PCNSA Dumps PCNSA Braindumps PCNSA Real Questions PCNSA Practice Test PCNSA Actual Questions Palo-Alto PCNSA Palo Alto Networks Certified Network Security Administrator https://killexams.com/pass4sure/exam-detail/PCNSA Question: 80 Users from the internal zone need to be allowed to Telnet into a server in the DMZ zone. Complete the security policy to ensure only Telnet is allowed. Security Policy: Source Zone: Internal to DMZ Zone __________services “Application defaults”, and action = Allow A. Destination IP: 192.168.1.123/24 B. Application = ‘Telnet’ C. Log Forwarding D. USER-ID = ‘Allow users in Trusted’ Answer: B Question: 81 Which three types of authentication services can be used to authenticate user traffic flowing through the firewalls data plane? (Choose three ) A. TACACS B. SAML2 C. SAML10 D. Kerberos E. TACACS+ Answer: A,B,D Question: 82 What do you configure if you want to set up a group of objects based on their ports alone? A. Application groups B. Service groups C. Address groups D. Custom objects Answer: B Question: 83 Given the network diagram, traffic should be permitted for both Trusted and Guest users to access general Internet and DMZ servers using SSH. web-browsing and SSL applications. Which policy achieves the desired results? A) B) C) D) A. Option B. Option C. Option D. Option Answer: C Question: 84 Given the detailed log information above, what was the result of the firewall traffic inspection? A. It was blocked by the Vulnerability Protection profile action. B. It was blocked by the Anti-Virus Security profile action. C. It was blocked by the Anti-Spyware Profile action. D. It was blocked by the Security policy action. Answer: C Question: 85 Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can initiate malicious code against a targeted machine. A. Exploitation B. Installation C. Reconnaissance D. Act on Objective Answer: A Question: 86 How are Application Fillers or Application Groups used in firewall policy? A. An Application Filter is a static way of grouping applications and can be configured as a nested member of an Application Group B. An Application Filter is a dynamic way to group applications and can be configured as a nested member of an Application Group C. An Application Group is a dynamic way of grouping applications and can be configured as a nested member of an Application Group D. An Application Group is a static way of grouping applications and cannot be configured as a nested member of Application Group Answer: B Question: 87 Complete the statement. A security profile can block or allow traffic____________ A. on unknown-tcp or unknown-udp traffic B. after it is matched by a security policy that allows traffic C. before it is matched by a security policy D. after it is matched by a security policy that allows or blocks traffic Answer: B Explanation: Security profiles are objects added to policy rules that are configured with an action of allow. Question: 88 Which interface does not require a MAC or IP address? A. Virtual Wire B. Layer3 C. Layer2 D. Loopback Answer: A Question: 89 Which two App-ID applications will need to be allowed to use Facebook-chat? (Choose two.) A. facebook B. facebook-chat C. facebook-base D. facebook-email Answer: B,C Question: 90 Which administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact and command-and-control (C2) server. Which security profile components will detect and prevent this threat after the firewall`s signature database has been updated? A. antivirus profile applied to outbound security policies B. data filtering profile applied to inbound security policies C. data filtering profile applied to outbound security policies D. vulnerability profile applied to inbound security policies Answer: C Question: 91 Which statement is true about Panorama managed devices? A. Panorama automatically removes local configuration locks after a commit from Panorama B. Local configuration locks prohibit Security policy changes for a Panorama managed device C. Security policy rules configured on local firewalls always take precedence D. Local configuration locks can be manually unlocked from Panorama Answer: D Explanation: Reference: https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/administer-panorama/manage- locks- forrestricting-configuration-changes.html Question: 92 Which solution is a viable option to capture user identification when Active Directory is not in use? A. Cloud Identity Engine B. group mapping C. Directory Sync Service D. Authentication Portal Answer: D Question: 93 An internal host wants to connect to servers of the internet through using source NAT. Which policy is required to enable source NAT on the firewall? A. NAT policy with source zone and destination zone specified B. post-NAT policy with external source and any destination address C. NAT policy with no source of destination zone selected D. pre-NAT policy with external source