Black Friday Special - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dm70dm

PCNSA Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0) Questions and Answers

Questions 4

What is the correct process tor creating a custom URL category?

Options:

A.

Objects > Security Profiles > URL Category > Add

B.

Objects > Custom Objects > URL Filtering > Add

C.

Objects > Security Profiles > URL Filtering > Add

D.

Objects > Custom Objects > URL Category > Add

Buy Now
Questions 5

PCNSA Question 5

Given the detailed log information above, what was the result of the firewall traffic inspection?

Options:

A.

It was blocked by the Anti-Virus Security profile action.

B.

It was blocked by the Anti-Spyware Profile action.

C.

It was blocked by the Vulnerability Protection profile action.

D.

It was blocked by the Security policy action.

Buy Now
Questions 6

What are two valid selections within an Anti-Spyware profile? (Choose two.)

Options:

A.

Default

B.

Deny

C.

Random early drop

D.

Drop

Buy Now
Questions 7

Which two features can be used to tag a user name so that it is included in a dynamic user group? (Choose two)

Options:

A.

XML API

B.

log forwarding auto-tagging

C.

GlobalProtect agent

D.

User-ID Windows-based agent

Buy Now
Questions 8

What allows a security administrator to preview the Security policy rules that match new application signatures?

Options:

A.

Review Release Notes

B.

Dynamic Updates-Review Policies

C.

Dynamic Updates-Review App

D.

Policy Optimizer-New App Viewer

Buy Now
Questions 9

Match each rule type with its example

PCNSA Question 9

Options:

Buy Now
Questions 10

Which interface type is used to monitor traffic and cannot be used to perform traffic shaping?

Options:

A.

Layer 2

B.

Tap

C.

Layer 3

D.

Virtual Wire

Buy Now
Questions 11

An administrator is troubleshooting traffic that should match the interzone-default rule. However, the administrator doesn't see this traffic in the traffic logs on the firewall. The interzone-default was never changed from its default configuration.

Why doesn't the administrator see the traffic?

Options:

A.

Traffic is being denied on the interzone-default policy.

B.

The Log Forwarding profile is not configured on the policy.

C.

The interzone-default policy is disabled by default

D.

Logging on the interzone-default policy is disabled

Buy Now
Questions 12

Based on the screenshot what is the purpose of the included groups?

PCNSA Question 12

Options:

A.

They are only groups visible based on the firewall's credentials.

B.

They are used to map usernames to group names.

C.

They contain only the users you allow to manage the firewall.

D.

They are groups that are imported from RADIUS authentication servers.

Buy Now
Questions 13

An organization has some applications that are restricted for access by the Human Resources Department only, and other applications that are available for any known user in the organization.

What object is best suited for this configuration?

Options:

A.

Application Group

B.

Tag

C.

External Dynamic List

D.

Application Filter

Buy Now
Questions 14

Which two settings allow you to restrict access to the management interface? (Choose two )

Options:

A.

enabling the Content-ID filter

B.

administrative management services

C.

restricting HTTP and telnet using App-ID

D.

permitted IP addresses

Buy Now
Questions 15

What can be used as match criteria for creating a dynamic address group?

Options:

A.

Usernames

B.

IP addresses

C.

Tags

D.

MAC addresses

Buy Now
Questions 16

Which feature would be useful for preventing traffic from hosting providers that place few restrictions on content, whose services are frequently used by attackers to distribute illegal or unethical material?

Options:

A.

Palo Alto Networks Bulletproof IP Addresses

B.

Palo Alto Networks C&C IP Addresses

C.

Palo Alto Networks Known Malicious IP Addresses

D.

Palo Alto Networks High-Risk IP Addresses

Buy Now
Questions 17

Based on the screenshot presented which column contains the link that when clicked opens a window to display all applications matched to the policy rule?

PCNSA Question 17

Options:

A.

Apps Allowed

B.

Name

C.

Apps Seen

D.

Service

Buy Now
Questions 18

How many zones can an interface be assigned with a Palo Alto Networks firewall?

Options:

A.

two

B.

three

C.

four

D.

one

Buy Now
Questions 19

Which interface type can use virtual routers and routing protocols?

Options:

A.

Tap

B.

Layer3

C.

Virtual Wire

D.

Layer2

Buy Now
Questions 20

Place the following steps in the packet processing order of operations from first to last.

