Validate your PCNSA Exam Preparation with PCNSA Practice Test (Online & Offline) [Q195-Q212]

Share

Validate your PCNSA Exam Preparation with PCNSA Practice Test (Online & Offline)

Get all the Information About Palo Alto Networks PCNSA Exam 2023 Practice Test Questions


Palo Alto PCNSA Exam Topics:

SectionObjectivesWeight
Traffic Visibility- Given a scenario, select the appropriate application-based security policy rules.
- Given a scenario, configure application filters or application groups.
- Identify the purpose of application characteristics as defined in the App-ID database.
- Identify the potential impact of App-ID updates to existing security policy rules.
- Identify the tools to optimize security policies.
- Identify features used to streamline App-ID policy creation.
20%
Securing Traffic- Given a risk scenario, identify and apply the appropriate security profile.
- Identify the difference between security policy actions and security profile actions.
- Given a network scenario, identify how to customize security profiles.
- Identify the firewall’s protection against packet- and protocol-based attacks.
- Identify how the firewall can use the cloud DNS Security to control traffic based on domains.
- Identify how the firewall can use the PAN-DB database to control traffic based on websites.
- Identify how to control access to specific URLs using custom URL filtering categories.
18%
Simply Passing Traffic- Identify and configure firewall management interfaces.
- Identify how to manage firewall configurations.
- Identify and schedule dynamic updates.
- Configure internal and external services for account administration.
- Given a network diagram, create the appropriate security zones.
- Identify and configure firewall interfaces.
- Given a scenario, identify steps to create and configure a virtual router.
- Identify the purpose of specific security rule types.
- Identify and configure security policy match conditions, actions, and logging options.
- Given a scenario, identify and implement the proper NAT solution.
24%

 

NEW QUESTION # 195
Which three management interface settings must be configured for functional dynamic updates and administrative access on a Palo Alto Networks firewall? (Choose three.)

  • A. NTP
  • B. IP address
  • C. MTU
  • D. DNS server
  • E. service routes

Answer: A,B,D

Explanation:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClN7CAK


NEW QUESTION # 196
Which five Zero Trust concepts does a Palo Alto Networks firewall apply to achieve an integrated approach to prevent threats? (Choose five.)

  • A. Anti-spyware
  • B. Application identification
  • C. Antivirus
  • D. Vulnerability protection
  • E. Filtration protection
  • F. User identification

Answer: A,B,C,D,F

Explanation:
Explanation/Reference:


NEW QUESTION # 197
For the firewall to use Active Directory to authenticate users, which Server Profile is required in the Authentication Profile?

  • A. TACACS+
  • B. SAML
  • C. RADIUS
  • D. LDAP

Answer: D

Explanation:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/authentication/configure-an-authentication-profile-and-sequence


NEW QUESTION # 198
Selecting the option to revert firewall changes will replace what settings?

  • A. the candidate configuration with settings from the running configuration
  • B. dynamic update scheduler settings
  • C. the device state with settings from another configuration
  • D. the running configuration with settings from the candidate configuration

Answer: C

Explanation:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/manage-configuration-backups/revert-firewall-configuration-changes.html


NEW QUESTION # 199
When creating a Source NAT policy, which entry in the Translated Packet tab will display the options Dynamic IP and Port, Dynamic, Static IP, and None?

  • A. Address Type
  • B. Interface
  • C. IP Address
  • D. Translation Type

Answer: D


NEW QUESTION # 200
Which component provides network security for mobile endpoints by inspecting traffic routed through gateways?

  • A. AutoFocus
  • B. Panorama
  • C. GlobalProtect
  • D. Prisma SaaS

Answer: D

Explanation:
https://www.paloaltonetworks.com/resources/whitepapers/protecting-the-extended-perimeter- with-globalprotect-cloud-service-full


NEW QUESTION # 201
A company moved its old port-based firewall to a new Palo Alto Networks NGFW 60 days ago. Which utility should the company use to identify out-of-date or unused rules on the firewall?

  • A. Rule Usage Filter > Unused Apps
  • B. Rule Usage Filter >Hit Count > Unused in 30 days
  • C. Rule Usage Filter > Hit Count > Unused in 90 days
  • D. Rule Usage Filter > No App Specified

Answer: B


NEW QUESTION # 202
Which protocol is used to map usernames to user groups when User-ID is configured?

  • A. TACACS+
  • B. SAML
  • C. RADIUS
  • D. LDAP

Answer: D

Explanation:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-users-to-groups.html


NEW QUESTION # 203
Based on the shown security policy, which Security policy rule would match all FTP traffic from the inside zone to the outside zone?

