[Apr 30, 2024] PCNSA PDF Dumps is essential on your PCNSA Exam Questions Certain Success!
PCNSA PDF Questions - Perfect Prospect To Go With PCNSA Practice Exam
Palo Alto Networks PCNSA Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
NEW QUESTION # 157
An administrator is configuring a NAT rule
At a minimum, which three forms of information are required? (Choose three.)
- A. destination address
- B. destination interface
- C. name
- D. source zone
- E. destination zone
Answer: A,D,E
NEW QUESTION # 158
During the packet flow process, which two processes are performed in application identification?
(Choose two.)
- A. session application identified
- B. application override policy match
- C. pattern based application identification
- D. application changed from content inspection
Answer: B,C
Explanation:
http://live.paloaltonetworks.com//t5/image/serverpage/image-id/12862i950F549C7D4E6309
NEW QUESTION # 159
By default, which action is assigned to the intrazone-default rule?
- A. Reset-client
- B. Allow
- C. Reset-server
- D. Deny
Answer: B
NEW QUESTION # 160
Which type of security rule will match traffic between the Inside zone and Outside zone, within the Inside zone, and within the Outside zone?
- A. interzone
- B. universal
- C. intrazone
- D. global
Answer: B
Explanation:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClomCAC
NEW QUESTION # 161
You receive notification about a new malware that infects hosts. An infection results in the infected host attempting to contact a command-and-control server.
Which Security Profile when applied to outbound Security policy rules detects and prevents this threat from establishing a command-and-control connection?
- A. Vulnerability Protection Profile
- B. Data Filtering Profile
- C. Antivirus Profile
- D. Anti-Spyware Profile
Answer: D
Explanation:
Anti-Spyware Security Profiles block spyware on compromised hosts from trying to communicate with external command-and-control (C2) servers, thus enabling you to detect malicious traffic leaving the network from infected clients.
NEW QUESTION # 162
When HTTPS for management and GlobalProtect are enabled on the same interface, which TCP port is used for management access?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: D
Explanation:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm8SCAS#:~:text=Details,using%20https%20on%20port%204443
NEW QUESTION # 163
An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?
- A. Create an Application Filter and name it Office Programs, the filter it on the business-systems category, office-programs subcategory
- B. Create an Application Group and add business-systems to it
- C. Create an Application Group and add Office 365, Evernote, Google Docs, and Libre Office
- D. Create an Application Filter and name it Office Programs, then filter it on the business-systems category
Answer: B
NEW QUESTION # 164
In the example security policy shown, which two websites fcked? (Choose two.)
- A. LinkedIn
- B. Amazon
- C. Facebook
- D. YouTube
Answer: A,C
NEW QUESTION # 165
How many zones can an interface be assigned with a Palo Alto Networks firewall?
- A. four
- B. two
- C. one
- D. three
Answer: C
NEW QUESTION # 166
Which two rule types allow the administrator to modify the destination zone? (Choose two.)
- A. universal
- B. shadowed
- C. interzone
- D. intrazone
Answer: C
NEW QUESTION # 167
An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command-and-control (C2) server. Which two security profile components will detect and prevent this threat after the firewall's signature database has been updated? (Choose two.)
- A. anti-spyware profile applied to outbound security policies
- B. antivirus profile applied to outbound security policies
- C. URL filtering profile applied to outbound security policies
- D. vulnerability protection profile applied to outbound security policies
Answer: A,C
NEW QUESTION # 168
After making multiple changes to the candidate configuration of a firewall, the administrator would like to start over with a candidate configuration that matches the running configuration.
Which command in Device > Setup > Operations would provide the most operationally efficient way to accomplish this?
- A. Import named config snapshot
- B. Revert to last saved configuration
- C. Revert to running configuration
- D. Load named configuration snapshot
Answer: D
NEW QUESTION # 169
In the example security policy shown, which two websites would be blocked? (Choose two.)
- A. LinkedIn
- B. Amazon
- C. Facebook
- D. YouTube
Answer: A,C
NEW QUESTION # 170
Match each feature to the DoS Protection Policy or the DoS Protection Profile.
Answer:
Explanation:
NEW QUESTION # 171
Drag and Drop Question
Match the Cyber-Attack Lifecycle stage to its correct description.
Answer:
Explanation:
NEW QUESTION # 172
An administrator wishes to follow best practices for logging traffic that traverses the firewall Which log setting is correct?
- A. Disable all logging
- B. Enable Log at both Session Start and End
- C. Enable Log at Session Start
- D. Enable Log at Session End
Answer: D
Explanation:
Explanation
Explanation/Reference:
Reference:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clt5CAC
NEW QUESTION # 173
Choose the option that correctly completes this statement. A Security Profile can block or allow traffic ____________.
- A. after it is matched by a security policy rule that allows or blocks traffic.
- B. on either the data place or the management plane.
