• Home
  • Articles
  • [Jan-2022] Palo Alto Networks PCNSA Actual Questions and Braindumps [Q78-Q102]

[Jan-2022] Palo Alto Networks PCNSA Actual Questions and Braindumps [Q78-Q102]

Share

[Jan-2022] Palo Alto Networks PCNSA Actual Questions and Braindumps

Pass PCNSA Exam with Updated PCNSA Exam Dumps PDF 2022


Certification Overview

The bearer of the PCNSA certificate has demonstrated the ability to work on firewalls based on the Palo Alto platform. This designation is valuable for two fundamental reasons. First, the world is becoming digitalized very rapidly. Experts are needed to make these channels more secure to prevent theft of valuable information or other vital details that may prove harmful to an organization. A PCNSA certified specialist is believed to have the necessary skills to ward off those cutting-edge cyber threats. This leads us to the second reason why the PCNSA is a valuable certificate. The certification vendor, Palo Alto Networks, is a global leader in cybersecurity. Consequently, validation from them is highly valued in the industry. Being a PCNSA certified individual, in this case, indicates that you have real-world mastery of the Palo Alto Next-Generation PAN-OSĀ® 10.0 platform in any environment. As a PCNSA certified professional, you are permitted to print the certification badge on your business cards to show that you are Palo Alto certified. This badge would undoubtedly increase your job opportunities. Note that the certificate expires two years from when you passed the PCNSA exam, after which you can recertify. The use of the logo on business cards or personal display materials is valid only for the period you have an active certification status. By the way, the market for Palo Alto Networks jobs in the Network and Security field is booming, making PCNSA certified professionals highly-sought after so take a step towards a thriving career!

 

NEW QUESTION 78
Order the steps needed to create a new security zone with a Palo Alto Networks firewall.

Answer:

Explanation:

Explanation
Step 1 - Select network tab
Step 2 - Select zones from the list of available items
Step 3 - Select Add
Step 4 - Specify Zone Name
Step 5 - Specify Zone Type
Step 6 - Assign interfaces as needed

 

NEW QUESTION 79
Starting with PAN-OS version 9.1, which new type of object is supported for use within the User field of a Security policy rule?

  • A. static user group
  • B. remote username
  • C. local username
  • D. dynamic user group

Answer: D

 

NEW QUESTION 80
Based on the screenshot presented which column contains the link that when clicked opens a window to display all applications matched to the policy rule?

  • A. Apps Allowed
  • B. Apps Seen
  • C. Service
  • D. Name

Answer: B

 

NEW QUESTION 81
Which interface does not require a MAC or IP address?

  • A. Layer2
  • B. Layer3
  • C. Virtual Wire
  • D. Loopback

Answer: C

Explanation:
Explanation/Reference:

 

NEW QUESTION 82
Which path in PAN-OS 9.0 displays the list of port-based security policy rules?

  • A. Policies> Security> Rule Usage> No App Specified
  • B. Policies> Security> Rule Usage> Unused Apps
  • C. Policies> Security> Rule Usage> Port only specified
  • D. Policies> Security> Rule Usage> Port-based Rules

Answer: D

 

NEW QUESTION 83
Given the topology, which zone type should zone A and zone B to be configured with?

  • A. Layer2
  • B. Tap
  • C. Virtual Wire
  • D. Layer3

Answer: D

 

NEW QUESTION 84
Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can initiate malicious code against a targeted machine.

  • A. Exploitation
  • B. Installation
  • C. Act on Objective
  • D. Reconnaissance

Answer: A

 

NEW QUESTION 85
Based on the security policy rules shown, ssh will be allowed on which port?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: A

 

NEW QUESTION 86
Based on the show security policy rule would match all FTP traffic from the inside zone to the outside zone?

  • A. inside-portal
  • B. intercone-default
  • C. internal-inside-dmz
  • D. engress outside

Answer: B

 

NEW QUESTION 87
What is the minimum timeframe that can be set on the firewall to check for new WildFire signatures?

  • A. every 30 minutes
  • B. every 5 minutes
  • C. every 1 minute
  • D. once every 24 hours

Answer: C

Explanation:
Explanation
Because new WildFire signatures are now available every five minutes, it is a best practice to use this setting to ensure the firewall retrieves these signatures within a minute of availability.

 

NEW QUESTION 88
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?

  • A. URL filtering
  • B. DoS protection
  • C. packet buffering
  • D. anti-spyware

Answer: B

 

NEW QUESTION 89
In the example security policy shown, which two websites would be blocked? (Choose two.)

