This page was exported from IT Certification Exam Braindumps [ http://blog.braindumpsit.com ]

Export date:Thu Apr 17 22:57:45 2025 / +0000 GMT

___________________________________________________


Title: [Oct 05, 2023] BraindumpsIT PCNSA  Exam Practice Test Questions (Updated 382 Questions) [Q86-Q105]

---------------------------------------------------


 [Oct 05, 2023] BraindumpsIT PCNSA Exam Practice Test Questions (Updated 382 Questions)
Pass Palo Alto Networks PCNSA Exam Info and Free Practice Test 

What is the duration of the PCNSA Exam
Format: Multiple choices, multiple answersLength of Examination: 90 minutesNumber of Questions: 50

&nbsp;


NEW QUESTION 86The compliance officer requests that all evasive applications need to be blocked on all perimeter firewalls out to the internet. The firewall is configured with two zones:1. trust for internal networks2. untrust to the internetBased on the capabilities of the Palo Alto Networks NGFW, what are two ways to configure a security policy using App-ID to comply with this request? (Choose two )
&nbsp;Create a deny rule at the top of the policy from trust to untrust over any service and select evasive as the application
&nbsp;Create a deny rule at the top of the policy from trust to untrust with service application-default and select evasive as the application.
&nbsp;Create a deny rule at the top of the policy from trust to untrust over any service and add an application filter with the evasive characteristic.
&nbsp;Create a deny rule at the top of the policy from trust to untrust with service application-default and add an application filter with the evasive characteristic
NEW QUESTION 87What do you configure if you want to set up a group of objects based on their ports alone?
&nbsp;Application groups
&nbsp;Service groups
&nbsp;Address groups
&nbsp;Custom objects
NEW QUESTION 88Based on the security policy rules shown, ssh will be allowed on which port?
&nbsp;80
&nbsp;53
&nbsp;22
&nbsp;23
NEW QUESTION 89You receive notification about new malware that is being used to attack hosts. The malware exploits a software bug in common application.Which Security Profile detects and blocks access to this threat after you update the firewall&#8217;s threat signature database?
&nbsp;Data Filtering Profile applied to outbound Security policy rules
&nbsp;Antivirus Profile applied to outbound Security policy rules
&nbsp;Data Filtering Profile applied to inbound Security policy rules
&nbsp;Vulnerability Protection Profile applied to inbound Security policy rules
Vulnerability Protection Security Profiles stop attempts to exploit system flaws or gain unauthorized access to systems. Anti-Spyware Security Profiles identify infected hosts as traffic leaves the network, but Vulnerability Protection Security Profiles protect against threats entering the network.For example, Vulnerability Protection Security Profiles protect against buffer overflows, illegal code execution, and other attempts to exploit system vulnerabilities.NEW QUESTION 90Match the network device with the correct User-ID technology.
Explanation:Microsoft Exchange &#8211; Server monitoringLinux authentication &#8211; syslog monitoringWindows Client &#8211; client probingCitrix client &#8211; Terminal Services agentNEW QUESTION 91Which three statement describe the operation of Security Policy rules or Security Profiles? (Choose three)
&nbsp;Security policy rules inspect but do not block traffic.
&nbsp;Security Profile should be used only on allowed traffic.
&nbsp;Security Profile are attached to security policy rules.
&nbsp;Security Policy rules are attached to Security Profiles.
&nbsp;Security Policy rules can block or allow traffic.
NEW QUESTION 92In a Security policy, what is the quickest way to reset all policy rule hit counters to zero?
&nbsp;Highlight each rule and use the Reset Rule Hit Counter &gt; Selected Rules
&nbsp;Reboot the firewall
&nbsp;Use the Reset Rule Hit Counter &gt; All Rules option
&nbsp;Use the CLI enter the command reset rules all
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/policies/policies-security/creating-and-managing-policiesNEW QUESTION 93Based on the screenshot what is the purpose of the included groups?
&nbsp;They are only groups visible based on the firewall&#8217;s credentials.
&nbsp;They are used to map usernames to group names.
&nbsp;They contain only the users you allow to manage the firewall.
&nbsp;They are groups that are imported from RADIUS authentication servers.
NEW QUESTION 94Which two configuration settings shown are not the default? (Choose two.)
&nbsp;Enable Security Log
&nbsp;Server Log Monitor Frequency (sec)