  • A. egress-outside
  • B. inside-portal
  • C. internal-inside-dmz
  • D. interzone-default

Answer: A


NEW QUESTION # 204
Based on the show security policy rule would match all FTP traffic from the inside zone to the outside zone?

  • A. engress outside
  • B. intercone-default
  • C. inside-portal
  • D. internal-inside-dmz

Answer: A


NEW QUESTION # 205
Match the Cyber-Attack Lifecycle stage to its correct description.

Answer:

Explanation:

Explanation
Reconnaissance - stage where the attacker scans for network vulnerabilities and services that can be exploited.
Installation - stage where the attacker will explore methods such as a root kit to establish persistence Command and Control - stage where the attacker has access to a specific server so they can communicate and pass data to and from infected devices within a network.
Act on the Objective - stage where an attacker has motivation for attacking a network to deface web property


NEW QUESTION # 206
What are three valid information sources that can be used when tagging users to dynamic user groups? (Choose three.)

  • A. Security Information and Event Management Systems (SIEMS), such as Splunk
  • B. firewall logs
  • C. DNS Security service
  • D. custom API scripts
  • E. biometric scanning results from iOS devices

Answer: A,B,D

Explanation:
https://docs.paloaltonetworks.com/best-practices/10-1/user-id-best-practices/user-id-best- practices/user-id-best-practices-for-dynamic-user-groups Identity the user information sources for the tags:
Firewall logs
For Authentication, Data, Threat, Traffic, Tunnel Inspection, URL, and WildFire logs, create a log forwarding profile and use the Built-In Actions.
For User-ID, HIP Match, GlobalProtect, and IP-Tag logs, configure the log settings.
Cortex XSOAR
Security Information and Event Management Systems (SIEMS), such as Splunk Custom API scripts


NEW QUESTION # 207
All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone.
Complete the two empty fields in the Security policy rules that permits only this type of access. (Choose two.) Source Zone: Internal Destination Zone: DMZ Zone Application: _________?
Service: ____________?
Action: allow

  • A. Service = "service-telnet"
  • B. Application = "Telnet"
  • C. Service = "application-default"
  • D. Application = "any"

Answer: B,C


NEW QUESTION # 208
Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping.
What is the quickest way to reset the hit counter to zero in all the security policy rules?

  • A. Reboot the firewall
  • B. Highlight a rule and use the Reset Rule Hit Counter > Selected Rules for each rule
  • C. Use the Reset Rule Hit Counter > All Rules option
  • D. At the CLI enter the command reset rules and press Enter

Answer: C

Explanation:
References:


NEW QUESTION # 209
Match the Cyber-Attack Lifecycle stage to its correct description.

Answer:

Explanation:


NEW QUESTION # 210
An administrator would like to override the default deny action for a given application and instead would like to block the traffic and send the ICMP code "communication with the destination is administratively prohibited" Which security policy action causes this?

  • A. Drop
  • B. Drop, send ICMP Unreachable
  • C. Reset both
  • D. Reset server

Answer: C


NEW QUESTION # 211
Order the steps needed to create a new security zone with a Palo Alto Networks firewall.

Answer:

Explanation:

Explanation
Step 1 - Select network tab
Step 2 - Select zones from the list of available items
Step 3 - Select Add
Step 4 - Specify Zone Name
Step 5 - Specify Zone Type
Step 6 - Assign interfaces as needed


NEW QUESTION # 212
......


Palo Alto Networks PCNSA certification exam is a valuable certification for network security professionals who use Palo Alto Networks products and services. PCNSA exam validates the knowledge and skills of professionals in the implementation, configuration, and management of Palo Alto Networks products and services. Palo Alto Networks Certified Network Security Administrator certification is recognized by employers around the world and can enhance the career prospects of network security professionals.


To prepare for the PCNSA certification exam, candidates can take advantage of a range of study resources, including online training courses, study guides, and practice exams. By investing time and effort in preparing for the exam, candidates can increase their chances of passing the exam and earning the PCNSA certification.

 

Check Real Palo Alto Networks PCNSA Exam Question for Free (2023): https://www.lead1pass.com/Palo-Alto-Networks/PCNSA-practice-exam-dumps.html

Get Ready to Boost your Prepare for your PCNSA Exam with 382 Questions: https://drive.google.com/open?id=1EvgwoH3nmLtXT5KKoeLqmqjEXsusWN49