PCNSA Question 20

Options:

Buy Now
Questions 21

Which three statement describe the operation of Security Policy rules or Security Profiles? (Choose three)

Options:

A.

Security policy rules inspect but do not block traffic.

B.

Security Profile should be used only on allowed traffic.

C.

Security Profile are attached to security policy rules.

D.

Security Policy rules are attached to Security Profiles.

E.

Security Policy rules can block or allow traffic.

Buy Now
Questions 22

A systems administrator momentarily loses track of which is the test environment firewall and which is the production firewall. The administrator makes changes to the candidate configuration of the production firewall, but does not commit the changes. In addition, the configuration was not saved prior to

making the changes.

Which action will allow the administrator to undo the changes?

Options:

A.

Load configuration version, and choose the first item on the list.

B.

Load named configuration snapshot, and choose the first item on the list.

C.

Revert to last saved configuration.

D.

Revert to running configuration.

Buy Now
Questions 23

Which type of profile must be applied to the Security policy rule to protect against buffer overflows illegal code execution and other attempts to exploit system flaws?

Options:

A.

anti-spyware

B.

URL filtering

C.

vulnerability protection

D.

file blocking

Buy Now
Questions 24

Which type of security rule will match traffic between the Inside zone and Outside zone, within the Inside zone, and within the Outside zone?

Options:

A.

global

B.

intrazone

C.

interzone

D.

universal

Buy Now
Questions 25

Which profile should be used to obtain a verdict regarding analyzed files?

Options:

A.

WildFire analysis

B.

Vulnerability profile

C.

Content-ID

D.

Advanced threat prevention

Buy Now
Questions 26

Which three types of authentication services can be used to authenticate user traffic flowing through the firewalls data plane? (Choose three )

Options:

A.

TACACS

B.

SAML2

C.

SAML10

D.

Kerberos

E.

TACACS+

Buy Now
Questions 27

An address object of type IP Wildcard Mask can be referenced in which part of the configuration?

Options:

A.

Security policy rule

B.

ACC global filter

C.

external dynamic list

D.

NAT address pool

Buy Now
Questions 28

According to the best practices for mission critical devices, what is the recommended interval for antivirus updates?

Options:

A.

by minute

B.

hourly

C.

daily

D.

weekly

Buy Now
Questions 29

Which five Zero Trust concepts does a Palo Alto Networks firewall apply to achieve an integrated approach to prevent threats? (Choose five.)

Options:

A.

User identification

B.

Filtration protection

C.

Vulnerability protection

D.

Antivirus

E.

Application identification

F.

Anti-spyware

Buy Now
Questions 30

Which two types of profiles are needed to create an authentication sequence? (Choose two.)

Options:

A.

Server profile

B.

Authentication profile

C.

Security profile

D.

Interface Management profile

Buy Now
Questions 31

Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping.

What is the quickest way to reset the hit counter to zero in all the security policy rules?

Options:

A.

At the CLI enter the command reset rules and press Enter

B.

Highlight a rule and use the Reset Rule Hit Counter > Selected Rules for each rule

C.

Reboot the firewall

D.

Use the Reset Rule Hit Counter > All Rules option

Buy Now
Questions 32

Match each feature to the DoS Protection Policy or the DoS Protection Profile.

PCNSA Question 32

Options:

Buy Now
Questions 33

What are three Palo Alto Networks best practices when implementing the DNS Security Service? (Choose three.)

Options:

A.

Implement a threat intel program.

B.

Configure a URL Filtering profile.

C.

Train your staff to be security aware.

D.

Rely on a DNS resolver.

E.

Plan for mobile-employee risk

Buy Now
Questions 34

Which administrator type provides more granular options to determine what the administrator can view and modify when creating an administrator account?

Options:

A.

Root

B.

Dynamic

C.

Role-based

D.

Superuser

Buy Now
Questions 35

Which statement is true regarding a Prevention Posture Assessment?

Options:

A.

The Security Policy Adoption Heatmap component filters the information by device groups, serial numbers, zones, areas of architecture, and other categories

B.

It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture

C.

It provides a percentage of adoption for each assessment area

D.

It performs over 200 security checks on Panorama/firewall for the assessment

Buy Now
Questions 36

What does an administrator use to validate whether a session is matching an expected NAT policy?

