• Home
  • Articles
  • All Obstacles During PCNSA Exam Preparation with PCNSA Real Test Questions [Q84-Q99]

All Obstacles During PCNSA Exam Preparation with PCNSA Real Test Questions [Q84-Q99]

Share

All Obstacles During PCNSA Exam Preparation with PCNSA Real Test Questions

Fully Updated Free Actual Palo Alto Networks PCNSA Exam Questions

NEW QUESTION # 84
Which two firewall components enable you to configure SYN flood protection thresholds? (Choose two.)

  • A. DoS Protection policy
  • B. DoS Protection profile
  • C. Zone Protection profile
  • D. QoS profile

Answer: B,C


NEW QUESTION # 85
What must be considered with regards to content updates deployed from Panorama?

  • A. Panorama can only install up to five content versions of the same type for potential rollback scenarios.
  • B. Content update schedulers need to be configured separately per device group.
  • C. A PAN-OS upgrade resets all scheduler configurations for content updates.
  • D. Panorama can only download one content update at a time for content updates of the same type.

Answer: D


NEW QUESTION # 86
Employees are shown an application block page when they try to access YouTube. Which security policy is blocking the YouTube application?

  • A. intrazone-default
  • B. interzone-default
  • C. allowed-security services
  • D. Deny Google

Answer: B


NEW QUESTION # 87
Which Security profile can you apply to protect against malware such as worms and Trojans?

  • A. data filtering
  • B. vulnerability protection
  • C. antivirus
  • D. anti-spyware

Answer: C

Explanation:
Antivirus Security Profiles protect against viruses, worms, and Trojans, along with spyware downloads.


NEW QUESTION # 88
In order to attach an Antivirus, Anti-Spyware and Vulnerability Protection security profile to your Security Policy rules, which setting must be selected?

  • A. Policies > Security > Actions Tab > Select Tagged-Profiles as Profile Type
  • B. Policies > Security > Actions Tab > Select Profiles as Profile Type
  • C. Policies > Security > Actions Tab > Select Default-Profiles as Profile Type
  • D. Policies > Security > Actions Tab > Select Group-Profiles as Profile Type

Answer: B

Explanation:
To enable the firewall to scan the traffic that it allows based on a Security policy rule, you must also attach Security Profiles -including URL Filtering, Antivirus, Anti-Spyware, File Blocking, and WildFire Analysis-to each rule. To attach a Security Profile to a Security policy rule, you must select Profiles as the Profile Type in the Actions tab of the rule. This allows you to choose from the predefined or custom Security Profiles that you have configured. Group-Profiles, Default-Profiles, and Tagged-Profiles are not valid options for attaching Security Profiles to Security policy rules. References: Set Up a Basic Security Policy, Security Profiles, Updated Certifications for PAN-OS 10.1


NEW QUESTION # 89
Which dynamic update type includes updated anti-spyware signatures?

  • A. PAN-DB
  • B. Antivirus
  • C. Applications and Threats
  • D. GlobalProtect Data File

Answer: B


NEW QUESTION # 90
Which type of administrative role must you assign to a firewall administrator account, if the account must include a custom set of firewall permissions?

  • A. Role-based
  • B. SAML
  • C. Dynamic
  • D. Multi-Factor Authentication

Answer: A

Explanation:
Explanation/Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/manage- firewall-administrators/administrative-role-types.html


NEW QUESTION # 91
Which two features can be used to tag a username so that it is included in a dynamic user group?
(Choose two.)

  • A. GlobalProtect agent
  • B. User-ID Windows-based agent
  • C. XML API
  • D. log forwarding auto-tagging

Answer: C,D

Explanation:
Usernames also can be tagged and untagged using the autotagging feature in a Log Forwarding Profile. You also can program another utility to invoke PAN-OS XML API commands to tag or untag usernames. In the web interface you can use logical AND or OR operators with the tags to better filter or match against. You can configure a timeout value that determines when a username will be untagged automatically.
https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/datasheets/education/pcns e-study-guide.pdf


NEW QUESTION # 92
Your company occupies one floor in a single building. You have two Active Directory domain controllers on a single network. The firewall's management plane is only slightly utilized.
Which User-ID agent is sufficient in your network?