  • A. Amazon
  • B. LinkedIn
  • C. YouTube
  • D. Facebook

Answer: B,D

 

NEW QUESTION 90
An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?

  • A. branch office traffic
  • B. perimeter traffic
  • C. east-west traffic
  • D. north-south traffic

Answer: C

 

NEW QUESTION 91
Access to which feature requires the PAN-OS Filtering license?

  • A. PAN-DB database
  • B. DNS Security
  • C. URL external dynamic lists
  • D. Custom URL categories

Answer: A

Explanation:
Explanation/Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/getting-started/activate-licenses-and- subscriptions.html

 

NEW QUESTION 92
Based on the screenshot presented which column contains the link that when clicked opens a window to display all applications matched to the policy rule?

  • A. Apps Allowed
  • B. Apps Seen
  • C. Service
  • D. Name

Answer: B

 

NEW QUESTION 93
Based on the screenshot what is the purpose of the included groups?

  • A. They are used to map usernames to group names.
  • B. They are only groups visible based on the firewall's credentials.
  • C. They are groups that are imported from RADIUS authentication servers.
  • D. They contain only the users you allow to manage the firewall.

Answer: A

 

NEW QUESTION 94
A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone. What configuration-changes should the Firewall-admin make?

  • A. In addition to option a, a custom-service-object called SERVICE-SSH-RETURN that contains source-port-TCP-22 should be created. A second security-rule is required that allows traffic from zone OUTSIDE to USERS for SERVICE-SSH-RETURN for any source-IP-address to any destination-Ip-address
  • B. Create a security-rule that allows traffic from zone USERS to OUTSIDE to allow traffic from any source IP-address to any destination IP-address for application SSH
  • C. Create a custom-service-object called SERVICE-SSH for destination-port-TCP-22. Create a security-rule between zone USERS and OUTSIDE to allow traffic from any source IP-address to any destination IP-address for SERVICE-SSH
  • D. In addition to option c, an additional rule from zone OUTSIDE to USERS for application SSH from any source-IP-address to any destination-IP-address is required to allow the return-traffic from the SSH-servers to reach the server-admin

Answer: B

 

NEW QUESTION 95
Which three types of authentication services can be used to authenticate user traffic flowing through the firewalls data plane? (Choose three )

  • A. TACACS+
  • B. TACACS
  • C. Kerberos
  • D. SAML10
  • E. SAML2

Answer: B,C,E

 

NEW QUESTION 96
Which Security profile would you apply to identify infected hosts on the protected network using DNS traffic?

  • A. URL traffic
  • B. antivirus
  • C. anti-spyware
  • D. vulnerability protection

Answer: C

 

NEW QUESTION 97
Based on the show security policy rule would match all FTP traffic from the inside zone to the outside zone?

  • A. intercone-default
  • B. inside-portal
  • C. engress outside
  • D. internal-inside-dmz

Answer: C

 

NEW QUESTION 98
Order the steps needed to create a new security zone with a Palo Alto Networks firewall.

Answer:

Explanation:

Explanation
Step 1 - Select network tab
Step 2 - Select zones from the list of available items
Step 3 - Select Add
Step 4 - Specify Zone Name
Step 5 - Specify Zone Type
Step 6 - Assign interfaces as needed

 

NEW QUESTION 99
Which operations are allowed when working with App-ID application tags?

  • A. Predefined tags may be updated by WildFire dynamic updates.
  • B. Predefined tags may be augmented by custom tags.
  • C. Predefined tags may be deleted.
  • D. Predefined tags may be modified.

Answer: B

 

NEW QUESTION 100
How often does WildFire release dynamic updates?

  • A. every 30 minutes
  • B. every 15 minutes
  • C. every 60 minutes
  • D. every 5 minutes

Answer: D

 

NEW QUESTION 101
Order the steps needed to create a new security zone with a Palo Alto Networks firewall.

Answer:

Explanation:

Explanation
Step 1 - Select network tab
Step 2 - Select zones from the list of available items
Step 3 - Select Add
Step 4 - Specify Zone Name
Step 5 - Specify Zone Type
Step 6 - Assign interfaces as needed

 

NEW QUESTION 102
......

Latest PCNSA Pass Guaranteed Exam Dumps with Accurate & Updated Questions: https://www.preppdf.com/Palo-Alto-Networks/PCNSA-prepaway-exam-dumps.html

PCNSA Exam Brain Dumps - Study Notes and Theory: https://drive.google.com/open?id=1pJegza1KhOju4efQ9YPmpcaX8_wd804p

Related Articles

more
Palo Alto Networks PCNSA Certification Practice Exam