[Q92-Q112] Verified PCNSA dumps Q&As - Pass Guarantee Exam Dumps Test Engine [2022]

Share

Verified PCNSA dumps Q&As - Pass Guarantee Exam Dumps Test Engine [2022]

PCNSA dumps and 170 unique questions

NEW QUESTION 92
All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone. Complete the two empty fields in the Security Policy rules that permits only this type of access.

Choose two.

  • A. Service = "any"
  • B. Application = "any"
  • C. Application = "Telnet"
  • D. Service - "application-default"

Answer: C,D

 

NEW QUESTION 93
What is the minimum timeframe that can be set on the firewall to check for new WildFire signatures?

  • A. every 30 minutes
  • B. once every 24 hours
  • C. every 1 minute
  • D. every 5 minutes

Answer: D

Explanation:
Explanation
Firewalls with an active WildFire license can retrieve the latest WildFire signatures every five minutes. If you do not have a WildFire subscription, signatures are made available within 24-48 hours as part of the antivirus update for firewalls with an active Threat Prevention license.
https://docs.paloaltonetworks.com/wildfire/9-0/wildfire-admin/wildfire-overview/wildfire-concepts/wildfire-sign

 

NEW QUESTION 94
Which type of firewall configuration contains in-progress configuration changes?

  • A. committed
  • B. backup
  • C. running
  • D. candidate

Answer: D

 

NEW QUESTION 95
Arrange the correct order that the URL classifications are processed within the system.

Answer:

Explanation:

 

NEW QUESTION 96
Your company occupies one floor in a single building. You have two Active Directory domain controllers on a single network. The firewall's management plane is only slightly utilized.
Which User-ID agent is sufficient in your network?

  • A. PAN-OS integrated agent deployed on the firewall
  • B. Windows-based agent deployed on the internal network a domain member
  • C. Windows-based agent deployed on each domain controller
  • D. Citrix terminal server agent deployed on the network

Answer: C

Explanation:
Explanation/Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/user-id/map-ip-addresses-to-users/ configure-user-mapping-using-the-windows-user-id-agent/configure-the-windows-based-user-id-agent-for-user- mapping.html

 

NEW QUESTION 97
Which type of security policy rule will match traffic that flows between the Outside zone and inside zone, but would not match traffic that flows within the zones?

  • A. interzone
  • B. global
  • C. universal
  • D. intrazone

Answer: D

 

NEW QUESTION 98
How often does WildFire release dynamic updates?

  • A. every 30 minutes
  • B. every 15 minutes
  • C. every 60 minutes
  • D. every 5 minutes

Answer: D

Explanation:
Explanation/Reference:
Reference: https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-new-features/wildfire-features/five-minute- wildfire-updates

 

NEW QUESTION 99
Based on the graphic which statement accurately describes the output shown in the server monitoring panel?

  • A. The host lab-client has been found by a domain controller.
  • B. The User-ID agent is connected to a domain controller labeled lab client.
  • C. The host lab-client has been by the User-ID agent.

Answer: B

 

NEW QUESTION 100
Identify the correct order to configure the PAN-OS integrated USER-ID agent.
3. add the service account to monitor the server(s)
2. define the address of the servers to be monitored on the firewall
4. commit the configuration, and verify agent connection status
1. create a service account on the Domain Controller with sufficient permissions to execute the User- ID agent

  • A. 2-3-4-1
  • B. 1-3-2-4
  • C. 1-4-3-2
  • D. 3-1-2-4

Answer: B

 

NEW QUESTION 101
How many zones can an interface be assigned with a Palo Alto Networks firewall?

  • A. four
  • B. two
  • C. one
  • D. three

Answer: C

 

NEW QUESTION 102
Which prevention technique will prevent attacks based on packet count?

  • A. URL filtering profile
  • B. antivirus profile
  • C. zone protection profile
  • D. vulnerability profile

Answer: C

 

NEW QUESTION 103
Based on the show security policy rule would match all FTP traffic from the inside zone to the outside zone?

  • A. inside-portal
  • B. intercone-default
  • C. internal-inside-dmz
  • D. engress outside

Answer: B

 

NEW QUESTION 104
How often does WildFire release dynamic updates?

  • A. every 30 minutes
  • B. every 15 minutes
  • C. every 60 minutes
  • D. every 5 minutes

Answer: D

 

NEW QUESTION 105
Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can initiate malicious code against a targeted machine.

  • A. Exploitation
  • B. Installation
  • C. Act on Objective
  • D. Reconnaissance

Answer: A

 

NEW QUESTION 106
Based on the screenshot what is the purpose of the group in User labelled ''it"?