  • A. Windows-based agent deployed on the internal network a domain member
  • B. Citrix terminal server agent deployed on the network
  • C. PAN-OS integrated agent deployed on the firewall
  • D. Windows-based agent deployed on each domain controller

Answer: D

Explanation:
Explanation/Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/user-id/map-ip-addresses-to-users/ configure-user-mapping-using-the-windows-user-id-agent/configure-the-windows-based-user-id-agent-for-user- mapping.html


NEW QUESTION # 93
Which option shows the attributes that are selectable when setting up application filters?

  • A. Category, Subcategory, Technology, Risk, and Characteristic
  • B. Name, Category, Technology, Risk, and Characteristic
  • C. Category, Subcategory, Risk, Standard Ports, and Technology
  • D. Category, Subcategory, Technology, and Characteristic

Answer: A

Explanation:
Explanation/Reference: https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-web-interface-help/objects/objects- application-filters


NEW QUESTION # 94
An administrator is troubleshooting an issue with traffic that matches the interzone-default rule, which is set to default configuration.
What should the administrator do?

  • A. Tune your Traffic Log filter to include the dates
  • B. Review the System Log
  • C. Refresh the Traffic Log
  • D. Change the logging action on the rule

Answer: D

Explanation:
Traffic that does not match any of the rules you defined will match the predefined interzone- default rule at the bottom of the rulebase and be denied. For visibility into the traffic that is not matching any of the rules you created, enable logging on the interzone-default rule.


NEW QUESTION # 95
Which two settings allow you to restrict access to the management interface? (Choose two )

  • A. restricting HTTP and telnet using App-ID
  • B. permitted IP addresses
  • C. administrative management services
  • D. enabling the Content-ID filter

Answer: A,D


NEW QUESTION # 96
What are two predefined AntiSpyware profiles? (Choose two.)

  • A. Default
  • B. Secure
  • C. Standard
  • D. Strict

Answer: A,D


NEW QUESTION # 97
In which profile should you configure the DNS Security feature?

  • A. Anti-Spyware Profile
  • B. URL Filtering Profile
  • C. Antivirus Profile
  • D. Zone Protection Profile

Answer: A

Explanation:
To enable DNS security, domain queries using DNS security that are found to be threats are remediated with an Anti-Spyware Security Profile. Edit an existing or open a new Anti-Spyware Profile using Objects > Security Profiles > Anti-Spyware.


NEW QUESTION # 98
In which two Security Profiles can an action equal to the block IP feature be configured? (Choose two.)

  • A. Antivirus
  • B. URL Filtering
  • C. Anti-spyware
  • D. Vulnerability Protection

Answer: C,D

Explanation:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/objects/objects-security-profiles/actions


NEW QUESTION # 99
......


The PCNSA certification is a valuable credential for security professionals who want to demonstrate their expertise in managing and securing enterprise networks. Palo Alto Networks Certified Network Security Administrator certification provides validation of the candidate's skills and knowledge in Palo Alto Networks NGFWs, which are widely used by large enterprises around the world. Palo Alto Networks Certified Network Security Administrator certification also demonstrates the candidate's commitment to professional development and ongoing learning in the field of network security.


The PCNSA certification is ideal for network security professionals who want to enhance their skills and knowledge in network security administration. It is also suitable for IT professionals who are responsible for managing network security or who want to transition into a network security role. Palo Alto Networks Certified Network Security Administrator certification provides individuals with the necessary skills and knowledge to secure their network infrastructure against modern cyber threats.

 

Validate your PCNSA Exam Preparation with PCNSA Practice Test: https://www.examslabs.com/Palo-Alto-Networks/Paloalto-Network-Security-Administrator/best-PCNSA-exam-dumps.html

Free PCNSA Questions for Palo Alto Networks PCNSA Exam [Nov-2024]: https://drive.google.com/open?id=1tjDE-s4U0dXuPKiCSTwCgfK5TtSwNJG4

Related Articles

more
Go To PCNSA Questions