Pass PCNSA Exam With Updated PCNSA Dumps Questions V13.02

1. Which dynamic update type includes updated anti-spyware signatures?

2. To use Active Directory to authenticate administrators, which server profile is required in the authentication profile?

3. Which plane on a Palo alto networks firewall provides configuration logging and reporting functions on a separate processor?

4. Which prevention technique will prevent attacks based on packet count?

5. Based on the screenshot what is the purpose of the group in User labelled ''it"?

6. DRAG DROP

Arrange the correct order that the URL classifications are processed within the system.

7. Which type of address object is "10 5 1 1/0 127 248 2"?

8. Palo Alto Networks firewall architecture accelerates content map minimizing latency using which two components'? (Choose two)

9. Given the topology, which zone type should zone A and zone B to be configured with?

10. Which user mapping method could be used to discover user IDs in an environment with multiple Windows domain controllers?

11. DRAG DROP

Order the steps needed to create a new security zone with a Palo Alto Networks firewall.

12. Which Palo Alto network security operating platform component provides consolidated policy creation and centralized management?

13. Which URL Filtering profile action would you set to allow users the option to access a site only if they provide a URL admin password?

14. Based on the security policy rules shown, ssh will be allowed on which port?

15. The PowerBall Lottery has reached an unusually high value this week. Your company has decided to raise morale by allowing employees to access the PowerBall Lottery website (www.powerball.com) for just this week. However, the company does not want employees to access any other websites also listed in the URL filtering “gambling” category.

Which method allows the employees to access the PowerBall Lottery website but without unblocking access to the “gambling” URL category?

16. Which update option is not available to administrators?

17. When creating a Source NAT policy, which entry in the Translated Packet tab will display the options Dynamic IP and Port, Dynamic, Static IP, and None?

18. What are three differences between security policies and security profiles? (Choose three.)

19. An administrator wants to prevent access to media content websites that are risky.

Which two URL categories should be combined in a custom URL category to accomplish this goal? (Choose two)

20. Which option lists the attributes that are selectable when setting up an Application filters?

21. In which stage of the Cyber-Attack Lifecycle would the attacker inject a PDF file within an email?

22. Which license must an Administrator acquire prior to downloading Antivirus Updates for use with the firewall?

23. A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base.

On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days.

Based on the information, how is the SuperApp traffic affected after the 30 days have passed?

24. Given the scenario, which two statements are correct regarding multiple static default routes? (Choose two.)

25. Assume a custom URL Category Object of "NO-FILES" has been created to identify a specific website

How can file uploading/downloading be restricted for the website while permitting general browsing access to that website?

26. Which statements is true regarding a Heatmap report?

27. Which two App-ID applications will need to be allowed to use Facebook-chat? (Choose two.)

28. Which five Zero Trust concepts does a Palo Alto Networks firewall apply to achieve an integrated approach to prevent threats? (Choose five.)

29. Which file is used to save the running configuration with a Palo Alto Networks firewall?

30. How many zones can an interface be assigned with a Palo Alto Networks firewall?

31. Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can initiate malicious code against a targeted machine.

32. Which two settings allow you to restrict access to the management interface? (Choose two)

33. Which two security profile types can be attached to a security policy? (Choose two.)

34. A company moved its old port-based firewall to a new Palo Alto Networks NGFW 60 days ago.

Which utility should the company use to identify out-of-date or unused rules on the firewall?

35. Which interface does not require a MAC or IP address?

36. An internal host wants to connect to servers of the internet through using source NAT.

Which policy is required to enable source NAT on the firewall?

37. DRAG DROP

Match the cyber-attack lifecycle stage to its correct description.

38. Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks Firewall? (Choose two.)

39. Actions can be set for which two items in a URL filtering security profile? (Choose two.)

40. Your company requires positive username attribution of every IP address used by wireless devices to support a new compliance requirement. You must collect IP Cto-user mappings as soon as possible with minimal downtime and minimal configuration changes to the wireless devices themselves. The wireless devices are from various manufactures.

Given the scenario, choose the option for sending IP-to-user mappings to the NGFW.

41. An administrator wants to prevent users from submitting corporate credentials in a phishing attack.

Which Security profile should be applied?

42. How often does WildFire release dynamic updates?

43. What is the main function of the Test Policy Match function?

44. Which two features can be used to tag a user name so that it is included in a dynamic user group? (Choose two)

45. An administrator wishes to follow best practices for logging traffic that traverses the firewall

Which log setting is correct?

46. DRAG DROP

Match the Palo Alto Networks Security Operating Platform architecture to its description.

47. Which action related to App-ID updates will enable a security administrator to view the existing security policy rule that matches new application signatures?

48. Which statement is true about Panorama managed devices?

49. Given the cyber-attack lifecycle diagram identify the stage in which the attacker can run malicious code against a vulnerability in a targeted machine.

50. Given the image, which two options are true about the Security policy rules. (Choose two.)

51. Based on the graphic which statement accurately describes the output shown in the server monitoring panel?

52. The CFO found a USB drive in the parking lot and decide to plug it into their corporate laptop. The USB drive had malware on it that loaded onto their computer and then contacted a known command and control (CnC) server, which ordered the infected machine to begin Exfiltrating data from the laptop.

Which security profile feature could have been used to prevent the communication with the CnC server?

53. Which type of security rule will match traffic between the Inside zone and Outside zone, within the Inside zone, and within the Outside zone?

54. Which action results in the firewall blocking network traffic with out notifying the sender?

55. DRAG DROP

Match the Cyber-Attack Lifecycle stage to its correct description.

56. What is an advantage for using application tags?

57. Access to which feature requires the PAN-OS Filtering license?

58. Given the network diagram, traffic should be permitted for both Trusted and Guest users to access general Internet and DMZ servers using SSH. web-browsing and SSL applications

Which policy achieves the desired results?

A)

B)

C)

D)

59. In a security policy what is the quickest way to rest all policy rule hit counters to zero?

60. You need to allow users to access the officeCsuite application of their choice.

How should you configure the firewall to allow access to any office-suite application?