&nbsp;Enable Session
&nbsp;Enable Probing
Explanation/Reference: https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-web-interface-help/user-identification/device- user-identification-user-mapping/enable-server-monitoringNEW QUESTION 95Based on the graphic which statement accurately describes the output shown in the server monitoring panel?
&nbsp;The host lab-client has been found by a domain controller.
&nbsp;The host lab-client has been by the User-ID agent.
&nbsp;The User-ID agent is connected to a domain controller labeled lab client.
NEW QUESTION 96Which two matching criteria are used when creating a Security policy involving NAT? (Choose two.)
&nbsp;Post-NAT address
&nbsp;Post-NAT zone
&nbsp;Pre-NAT zone
&nbsp;Pre-NAT address
NEW QUESTION 97In a File Blocking profile, which two actions should be taken to allow file types that support critical apps? (Choose two.)
&nbsp;Clone and edit the Strict profile.
&nbsp;Use URL filtering to limit categories in which users can transfer files.
&nbsp;Set the action to Continue.
&nbsp;Edit the Strict profile.
NEW QUESTION 98Which file is used to save the running configuration with a Palo Alto Networks firewall?
&nbsp;running-config.xml
&nbsp;run-config.xml
&nbsp;running-configuration.xml
&nbsp;run-configuration.xml
NEW QUESTION 99An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?
&nbsp;Create an Application Filter and name it Office Programs, then filter it on the business-systems category, office-programs subcategory
&nbsp;Create an Application Group and add business-systems to it
&nbsp;Create an Application Filter and name it Office Programs, then filter it on the business-systems category
&nbsp;Create an Application Group and add Office 365, Evernote, Google Docs, and Libre Office
NEW QUESTION 100An interface can belong to how many Security Zones?
&nbsp;1
&nbsp;2
&nbsp;3
&nbsp;4
NEW QUESTION 101Identify the correct order to configure the PAN-OS integrated USER-ID agent.3. add the service account to monitor the server(s)2. define the address of the servers to be monitored on the firewall4. commit the configuration, and verify agent connection status1. create a service account on the Domain Controller with sufficient permissions to execute the User-ID agent
&nbsp;2-3-4-1
&nbsp;1-4-3-2
&nbsp;3-1-2-4
&nbsp;1-3-2-4
First you create the account, then you add the, account in the firewall, then you add the servers you want to monitor and finally you apply the changes.NEW QUESTION 102Which three statements describe the operation of Security policy rules and Security Profiles?(Choose three.)
&nbsp;Security policy rules inspect but do not block traffic.
&nbsp;Security Profile should be used only on allowed traffic.
&nbsp;Security Profile are attached to security policy rules.
&nbsp;Security Policy rules are attached to Security Profiles.
&nbsp;Security Policy rules can block or allow traffic.
NEW QUESTION 103When is the content inspection performed in the packet flow process?
&nbsp;after the application has been identified
&nbsp;after the SSL Proxy re-encrypts the packet
&nbsp;before the packet forwarding process
&nbsp;before session lookup
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVHCA0NEW QUESTION 104Match the Cyber-Attack Lifecycle stage to its correct description.
NEW QUESTION 105Place the following steps in the packet processing order of operations from first to last.
&nbsp;Loading &#8230;


Palo Alto Networks Certified Network Security Administrator (PCNSA) exam is a certification that validates the knowledge and skills of network security professionals using Palo Alto Networks products. The PCNSA certification is designed for individuals who are responsible for deploying, configuring, and managing Palo Alto Networks products in their organizations. Palo Alto Networks Certified Network Security Administrator certification exam covers the essential knowledge and skills required to configure and manage Palo Alto Networks next-generation firewalls, Panorama management server, and GlobalProtect cloud service.
&nbsp;

Pass Your Palo Alto Networks Exam with PCNSA Exam Dumps: https://www.braindumpsit.com/PCNSA_real-exam.html


---------------------------------------------------


Images: https://blog.braindumpsit.com/wp-content/plugins/watu/loading.gif
https://blog.braindumpsit.com/wp-content/plugins/watu/loading.gif


---------------------------------------------------


---------------------------------------------------


Post date: 2023-10-05 15:35:41

Post date GMT: 2023-10-05 15:35:41

Post modified date: 2023-10-05 15:35:41

Post modified date GMT: 2023-10-05 15:35:41