[2023] Free PCNSA Exam Dumps to Pass Exam Easily
PCNSA Exam Dumps, PCNSA Practice Test Questions
NEW QUESTION 111
What must you configure to enable the firewall to access multiple Authentication Profiles to authenticate a non- local account?
- A. authentication sequence
- B. authentication server list
- C. LDAP server profile
- D. authentication list profile
Answer: A
Explanation:
Explanation/Reference: https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/framemaker/pan-os/7-1/pan- os-admin.pdf page 144
NEW QUESTION 112
Which object would an administrator create to enable access to all applications in the office-programs subcategory?
- A. HIP profile
- B. Application filter
- C. Application group
- D. URL category
Answer: D
NEW QUESTION 113
Which Security profile must be added to Security policies to enable DNS Signatures to be checked?
- A. Vulnerability Protection
- B. Anti-Spyware
- C. URL Filtering
- D. Antivirus
Answer: C
NEW QUESTION 114
An administrator is reviewing the Security policy rules shown in the screenshot below.
Which statement is correct about the information displayed?
- A. There are seven Security policy rules on this firewall.
- B. Highlight Unused Rules is checked.
- C. Eleven rules use the "Infrastructure* tag.
- D. The view Rulebase as Groups is checked.
Answer: D
NEW QUESTION 115
Which file is used to save the running configuration with a Palo Alto Networks firewall?
- A. run-config.xml
- B. running-configuration.xml
- C. run-configuratin.xml
- D. running-config.xml
Answer: D
NEW QUESTION 116
Which information is included in device state other than the local configuration?
- A. system logs to provide information of PAN-OS changes
- B. device group and template settings pushed from Panorama
- C. uncommitted changes
- D. audit logs to provide information of administrative account changes
Answer: B
Explanation:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/device/device-setup-operations.html
NEW QUESTION 117
Based on the graphic which statement accurately describes the output shown in the server monitoring panel?
- A. The host lab-client has been found by the User-ID agent.
- B. The User-ID agent is connected to a domain controller labeled lab-client.
- C. The User-ID agent is connected to the firewall labeled lab-client.
- D. The host lab-client has been found by a domain controller.
Answer: D
NEW QUESTION 118
When creating a Source NAT policy, which entry in the Translated Packet tab will display the options Dynamic IP and Port, Dynamic, Static IP, and None?
- A. Interface
- B. IP Address
- C. Translation Type
- D. Address Type
Answer: C
NEW QUESTION 119
Which Palo Alto Networks service protects cloud-based applications such as Dropbox and Salesforce by monitoring permissions and shares and scanning files for sensitive information?
- A. GlobalProtect
- B. AutoFocus
- C. Prisma SaaS
- D. Panorama
Answer: C
NEW QUESTION 120
All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone. Complete the two empty fields in the Security Policy rules that permits only this type of access.
Choose two.
- A. Application = "any"
- B. Application = "Telnet"
- C. Service - "application-default"
- D. Service = "any"
Answer: B,C
NEW QUESTION 121
For the firewall to use Active Directory to authenticate users, which Server Profile is required in the Authentication Profile?
- A. RADIUS
- B. SAML
- C. LDAP
- D. TACACS+
Answer: C
Explanation:
Reference:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/authentication/configure-an- authenticationprofile-and-sequence
NEW QUESTION 122
Which two matching criteria are used when creating a Security policy involving NAT? (Choose two.)
- A. Post-NAT address
- B. Pre-NAT zone
- C. Pre-NAT address
- D. Post-NAT zone
Answer: C,D
NEW QUESTION 123
In the example security policy shown, which two websites fcked? (Choose two.)
- A. YouTube
- B. Amazon
- C. LinkedIn
- D. Facebook
Answer: C,D
NEW QUESTION 124
Which action would an administrator take to ensure that a service object will be available only to the selected device group?
- A. uncheck the shared option
- B. create the service object in the specific template
- C. ensure that disable override is cleared
- D. ensure that disable override is selected
Answer: C
Explanation:
https://docs.paloaltonetworks.com/panorama/9-0/panorama-admin/manage-firewalls/manage-device-groups/create-objects-for-use-in-shared-or-device-group-policy
NEW QUESTION 125
An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?
- A. Create an Application Group and add Office 365, Evernote, Google Docs, and Libre Office
- B. Create an Application Filter and name it Office Programs, then filter it on the business-systems category
- C. Create an Application Group and add business-systems to it
- D. Create an Application Filter and name it Office Programs, the filter it on the business-systems category, office-programs subcategory
Answer: C
NEW QUESTION 126
After making multiple changes to the candidate configuration of a firewall, the administrator would like to start over with a candidate configuration that matches the running configuration.
Which command in Device > Setup > Operations would provide the most operationally efficient way to accomplish this?
- A. Revert to running configuration
- B. Revert to last saved configuration
- C. Import named config snapshot
- D. Load named configuration snapshot
Answer: D
NEW QUESTION 127
Your company is highly concerned with their Intellectual property being accessed by unauthorized resources. There is a mature process to store and include metadata tags for all confidential documents.
Which Security profile can further ensure that these documents do not exit the corporate network?
- A. Anti-Spyware
- B. Data Filtering
- C. File Blocking
- D. URL Filtering
Answer: B
NEW QUESTION 128
What does an administrator use to validate whether a session is matching an expected NAT policy?
- A. config audit
- B. test command
- C. threat log
- D. system log
Answer: B
NEW QUESTION 129
All users from the internal zone must be allowed only HTTP access to a server in the DMZ zone.
Complete the empty field in the Security policy using an application object to permit only this type of access.
Source Zone: Internal -
Destination Zone: DMZ Zone -
Application: __________
Service: application-default -
Action: allow
- A. Application = "http"
- B. Application = "any"
- C. Application = "ssl"
- D. Application = "web-browsing"
Answer: D
NEW QUESTION 130
Match the network device with the correct User-ID technology.
Answer:
Explanation:
Explanation:
Microsoft Exchange - Server monitoring
Linux authentication - syslog monitoring
Windows Client - client probing
Citrix client - Terminal Services agent
NEW QUESTION 131
Based on the Security policy rules shown, SSH will be allowed on which port?
- A. only ephemeral ports
- B. the default port
- C. same port as ssl and snmpv3
- D. any port
Answer: B
NEW QUESTION 132
Order the steps needed to create a new security zone with a Palo Alto Networks firewall.
Answer:
Explanation:
NEW QUESTION 133
You receive notification about new malware that infects hosts through malicious files transferred by FTP.
Which Security profile detects and protects your internal networks from this threat after you update your firewall's threat signature database?
- A. Antivirus profile applied to inbound Security policy rules.
- B. URL Filtering profile applied to inbound Security policy rules.
- C. Vulnerability Protection profile applied to outbound Security policy rules.
- D. Data Filtering profile applied to outbound Security policy rules.
Answer: A
Explanation:
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/security-profiles
NEW QUESTION 134
......
PCNSA Exam Dumps, PCNSA Practice Test Questions: https://www.premiumvcedump.com/Palo-Alto-Networks/valid-PCNSA-premium-vce-exam-dumps.html
Free PCNSA Study Guides Exam Questions and Answer: https://drive.google.com/open?id=1FEtAOwxLcQeeHyjIKvPXyjuSkb_xVcHy