Options:

A.

system log

B.

test command

C.

threat log

D.

config audit

Buy Now
Questions 37

Arrange the correct order that the URL classifications are processed within the system.

PCNSA Question 37

Options:

Buy Now
Questions 38

How would a Security policy need to be written to allow outbound traffic using Secure Shell (SSH) to destination ports tcp/22 and tcp/4422?

Options:

A.

The admin creates a custom service object named "tcp-4422" with port tcp/4422.

The admin then creates a Security policy allowing application "ssh" and service "tcp-4422".

B.

The admin creates a custom service object named "tcp-4422" with port tcp/4422.

The admin then creates a Security policy allowing application "ssh", service "tcp-4422". and service "application-default".

C.

The admin creates a Security policy allowing application "ssh" and service "application-default".

D.

The admin creates a custom service object named "tcp-4422" with port tcp/4422.

The admin also creates a custom service object named "tcp-22" with port tcp/22.

The admin then creates a Security policy allowing application "ssh", service "tcp-4422". and service "tcp-22".

Buy Now
Questions 39

Review the Screenshot:

PCNSA Question 39

Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the

SERVER zone to the DMZ on SSH only.

Which rule group enables the required traffic?

A)

PCNSA Question 39

B)

PCNSA Question 39

C)

PCNSA Question 39

D)

PCNSA Question 39

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 40

During the packet flow process, which two processes are performed in application identification? (Choose two.)

Options:

A.

pattern based application identification

B.

application override policy match

C.

session application identified

D.

application changed from content inspection

Buy Now
Questions 41

Which tab would an administrator click to create an address object?

Options:

A.

Device

B.

Policies

C.

Monitor

D.

Objects

Buy Now
Questions 42

Which security policy rule would be needed to match traffic that passes between the Outside zone and Inside zone, but does not match traffic that passes within the zones?

Options:

A.

intrazone

B.

interzone

C.

universal

D.

global

Buy Now
Questions 43

A Security Profile can block or allow traffic at which point?

Options:

A.

after it is matched to a Security policy rule that allows traffic

B.

on either the data plane or the management plane

C.

after it is matched to a Security policy rule that allows or blocks traffic

D.

before it is matched to a Security policy rule

Buy Now
Questions 44

An administrator would like to silently drop traffic from the internet to a ftp server.

Which Security policy action should the administrator select?

Options:

A.

Reset-server

B.

Block

C.

Deny

D.

Drop

Buy Now
Questions 45

Which Palo Alto Networks firewall security platform provides network security for mobile endpoints by inspecting traffic deployed as internet gateways?

Options:

A.

GlobalProtect

B.

AutoFocus

C.

Aperture

D.

Panorama

Buy Now
Questions 46

In which three places on the PAN-OS interface can the application characteristics be found? (Choose three.)

Options:

A.

Objects tab > Application Filters

B.

Policies tab > Security

C.

ACC tab > Global Filters

D.

Objects tab > Application Groups

E.

Objects tab > Applications

Buy Now
Questions 47

Which order of steps is the correct way to create a static route?

Options:

A.

1) Enter the route and netmask

2) Enter the IP address for the specific next hop

3) Specify the outgoing interface for packets to use to go to the next hop

4) Add an IPv4 or IPv6 route by name

B.

1) Enter the route and netmask

2) Specify the outgoing interface for packets to use to go to the next hop

3) Enter the IP address for the specific next hop

4) Add an IPv4 or IPv6 route by name

C.

1) Enter the IP address for the specific next hop

2) Enter the route and netmask

3) Add an IPv4 or IPv6 route by name

4) Specify the outgoing interface for packets to use to go to the next hop

D.

1) Enter the IP address for the specific next hop

2) Add an IPv4 or IPv6 route by name

3) Enter the route and netmask

4) Specify the outgoing interface for packets to use to go to the next hop

Buy Now
Questions 48

Which plane on a Palo alto networks firewall provides configuration logging and reporting functions on a separate processor?

Options:

A.

data

B.

network processing

C.

management

D.

security processing

Buy Now
Questions 49

Which security profile should be used to classify malicious web content?

Options:

A.

URL Filtering

B.

Antivirus

C.

Web Content

D.

Vulnerability Protection

Buy Now
Questions 50

What are two differences between an implicit dependency and an explicit dependency in App-ID? (Choose two.)

Options:

A.

An implicit dependency does not require the dependent application to be added in the security policy

B.

