high CPU utilization on the firewall dataplane, causing latency in packet processing. The administrator notices that a large number of small packets are being processed by a specific security rule that allows any service. What is the best first step to reduce CPU load without impacting legitimate traffic?

Question 16easymultiple choice
Read the full Core Concepts explanation →

A network administrator wants to allow FTP traffic from the internal network (zone: trust) to an external server (zone: untrust) while ensuring that the firewall can inspect the FTP control and data channels. Which security rule configuration is required?

Question 17mediummultiple choice
Read the full Core Concepts explanation →

An administrator configures a security policy rule to block traffic from IP address 10.1.1.1 to 10.2.2.2 on any service. However, traffic from 10.1.1.1 to 10.2.2.2 is still passing through the firewall. After checking all rules, what is the most likely cause?

Question 18hardmultiple choice
Read the full NAT/PAT explanation →

A firewall administrator is troubleshooting a scenario where outbound HTTPS traffic to a specific website is being blocked. The security rule allows application 'ssl' and service 'application-default'. The URL Filtering profile blocks the category 'hacking'. The administrator confirms the destination URL falls under 'hacking' category. Which action should be taken to allow the traffic while maintaining security?

Question 19easymultiple choice
Read the full Core Concepts explanation →

Which of the following is a best practice when configuring an HA (High Availability) pair of Palo Alto Networks firewalls?

Question 20mediummultiple choice
Read the full Core Concepts explanation →

An administrator needs to create a rule that allows internal users to access a public web server hosted in the DMZ. The firewall is in layer 3 mode. Which rule configuration is correct for this scenario?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Core Concepts sessions

Start a Core Concepts only practice session

Every question in these sessions is drawn from the Core Concepts domain — nothing else.

Related practice questions

Related PCNSA topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the PCNSA exam test about Core Concepts?
Core Concepts questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Core Concepts questions in a focused session?
Yes — the session launcher on this page draws every question from the Core Concepts domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other PCNSA topics?
Use the topic links above to move to related areas, or go back to the PCNSA question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the PCNSA exam covers. They are not copied from any real exam or dump site.