Prepare Top Palo Alto Networks PCNSA Exam Study Guide Practice Questions Edition
Go to PCNSA Questions - Try PCNSA dumps pdf
The PCNSA certification exam covers a range of topics related to Palo Alto Networks next-generation firewalls, including firewall configuration, network security management, and troubleshooting. PCNSA exam is designed to test the candidate's understanding of core concepts, best practices, and techniques used to secure a network with Palo Alto Networks firewalls. PCNSA exam consists of 60 multiple-choice questions and is timed at 90 minutes. Passing the PCNSA certification exam requires a score of 70% or higher. Achieving this certification demonstrates a high level of expertise in network security administration using Palo Alto Networks firewalls.
NEW QUESTION # 191
View the diagram.
What is the most restrictive yet fully functional rule to allow general Internet and SSH traffic into both the DMZ and Untrust/lnternet zones from each of the lOT/Guest and Trust Zones?
- A.
- B.
- C.
- D.
Answer: C
NEW QUESTION # 192
What do dynamic user groups you to do?
- A. create a dynamic list of firewall administrators
- B. create a QoS policy that provides auto-remediation for anomalous user behavior and malicious activity
- C. create a policy that provides auto-sizing for anomalous user behavior and malicious activity
- D. create a policy that provides auto-remediation for anomalous user behavior and malicious activity
Answer: D
Explanation:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-new-features/user-id-features/dynamic-user-groups#:~:text=Dynamic%20user%20groups%20help%20you,activity%20while%20maintaining%20user%20visibility.
NEW QUESTION # 193
Application groups enable access to what?
- A. Applications that are not explicitly unsanctioned and that an administrator wants users to be able to access
- B. Applications that are explicitly unsanctioned for use within a company
- C. Applications that are not explicitly sanctioned and that an administrator wants users to be able to access
- D. Applications that are explicitly sanctioned for use within a company
Answer: D
Explanation:
An application group is an object that contains applications that you want to treat similarly in policy. Application groups are useful for enabling access to applications that you explicitly sanction for use within your organization.
https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/app-id/use-application-objects-in- policy/create-an-application-group
NEW QUESTION # 194
Match the cyber-attack lifecycle stage to its correct description.
Answer:
Explanation:
NEW QUESTION # 195
To enable DNS sinkholing, which two addresses should be reserved? (Choose two.)
- A. IPv4
- B. Email
- C. IPv6
- D. MAC
Answer: A,C
Explanation:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGECA0
NEW QUESTION # 196
Which action related to App-ID updates will enable a security administrator to view the existing security policy rule that matches new application signatures?
- A. Review Apps
- B. Review Policies
- C. Review App Matches
- D. Pre-analyze
Answer: B
NEW QUESTION # 197
An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command-and-control (C2) server. Which two security profile components will detect and prevent this threat after the firewall's signature database has been updated?
(Choose two.)
- A. vulnerability protection profile applied to outbound security policies
- B. anti-spyware profile applied to outbound security policies
- C. URL filtering profile applied to outbound security policies
- D. antivirus profile applied to outbound security policies
Answer: B,C
Explanation:
Explanation/Reference: https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/policy/create-best-practice-security- profiles
NEW QUESTION # 198
Which action results in the firewall blocking network traffic without notifying the sender?
- A. Reset Client
- B. No notification
- C. Drop
- D. Deny
Answer: C
NEW QUESTION # 199
Based on the graphic, what is the purpose of the SSL/TLS Service profile configuration option?
- A. It defines the firewall's global SSL/TLS timeout values.
- B. It defines the CA certificate used to verify the client's browser.
- C. It defines the SSUTLS encryption strength used to protect the management interface.
- D. It defines the certificate to send to the client's browser from the management interface.
Answer: D
NEW QUESTION # 200
Given the image, which two options are true about the Security policy rules. (Choose two.)
- A. In the Allow FTP to web server rule, FTP is allowed using App-ID
- B. The Allow Office Programs rule is using an Application Filter
- C. The Allow Office Programs rule is using an Application Group
- D. In the Allow Social Networking rule, allows all of Facebook's functions
Answer: A,C
Explanation:
Explanation
NEW QUESTION # 201
Which two features can be used to tag a user name so that it is included in a dynamic user group? (Choose two)
- A. XML API
- B. log forwarding auto-tagging
- C. GlobalProtect agent
- D. User-ID Windows-based agent
Answer: A,D
NEW QUESTION # 202
Access to which feature requires the PAN-OS Filtering license?
- A. PAN-DB database
- B. URL external dynamic lists
- C. DNS Security
- D. Custom URL categories
Answer: A
NEW QUESTION # 203
Refer to the exhibit. A web server in the DMZ is being mapped to a public address through DNAT.
Which Security policy rule will allow traffic to flow to the web server?
- A. Untrust (any) to DMZ (10.1.1.100), web browsing -Allow
- B. Untrust (any) to Untrust (10.1.1.100), web browsing -Allow
- C. Untrust (any) to Untrust (1.1.1.100), web browsing -Allow
- D. Untrust (any) to DMZ (1.1.1.100), web browsing -Allow
Answer: D
Explanation:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/networking/nat/nat-configuration- examples/destination-nat-exampleone-to-one-mapping
NEW QUESTION # 204
Which two configuration settings shown are not the default? (Choose two.)
- A. Server Log Monitor Frequency (sec)
- B. Enable Session
- C. Enable Security Log
- D. Enable Probing
Answer: A,B
NEW QUESTION # 205
Access to which feature requires PAN-OS Filtering licens?
- A. PAN-DB database
- B. URL external dynamic lists
- C. DNS Security
- D. Custom URL categories
Answer: A
NEW QUESTION # 206
All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone. Complete the two empty fields in the Security Policy rules that permits only this type of access.
Choose two.
- A. Application = "Telnet"
- B. Service = "any"
- C. Service - "application-default"
- D. Application = "any"
Answer: A,C
NEW QUESTION # 207
Which two configuration settings shown are not the default? (Choose two.)
- A. Server Log Monitor Frequency (sec)
- B. Enable Session
- C. Enable Security Log
- D. Enable Probing
Answer: A,B
Explanation:
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-web-interface-help/user-identification/device-user-identification-user-mapping/enable-server-monitoring
NEW QUESTION # 208
An administrator needs to allow users to use only certain email applications.
How should the administrator configure the firewall to restrict users to specific email applications?
- A. Create an application filter and filter it on the collaboration category, email subcategory.
- B. Create an application group and add the email applications to it.
- C. Create an application filter and filter it on the collaboration category.
- D. Create an application group and add the email category to it.
Answer: B
Explanation:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/app-id/use-application-objects-in- policy/create-an-application-group
NEW QUESTION # 209
......
Free Paloalto Network Security Administrator PCNSA Exam Question: https://www.actualcollection.com/PCNSA-exam-questions.html
Dumps Practice Exam Questions Study Guide for the PCNSA Exam: https://drive.google.com/open?id=1ivT4w0_RQD3LvM7KUlMRGBAx5J_yQPQl