An implicit dependency requires the dependent application to be added in the security policy

C.

An explicit dependency does not require the dependent application to be added in the security policy

D.

An explicit dependency requires the dependent application to be added in the security policy

Buy Now
Questions 51

What is a prerequisite before enabling an administrative account which relies on a local firewall user database?

Options:

A.

Configure an authentication policy

B.

Configure an authentication sequence

C.

Configure an authentication profile

D.

Isolate the management interface on a dedicated management VLAN

Buy Now
Questions 52

In the PAN-OS Web Interface, which is a session distribution method offered under NAT Translated Packet Tab to choose how the firewall assigns sessions?

Options:

A.

Destination IP Hash b

B.

Concurrent Sessions

C.

Max Sessions

D.

IP Modulo

Buy Now
Questions 53

For the firewall to use Active Directory to authenticate users, which Server Profile is required in the Authentication Profile?

Options:

A.

TACACS+

B.

RADIUS

C.

LDAP

D.

SAML

Buy Now
Questions 54

You receive notification about new malware that is being used to attack hosts The malware exploits a software bug in a common application

Which Security Profile detects and blocks access to this threat after you update the firewall's threat signature database?

Options:

A.

Data Filtering Profile applied to outbound Security policy rules

B.

Antivirus Profile applied to outbound Security policy rules

C.

Data Filtering Profile applied to inbound Security policy rules

D.

Vulnerability Profile applied to inbound Security policy rules

Buy Now
Questions 55

What two authentication methods on the Palo Alto Networks firewalls support authentication and authorization for role-based access control? (Choose two.)

Options:

A.

SAML

B.

TACACS+

C.

LDAP

D.

Kerberos

Buy Now
Questions 56

How frequently can wildfire updates be made available to firewalls?

Options:

A.

every 15 minutes

B.

every 30 minutes

C.

every 60 minutes

D.

every 5 minutes

Buy Now
Questions 57

Where does a user assign a tag group to a policy rule in the policy creation window?

Options:

A.

Application tab

B.

General tab

C.

Actions tab

D.

Usage tab

Buy Now
Questions 58

When is the content inspection performed in the packet flow process?

Options:

A.

after the application has been identified

B.

after the SSL Proxy re-encrypts the packet

C.

before the packet forwarding process

D.

before session lookup

Buy Now
Questions 59

A company moved its old port-based firewall to a new Palo Alto Networks NGFW 60 days ago. Which utility should the company use to identify out-of-date or unused rules on the firewall?

Options:

A.

Rule Usage Filter > No App Specified

B.

Rule Usage Filter >Hit Count > Unused in 30 days

C.

Rule Usage Filter > Unused Apps

D.

Rule Usage Filter > Hit Count > Unused in 90 days

Buy Now
Questions 60

Which two features implement one-to-one translation of a source IP address while allowing the source port to change? (Choose two.)

Options:

A.

Static IP

B.

Dynamic IP / Port Fallback

C.

Dynamic IP

D.

Dynamic IP and Port (DIPP)

Buy Now
Questions 61

Match the network device with the correct User-ID technology.

PCNSA Question 61

Options:

Buy Now
Questions 62

Access to which feature requires the PAN-OS Filtering license?

Options:

A.

PAN-DB database

B.

DNS Security

C.

Custom URL categories

D.

URL external dynamic lists

Buy Now
Questions 63

What must be considered with regards to content updates deployed from Panorama?

Options:

A.

Content update schedulers need to be configured separately per device group.

B.

Panorama can only install up to five content versions of the same type for potential rollback scenarios.

C.

A PAN-OS upgrade resets all scheduler configurations for content updates.

D.

Panorama can only download one content update at a time for content updates of the same type.

Buy Now
Questions 64

Which dynamic update type includes updated anti-spyware signatures?

Options:

A.

Applications and Threats

B.

GlobalProtect Data File

C.

Antivirus

D.

PAN-DB

Buy Now
Questions 65

An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command-and-control (C2) server. Which two security profile components will detect and prevent this threat after the firewall’s signature database has been updated? (Choose two.)

Options:

A.

vulnerability protection profile applied to outbound security policies

B.

anti-spyware profile applied to outbound security policies

C.

antivirus profile applied to outbound security policies

D.

