Latest Palo Alto Networks PCNSA Practice Test Questions, Palo Alto Networks Certified Network Security Administrator Exam Dumps [Q148-Q163]

Rate this post

Latest Palo Alto Networks PCNSA Practice Test Questions, Palo Alto Networks Certified Network Security Administrator Exam Dumps

Jul-2023 Pass Palo Alto Networks PCNSA Exam in First Attempt Easily

The PCNSA certification is a valuable credential that can help network security professionals stand out in a competitive job market. Palo Alto Networks Certified Network Security Administrator certification demonstrates that the certified individual has the skills and knowledge required to manage and secure their organization’s network infrastructure using Palo Alto Networks firewalls. Palo Alto Networks Certified Network Security Administrator certification is also a great way for network security professionals to stay up-to-date with the latest trends and technologies in the field of network security.

Q148. Which two security profile types can be attached to a security policy? (Choose two.)

antivirus

DDoS protection

threat

vulnerability

https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/policy/security-profiles

Q149. An administrator would like to see the traffic that matches the interzone-default rule in the traffic logs.
What is the correct process to enable this logging1?

Select the interzone-default rule and edit the rule on the Actions tab select Log at Session Start and click OK

Select the interzone-default rule and edit the rule on the Actions tab select Log at Session End and click OK

This rule has traffic logging enabled by default no further action is required

Select the interzone-default rule and click Override on the Actions tab select Log at Session End and click OK

Q150. Which rule type is appropriate for matching traffic occurring within a specified zone?

Interzone

Universal

Intrazone

Shadowed

Q151. Which type of security rule will match traffic between the Inside zone and Outside zone, within the Inside zone, and within the Outside zone?

global

intrazone

interzone

universal

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClomCAC

Q152. Your company occupies one floor in a single building. You have two Active Directory domain controllers on a single network. The firewall’s management plane is only slightly utilized.
Which User-ID agent is sufficient in your network?

Windows-based agent deployed on each domain controller

PAN-OS integrated agent deployed on the firewall

Citrix terminal server agent deployed on the network

Windows-based agent deployed on the internal network a domain member

Which User-ID agent should I use?
Use agentless (PAN-OS)
If you have a small to medium deployment with 10 or fewer Domain controllers or Exchange servers If you wish to share PAN-OS sourced mappings from AD, Captive portal or Global Protect with other PA devices (max 255 devices) Use User-ID Agent (Windows) If you have medium to large deployment with more than 10 domain controllers If you have multi-domain setup with large number of servers to monitor

Q153. Employees are shown an application block page when they try to access YouTube. Which security policy is blocking the YouTube application?

intrazone-default

Deny Google

allowed-security services

interzone-default

Q154. Given the image, which two options are true about the Security policy rules. (Choose two.)

The Allow Office Programs rule is using an Application Filter

In the Allow FTP to web server rule, FTP is allowed using App-ID

The Allow Office Programs rule is using an Application Group

In the Allow Social Networking rule, allows all of Facebook’s functions

Q155. Order the steps needed to create a new security zone with a Palo Alto Networks firewall.

Q156. Which file is used to save the running configuration with a Palo Alto Networks firewall?

running-config.xml

run-config.xml

running-configuration.xml

run-configuratin.xml

Q157. How is an address object of type IP range correctly defined?

192.168.40.1-192.168.40.255

192.168.40.1-255

192.168.40.1, 192.168.40.255

192.168.40.1/24

Enter an IP address range (Ex. 10.0.0.1-10.0.0.4). Each of the IP addresses in the range can also be in an IPv6 form (Ex. 2001:db8:123:1::1-2001:db8:123:1::11).

Q158. You receive notification about new malware that is being used to attack hosts. The malware exploits a software bug in common application.
Which Security Profile detects and blocks access to this threat after you update the firewall’s threat signature database?

Data Filtering Profile applied to outbound Security policy rules

Antivirus Profile applied to outbound Security policy rules

Data Filtering Profile applied to inbound Security policy rules

Vulnerability Protection Profile applied to inbound Security policy rules

Vulnerability Protection Security Profiles stop attempts to exploit system flaws or gain unauthorized access to systems. Anti-Spyware Security Profiles identify infected hosts as traffic leaves the network, but Vulnerability Protection Security Profiles protect against threats entering the network.
For example, Vulnerability Protection Security Profiles protect against buffer overflows, illegal code execution, and other attempts to exploit system vulnerabilities.

Q159. Which three statement describe the operation of Security Policy rules or Security Profiles? (Choose three)

Security policy rules inspect but do not block traffic.

Security Profile should be used only on allowed traffic.

Security Profile are attached to security policy rules.

Security Policy rules are attached to Security Profiles.

Security Policy rules can block or allow traffic.

Q160. Which two App-ID applications will need to be allowed to use Facebook-chat? (Choose two.)

facebook

facebook-chat

facebook-base

facebook-email

Q161. At which point in the App-ID update process can you determine if an existing policy rule is affected by an App-ID update?

after clicking Check Now in the Dynamic Update window

after committing the firewall configuration

after installing the update

after downloading the update

Action > Download: Additionally, downloading an Application and Threat content release version enables the option to Review Policies that are affected by new application signatures included with the release.
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-web-interface-help/device/device- dynamic-updates.html

Q162. A website is unexpectedly allowed due to miscategorization.
What are two ways to resolve this issue for a proper response? (Choose two.)

Identify the URL category being assigned to the website.
Edit the active URL Filtering profile and update that category’s site access settings to block.

Create a URL category and assign the affected URL.
Update the active URL Filtering profile site access setting for the custom URL category to block.

Review the categorization of the website on https://urlfiltering.paloaltonetworks.com.
Submit for “request change*, identifying the appropriate categorization, and wait for confirmation before testing again.

Create a URL category and assign the affected URL.
Add a Security policy with a URL category qualifier of the custom URL category below the original policy. Set the policy action to Deny.

Q163. An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command-and-control (C2) server. Which two security profile components will detect and prevent this threat after the firewall’s signature database has been updated? (Choose two.)

vulnerability protection profile applied to outbound security policies

anti-spyware profile applied to outbound security policies

antivirus profile applied to outbound security policies

URL filtering profile applied to outbound security policies

Loading …

Free PCNSA Exam Files Downloaded Instantly 100% Dumps & Practice Exam: https://www.prepawaypdf.com/Palo-Alto-Networks/PCNSA-practice-exam-dumps.html

Pass Your Palo Alto Networks PSE-Strata Exam with Correct 140 Questions and Answers [Q43-Q66]
Use PCDRA Exam Dumps (2023 PDF Dumps) To Have Reliable PCDRA Test Engine [Q16-Q34]

Related posts:

admin

You might also like

Leave a Reply Cancel reply