and any destination address Answer: A Question: 94 What are three differences between security policies and security profiles? (Choose three.) A. Security policies are attached to security profiles B. Security profiles are attached to security policies C. Security profiles should only be used on allowed traffic D. Security profiles are used to block traffic by themselves E. Security policies can block or allow traffic Answer: B,C,E Question: 95 What is a recommended consideration when deploying content updates to the firewall from Panorama? A. Before deploying content updates, always check content release version compatibility. B. Content updates for firewall A/P HA pairs can only be pushed to the active firewall. C. Content updates for firewall A/A HA pairs need a defined master device. D. After deploying content updates, perform a commit and push to Panorama. Answer: D Explanation: Reference: https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-licenses-and-updates/deploy- updates-to-firewalls-log-collectors-and-wildfire-appliances-using-panorama/schedule-a-content-update-using- panorama.html Question: 96 An administrator wishes to follow best practices for logging traffic that traverses the firewall Which log setting is correct? A. Disable all logging B. Enable Log at Session End C. Enable Log at Session Start D. Enable Log at both Session Start and End Answer: B Explanation: Reference: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clt5CAC Question: 97 Which administrator type utilizes predefined roles for a local administrator account? A. Superuser B. Role-based C. Dynamic D. Device administrator Answer: C Question: 98 What are the requirements for using Palo Alto Networks EDL Hosting Sen/ice? A. any supported Palo Alto Networks firewall or Prisma Access firewall B. an additional subscription free of charge C. a firewall device running with a minimum version of PAN-OS 10.1 D. an additional paid subscription Answer: A Question: 99 Refer to the exhibit. A web server in the DMZ is being mapped to a public address through DNAT. Which Security policy rule will allow traffic to flow to the web server? A. Untrust (any) to DMZ (10.1.1.100), web browsing -Allow B. Untrust (any) to Untrust (1.1.1.100), web browsing – Allow C. Untrust (any) to Untrust (10.1.1.100), web browsing -Allow D. Untrust (any) to DMZ (1.1.1.100), web browsing – Allow Answer: D Explanation: Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/networking/nat/nat-configuration- examples/destination-nat-exampleone-to-one-mapping 6$03/( 48(67,216 7KHVH TXHVWLRQV DUH IRU GHPR SXUSRVH RQO\ )XOO YHUVLRQ LV XS WR GDWH DQG FRQWDLQV DFWXDO TXHVWLRQV DQG DQVZHUV .LOOH[DPV FRP LV DQ RQOLQH SODWIRUP WKDW RIIHUV D ZLGH UDQJH RI VHUYLFHV UHODWHG WR FHUWLILFDWLRQ H[DP SUHSDUDWLRQ 7KH SODWIRUP SURYLGHV DFWXDO TXHVWLRQV H[DP GXPSV DQG SUDFWLFH WHVWV WR KHOS LQGLYLGXDOV SUHSDUH IRU YDULRXV FHUWLILFDWLRQ H[DPV ZLWK FRQILGHQFH +HUH DUH VRPH NH\ IHDWXUHV DQG VHUYLFHV RIIHUHG E\ .LOOH[DPV FRP $FWXDO ([DP 4XHVWLRQV .LOOH[DPV FRP SURYLGHV DFWXDO H[DP TXHVWLRQV WKDW DUH H[SHULHQFHG LQ WHVW FHQWHUV 7KHVH TXHVWLRQV DUH XSGDWHG UHJXODUO\ WR HQVXUH WKH\ DUH XS WR GDWH DQG UHOHYDQW WR WKH ODWHVW H[DP V\OODEXV %\ VWXG\LQJ WKHVH DFWXDO TXHVWLRQV FDQGLGDWHV FDQ IDPLOLDUL]H WKHPVHOYHV ZLWK WKH FRQWHQW DQG IRUPDW RI WKH UHDO H[DP ([DP 'XPSV .LOOH[DPV FRP RIIHUV H[DP GXPSV LQ 3') IRUPDW 7KHVH GXPSV FRQWDLQ D FRPSUHKHQVLYH FROOHFWLRQ RI TXHVWLRQV DQG DQVZHUV WKDW FRYHU WKH H[DP WRSLFV %\ XVLQJ WKHVH GXPSV FDQGLGDWHV FDQ HQKDQFH WKHLU NQRZOHGJH DQG LPSURYH WKHLU FKDQFHV RI VXFFHVV LQ WKH FHUWLILFDWLRQ H[DP 3UDFWLFH 7HVWV .LOOH[DPV FRP SURYLGHV SUDFWLFH WHVWV WKURXJK WKHLU GHVNWRS 9&( H[DP VLPXODWRU DQG RQOLQH WHVW HQJLQH 7KHVH SUDFWLFH WHVWV VLPXODWH WKH UHDO H[DP HQYLURQPHQW DQG KHOS FDQGLGDWHV DVVHVV WKHLU UHDGLQHVV IRU WKH DFWXDO H[DP 7KH SUDFWLFH WHVWV FRYHU D ZLGH UDQJH RI TXHVWLRQV DQG HQDEOH FDQGLGDWHV WR LGHQWLI\ WKHLU VWUHQJWKV DQG ZHDNQHVVHV *XDUDQWHHG 6XFFHVV .LOOH[DPV FRP RIIHUV D VXFFHVV JXDUDQWHH ZLWK WKHLU H[DP GXPSV 7KH\ FODLP WKDW E\ XVLQJ WKHLU PDWHULDOV FDQGLGDWHV ZLOO SDVV WKHLU H[DPV RQ WKH ILUVW DWWHPSW RU WKH\ ZLOO UHIXQG WKH SXUFKDVH SULFH 7KLV JXDUDQWHH SURYLGHV DVVXUDQFH DQG FRQILGHQFH WR LQGLYLGXDOV SUHSDULQJ IRU FHUWLILFDWLRQ H[DPV 8SGDWHG &RQWHQW .LOOH[DPV FRP UHJXODUO\ XSGDWHV LWV TXHVWLRQ EDQN DQG H[DP GXPSV WR HQVXUH WKDW WKH\ DUH FXUUHQW DQG UHIOHFW WKH ODWHVW FKDQJHV LQ WKH H[DP V\OODEXV 7KLV KHOSV FDQGLGDWHV VWD\ XS WR GDWH ZLWK WKH H[DP FRQWHQW DQG LQFUHDVHV WKHLU FKDQFHV RI VXFFHVV 7HFKQLFDO 6XSSRUW .LOOH[DPV FRP SURYLGHV IUHH [ WHFKQLFDO VXSSRUW WR DVVLVW FDQGLGDWHV ZLWK DQ\ TXHULHV RU LVVXHV WKH\ PD\ HQFRXQWHU ZKLOH XVLQJ WKHLU VHUYLFHV 7KHLU FHUWLILHG H[SHUWV DUH DYDLODEOH WR SURYLGH JXLGDQFH DQG KHOS FDQGLGDWHV WKURXJKRXW WKHLU H[DP SUHSDUDWLRQ MRXUQH\ 'PS .PSF FYBNT WJTJU IUUQT LJMMFYBNT DPN WFOEPST FYBN MJTU .LOO \RXU H[DP DW )LUVW $WWHPSW *XDUDQWHHG