URL filtering profile applied to outbound security policies

Buy Now
Questions 66

An administrator is investigating a log entry for a session that is allowed and has the end reason of aged-out. Which two fields could help in determining if this is normal? (Choose two.)

Options:

A.

Packets sent/received

B.

IP Protocol

C.

Action

D.

Decrypted

Buy Now
Questions 67

Users from the internal zone need to be allowed to Telnet into a server in the DMZ zone.

Complete the security policy to ensure only Telnet is allowed.

Security Policy: Source Zone: Internal to DMZ Zone __________services “Application defaults”, and action = Allow

Options:

A.

Destination IP: 192.168.1.123/24

B.

Application = ‘Telnet’

C.

Log Forwarding

D.

USER-ID = ‘Allow users in Trusted’

Buy Now
Questions 68

An administrator should filter NGFW traffic logs by which attribute column to determine if the entry is for the start or end of the session?

Options:

A.

Receive Time

B.

Type

C.

Destination

D.

Source

Buy Now
Questions 69

Assume that traffic matches a Security policy rule but the attached Security Profiles is configured to block matching traffic

Which statement accurately describes how the firewall will apply an action to matching traffic?

Options:

A.

If it is an allowed rule, then the Security Profile action is applied last

B.

If it is a block rule then the Security policy rule action is applied last

C.

If it is an allow rule then the Security policy rule is applied last

D.

If it is a block rule then Security Profile action is applied last

Buy Now
Questions 70

An administrator needs to create a Security policy rule that matches DNS traffic within the LAN zone, and also needs to match DNS traffic within the DMZ zone The administrator does not want to allow traffic between the DMZ and LAN zones.

Which Security policy rule type should they use?

Options:

A.

default

B.

universal

C.

intrazone

D.

interzone

Buy Now
Questions 71

Which operations are allowed when working with App-ID application tags?

Options:

A.

Predefined tags may be deleted.

B.

Predefined tags may be augmented by custom tags.

C.

Predefined tags may be modified.

D.

Predefined tags may be updated by WildFire dynamic updates.

Buy Now
Questions 72

Your company occupies one floor in a single building you have two active directory domain controllers on a single networks the firewall s management plane is only slightly utilized.

Which user-ID agent sufficient in your network?

Options:

A.

PAN-OS integrated agent deployed on the firewall

B.

Windows-based agent deployed on the internal network a domain member

C.

Citrix terminal server agent deployed on the network

D.

Windows-based agent deployed on each domain controller

Buy Now
Questions 73

At which point in the app-ID update process can you determine if an existing policy rule is affected by an app-ID update?

Options:

A.

after clicking Check New in the Dynamic Update window

B.

after connecting the firewall configuration

C.

after downloading the update

D.

after installing the update

Buy Now
Questions 74

An administrator configured a Security policy rule where the matching condition includes a single application and the action is set to deny. What deny action will the firewall perform?

Options:

A.

Drop the traffic silently

B.

Perform the default deny action as defined in the App-ID database for the application

C.

Send a TCP reset packet to the client- and server-side devices

D.

Discard the session's packets and send a TCP reset packet to let the client know the session has been terminated

Buy Now
Questions 75

Files are sent to the WildFire cloud service via the WildFire Analysis Profile. How are these files used?

Options:

A.

WildFire signature updates

B.

Malware analysis

C.

Domain Generation Algorithm (DGA) learning

D.

Spyware analysis

Buy Now
Questions 76

What must first be created on the firewall for SAML authentication to be configured?

Options:

A.

Server Policy

B.

Server Profile

C.

Server Location

D.

Server Group

Buy Now
Questions 77

Which two statements are correct about App-ID content updates? (Choose two.)

Options:

A.

Updated application content may change how security policy rules are enforced

B.

After an application content update, new applications must be manually classified prior to use

C.

Existing security policy rules are not affected by application content updates

D.

After an application content update, new applications are automatically identified and classified

Buy Now
Questions 78

What is an advantage for using application tags?

Options:

A.

They are helpful during the creation of new zones

B.

They help with the design of IP address allocations in DHCP.

C.

They help content updates automate policy updates

D.

They help with the creation of interfaces

Buy Now
Questions 79

Which type of security policy rule will match traffic that flows between the Outside zone and inside zone, but would not match traffic that flows within the zones?

Options:

A.

global

B.

intrazone

C.

interzone

D.

universal

Buy Now
Questions 80

Which type of address object is "10 5 1 1/0 127 248 2"?