  • A. Allows "any" users to access servers in the DMZ zone
  • B. Allows users in group "DMZ" lo access IT applications
  • C. Allows users to access IT applications on all ports
  • D. Allows users in group "it" to access IT applications

Answer: D

 

NEW QUESTION 107
Based on the screenshot, what is the purpose of the Included Groups?

  • A. They are used to map users to groups.
  • B. They are groups that are imported from RADIUS authentication servers.
  • C. They contain only the users you allow to manage the firewall.
  • D. They are the only groups visible based on the firewall's credentials.

Answer: A

Explanation:
Explanation/Reference: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-users-to-groups.html

 

NEW QUESTION 108
How are Application Fillers or Application Groups used in firewall policy?

  • A. An Application Group is a static way of grouping applications and cannot be configured as a nested member of Application Group
  • B. An Application Group is a dynamic way of grouping applications and can be configured as a nested member of an Application Group
  • C. An Application Filter is a static way of grouping applications and can be configured as a nested member of an Application Group
  • D. An Application Filter is a dynamic way to group applications and can be configured as a nested member of an Application Group

Answer: D

 

NEW QUESTION 109
What is the main function of Policy Optimizer?

  • A. migrate other firewall vendors' security rules to Palo Alto Networks configuration
  • B. reduce load on the management plane by highlighting combinable security rules
  • C. convert port-based security rules to application-based security rules
  • D. eliminate "Log at Session Start" security rules

Answer: C

 

NEW QUESTION 110
The firewall sends employees an application block page when they try to access Youtube.
Which Security policy rule is blocking the youtube application?

  • A. allowed-security services
  • B. Deny Google
  • C. interzone-default
  • D. intrazone-default

Answer: C

 

NEW QUESTION 111
Which the app-ID application will you need to allow in your security policy to use facebook-chat?

  • A. facebook-chat
  • B. facebook-email
  • C. facebook-base
  • D. facebook

Answer: A,C

 

NEW QUESTION 112
......


Palo Alto PCNSA Exam Topics:

SectionObjectivesWeight
Identifying Users- Given a scenario, identify an appropriate method to map IP addresses to usernames.
- Given a scenario, identify the appropriate User-ID agent to deploy.
- Identify how the firewall maps usernames to user groups.
- Given a graphic, identify User-ID configuration options.
12%
Traffic Visibility- Given a scenario, select the appropriate application-based security policy rules.
- Given a scenario, configure application filters or application groups.
- Identify the purpose of application characteristics as defined in the App-ID database.
- Identify the potential impact of App-ID updates to existing security policy rules.
- Identify the tools to optimize security policies.
- Identify features used to streamline App-ID policy creation.
20%
Simply Passing Traffic- Identify and configure firewall management interfaces.
- Identify how to manage firewall configurations.
- Identify and schedule dynamic updates.
- Configure internal and external services for account administration.
- Given a network diagram, create the appropriate security zones.
- Identify and configure firewall interfaces.
- Given a scenario, identify steps to create and configure a virtual router.
- Identify the purpose of specific security rule types.
- Identify and configure security policy match conditions, actions, and logging options.
- Given a scenario, identify and implement the proper NAT solution.
24%
Deployment Optimization- Identify the benefits and differences between the Heatmap and the BPA reports.4%
Securing Traffic- Given a risk scenario, identify and apply the appropriate security profile.
- Identify the difference between security policy actions and security profile actions.
- Given a network scenario, identify how to customize security profiles.
- Identify the firewall’s protection against packet- and protocol-based attacks.
- Identify how the firewall can use the cloud DNS Security to control traffic based on domains.
- Identify how the firewall can use the PAN-DB database to control traffic based on websites.
- Identify how to control access to specific URLs using custom URL filtering categories.
18%
Palo Alto Networks Security Operating Platform Core Components- Identify the components of the Palo Alto Networks Cybersecurity Portfolio.
- Identify the components and operation of Single-Pass Parallel Processing architecture.
- Given a network design scenario, apply the Zero Trust security model and describe how it relates to traffic moving through your network.
- Identify stages in the cyberattack lifecycle and firewall mitigations that can prevent attacks.
22%

 

PCNSA Dumps for Pass Guaranteed - Pass PCNSA Exam: https://www.itexamdownload.com/PCNSA-valid-questions.html

PCNSA Exam Dumps - Try Best PCNSA Exam Questions: https://drive.google.com/open?id=12vvfzGfbChIpDh_0Y6EQSk3Xh-r9vRLc