- C. before it is matched to a Security policy rule.
- D. after it is matched by a security policy rule that allows traffic.
Answer: D
Explanation:
Explanation/Reference:
Reference:
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/security-policy.html After a packet has been allowed by the Security policy, Security Profiles are used to scan packets for threats, vulnerabilities, viruses, spyware, malicious URLs, data exfiltration, and exploitation software.
NEW QUESTION # 174
All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone. Complete the two empty fields in the Security Policy rules that permits only this type of access.
Choose two.
- A. Application = "Telnet"
- B. Service - "application-default"
- C. Application = "any"
- D. Service = "any"
Answer: A,B
NEW QUESTION # 175
An administrator wants to prevent hacking attacks through DNS queries to malicious domains.
Which two DNS policy actions can the administrator choose in the Anti-Spyware Security Profile?
(Choose two.)
- A. block
- B. override
- C. sinkhole
- D. deny
Answer: A,C
NEW QUESTION # 176
An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?
- A. perimeter traffic
- B. north-south traffic
- C. branch office traffic
- D. east-west traffic
Answer: D
NEW QUESTION # 177
An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?
- A. Create an Application Filter and name it Office Programs, the filter it on the business-systems category, office-programs subcategory
- B. Create an Application Group and add business-systems to it
- C. Create an Application Group and add Office 365, Evernote, Google Docs, and Libre Office
- D. Create an Application Filter and name it Office Programs, then filter it on the business-systems category
Answer: A
Explanation:
An application filter is an object that dynamically groups applications based on application attributes that you define, including category, subcategory, technology, risk factor, and characteristic. This is useful when you want to safely enable access to applications that you do not explicitly sanction, but that you want users to be able to access. For example, you may want to enable employees to choose their own office programs (such as Evernote, Google Docs, or Microsoft Office 365) for business use. To safely enable these types of applications, you could create an application filter that matches on the Category business-systems and the Subcategory office-programs. As new applications office programs emerge and new App-IDs get created, these new applications will automatically match the filter you defined; you will not have to make any additional changes to your policy rulebase to safely enable any application that matches the attributes you defined for the filter.
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/use-application-objects-in
-policy/create-an-application-filter.html
NEW QUESTION # 178
An administrator is troubleshooting traffic that should match the interzone-default rule. However, the administrator doesn't see this traffic in the traffic logs on the firewall. The interzone-default was never changed from its default configuration.
Why doesn't the administrator see the traffic?
- A. The Log Forwarding profile is not configured on the policy.
- B. Traffic is being denied on the interzone-default policy.
- C. Logging on the interzone-default policy is disabled
- D. The interzone-default policy is disabled by default
Answer: D
NEW QUESTION # 179
Based on the screenshot, what is the purpose of the group in User labelled "it"?
- A. Allow users in group "DMZ" to access IT applications.
- B. Allow users in group "it" to access IT applications.
- C. Allows users to access IT applications on all ports.
- D. Allows "any" users to access servers in the DMZ zone.
Answer: B
NEW QUESTION # 180
Order the steps needed to create a new security zone with a Palo Alto Networks firewall.
Answer:
Explanation:
Explanation
Step 1 - Select network tab
Step 2 - Select zones from the list of available items
Step 3 - Select Add
Step 4 - Specify Zone Name
Step 5 - Specify Zone Type
Step 6 - Assign interfaces as needed
NEW QUESTION # 181
Which two actions are needed for an administrator to get real-time WildFire signatures? (Choose two.)
- A. Obtain a WildFire subscription.
- B. Obtain a Threat Prevention subscription.
- C. Move within the WildFire public cloud region.
- D. Enable Dynamic Updates.
Answer: A,D
Explanation:
https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-whats-new/wildfire-features-in-panos-100/wildfire-real-time-signature-updates
NEW QUESTION # 182
......
The PCNSA exam covers a range of topics related to network security, including firewall configuration, network address translation (NAT), virtual private networks (VPNs), and user identification. PCNSA exam is designed to test the candidate's knowledge of Palo Alto Networks firewalls and their ability to configure and manage these devices effectively. PCNSA exam is also designed to test the candidate's ability to troubleshoot common network security issues.
The PCNSA certification exam is a comprehensive exam that consists of multiple-choice questions. PCNSA exam is administered through Pearson VUE, a leading provider of certification exams. PCNSA exam is timed and candidates have a total of 90 minutes to complete it. The passing score for the exam is 70%, and candidates who successfully pass the exam will receive the PCNSA certification.
PCNSA Exam with Accurate Palo Alto Networks Certified Network Security Administrator PDF Questions: https://www.actualcollection.com/PCNSA-exam-questions.html
True Palo Alto Networks Exam Extraordinary Practice For the PCNSA Exam: https://drive.google.com/open?id=1ivT4w0_RQD3LvM7KUlMRGBAx5J_yQPQl