Options:

A.

IP subnet

B.

IP wildcard mask

C.

IP netmask

D.

IP range

Buy Now
Questions 81

During the App-ID update process, what should you click on to confirm whether an existing policy rule is affected by an App-ID update?

Options:

A.

check now

B.

review policies

C.

test policy match

D.

download

Buy Now
Questions 82

Based on the graphic, what is the purpose of the SSL/TLS Service profile configuration option?

PCNSA Question 82

Options:

A.

It defines the SSUTLS encryption strength used to protect the management interface.

B.

It defines the CA certificate used to verify the client's browser.

C.

It defines the certificate to send to the client's browser from the management interface.

D.

It defines the firewall's global SSL/TLS timeout values.

Buy Now
Questions 83

Which built-in IP address EDL would be useful for preventing traffic from IP addresses that are verified as unsafe based on WildFire analysis Unit 42 research and data gathered from telemetry?

Options:

A.

Palo Alto Networks C&C IP Addresses

B.

Palo Alto Networks Bulletproof IP Addresses

C.

Palo Alto Networks High-Risk IP Addresses

D.

Palo Alto Networks Known Malicious IP Addresses

Buy Now
Questions 84

You need to allow users to access the office–suite application of their choice. How should you configure the firewall to allow access to any office-suite application?

Options:

A.

Create an Application Group and add Office 365, Evernote Google Docs and Libre Office

B.

Create an Application Group and add business-systems to it.

C.

Create an Application Filter and name it Office Programs, then filter it on the office programs subcategory.

D.

Create an Application Filter and name it Office Programs then filter on the business-systems category.

Buy Now
Questions 85

Based on the security policy rules shown, ssh will be allowed on which port?

PCNSA Question 85

Options:

A.

any port

B.

same port as ssl and snmpv3

C.

the default port

D.

only ephemeral ports

Buy Now
Questions 86

Which two actions are needed for an administrator to get real-time WildFire signatures? (Choose two.)

Options:

A.

Obtain a Threat Prevention subscription.

B.

Enable Dynamic Updates.

C.

Move within the WildFire public cloud region.

D.

Obtain a WildFire subscription.

Buy Now
Questions 87

An administrator is implementing an exception to an external dynamic list by adding an entry to the list manually. The administrator wants to save the changes, but the OK button is grayed out.

What are two possible reasons the OK button is grayed out? (Choose two.)

Options:

A.

The entry contains wildcards.

B.

The entry is duplicated.

C.

The entry doesn't match a list entry.

D.

The entry matches a list entry.

Buy Now
Questions 88

Which object would an administrator create to block access to all high-risk applications?

Options:

A.

HIP profile

B.

application filter

C.

application group

D.

Vulnerability Protection profile

Buy Now
Questions 89

Which action can be set in a URL Filtering Security profile to provide users temporary access to all websites in a given category using a provided password?

Options:

A.

exclude

B.

continue

C.

hold

D.

override

Buy Now
Questions 90

Which administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact and command-and-control (C2) server.

Which security profile components will detect and prevent this threat after the firewall`s signature database has been updated?

Options:

A.

antivirus profile applied to outbound security policies

B.

data filtering profile applied to inbound security policies

C.

data filtering profile applied to outbound security policies

D.

vulnerability profile applied to inbound security policies

Buy Now
Questions 91

Which statement is true about Panorama managed devices?

Options:

A.

Panorama automatically removes local configuration locks after a commit from Panorama

B.

Local configuration locks prohibit Security policy changes for a Panorama managed device

C.

Security policy rules configured on local firewalls always take precedence

D.

Local configuration locks can be manually unlocked from Panorama

Buy Now
Questions 92

Based on the image provided, which two statements apply to the Security policy rules? (Choose two.)

PCNSA Question 92

Options:

A.

The Allow-Office-Programs rule is using an application filter.

B.

The Allow-Office-Programs rule is using an application group.

C.

The Allow-Social-Media rule allows all Facebook functions.

D.

In the Allow-FTP policy, FTP is allowed using App-ID.

Buy Now
Questions 93

Which data flow direction is protected in a zero trust firewall deployment that is not protected in a perimeter-only firewall deployment?

Options:

A.

outbound

B.

north south

C.

inbound

D.

east west

Buy Now
Questions 94

Which feature enables an administrator to review the Security policy rule base for unused rules?

Options:

A.

Security policy tags

B.

Test Policy Match

C.

View Rulebase as Groups

D.

Policy Optimizer

Buy Now
Questions 95

Identify the correct order to configure the PAN-OS integrated USER-ID agent.

3. add the service account to monitor the server(s)

2. define the address of the servers to be monitored on the firewall

4. commit the configuration, and verify agent connection status

1. create a service account on the Domain Controller with sufficient permissions to execute the User- ID agent

Options:

A.

2-3-4-1

B.

1-4-3-2

C.

3-1-2-4

D.

1-3-2-4

Buy Now
Questions 96

Which feature enables an administrator to review the Security policy rule base for unused rules?

Options:

A.

Test Policy Match

B.

Policy Optimizer

C.

View Rulebase as Groups

D.

Security policy tags eb

Buy Now
Questions 97

Which path in PAN-OS 10.0 displays the list of port-based security policy rules?

Options:

A.

Policies> Security> Rule Usage> No App Specified

B.

Policies> Security> Rule Usage> Port only specified

C.

Policies> Security> Rule Usage> Port-based Rules

D.

Policies> Security> Rule Usage> Unused Apps

Buy Now
Questions 98

Why should a company have a File Blocking profile that is attached to a Security policy?

Options:

A.

To block uploading and downloading of specific types of files

B.

To detonate files in a sandbox environment

C.

To analyze file types

D.

To block uploading and downloading of any type of files

Buy Now
Questions 99

Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can initiate malicious code against a targeted machine.

PCNSA Question 99

Options:

A.

Exploitation

B.

Installation

C.

Reconnaissance

D.

Act on Objective

Buy Now
Questions 100

An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?

Options:

A.

Create an Application Filter and name it Office Programs, the filter it on the business-systems category, office-programs subcategory

B.

Create an Application Group and add business-systems to it

C.

Create an Application Filter and name it Office Programs, then filter it on the business-systems category

D.

Create an Application Group and add Office 365, Evernote, Google Docs, and Libre Office

Buy Now
Questions 101

How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?

Options:

A.

Disable automatic updates during weekdays

B.

Automatically “download and install” but with the “disable new applications” option used

C.

Automatically “download only” and then install Applications and Threats later, after the administrator approves the update

D.

Configure the option for “Threshold”

Buy Now
Questions 102

Which stage of the cyber-attack lifecycle makes it important to provide ongoing education to users on spear phishing links, unknown emails, and risky websites?

Options:

A.

reconnaissance

B.

delivery

C.

exploitation

D.

installation

Buy Now
Questions 103

In which profile should you configure the DNS Security feature?

Options:

A.

URL Filtering Profile

B.

Anti-Spyware Profile

C.

Zone Protection Profile

D.

Antivirus Profile

Buy Now
Questions 104

Which interface does not require a MAC or IP address?

Options:

A.

Virtual Wire

B.

Layer3

C.

Layer2

D.

Loopback

Buy Now
Questions 105

Which URL Filtering profile action would you set to allow users the option to access a site only if they provide a URL admin password?

Options:

A.

override

B.

authorization

C.

authentication

D.

continue

Buy Now
Questions 106

What is the minimum timeframe that can be set on the firewall to check for new WildFire signatures?

Options:

A.

every 30 minutes

B.

every 5 minutes

C.

once every 24 hours

D.

every 1 minute

Buy Now
Questions 107

In which two types of NAT can oversubscription be used? (Choose two.)

Options:

A.

Static IP

B.

Destination NAT

C.

Dynamic IP and Port (DIPP)

D.

Dynamic IP

Buy Now
Questions 108

Which User-ID agent would be appropriate in a network with multiple WAN links, limited network bandwidth, and limited firewall management plane resources?

Options:

A.

Windows-based agent deployed on the internal network

B.

PAN-OS integrated agent deployed on the internal network

C.

Citrix terminal server deployed on the internal network

D.

Windows-based agent deployed on each of the WAN Links

Buy Now
Exam Code: PCNSA
Exam Name: Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)
Last Update: Nov 17, 2024
Questions: 364

PDF + Testing Engine

$49.5  $164.99

Testing Engine

$37.5  $124.99
buy now PCNSA testing engine

PDF (Q&A)

$31.5  $104.99
buy now PCNSA pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 24 Nov 2024