New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

PCNSA Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0) Questions and Answers

Questions 4

Which interface type can use virtual routers and routing protocols?

Options:

A.

Tap

B.

Layer3

C.

Virtual Wire

D.

Layer2

Buy Now
Questions 5

Which license is required to use the Palo Alto Networks built-in IP address EDLs?

Options:

A.

DNS Security

B.

Threat Prevention

C.

WildFire

D.

SD-Wan

Buy Now
Questions 6

Which three types of Source NAT are available to users inside a NGFW? (Choose three.)

Options:

A.

Dynamic IP and Port (DIPP)

B.

Static IP

C.

Static Port

D.

Dynamic IP

E.

Static IP and Port (SIPP)

Buy Now
Questions 7

Which information is included in device state other than the local configuration?

Options:

A.

uncommitted changes

B.

audit logs to provide information of administrative account changes

C.

system logs to provide information of PAN-OS changes

D.

device group and template settings pushed from Panorama

Buy Now
Questions 8

Given the scenario, which two statements are correct regarding multiple static default routes? (Choose two.)

Options:

A.

Path monitoring does not determine if route is useable

B.

Route with highest metric is actively used

C.

Path monitoring determines if route is useable

D.

Route with lowest metric is actively used

Buy Now
Questions 9

An administrator has an IP address range in the external dynamic list and wants to create an exception for one specific IP address in this address range.

Which steps should the administrator take?

Options:

A.

Add the address range to the Manual Exceptions list and exclude the IP address by selecting the entry.

B.

Add each IP address in the range as a list entry and then exclude the IP address by adding it to the Manual Exceptions list.

C.

Select the address range in the List Entries list. A column will open with the IP addresses. Select the entry to exclude.

D.

Add the specific IP address from the address range to the Manual Exceptions list by using regular expressions to define the entry.

Buy Now
Questions 10

What must be configured before setting up Credential Phishing Prevention?

Options:

A.

Anti Phishing Block Page

B.

Threat Prevention

C.

Anti Phishing profiles

D.

User-ID

Questions 11

What is the maximum volume of concurrent administrative account sessions?

Options:

A.

Unlimited

B.

2

C.

10

D.

1

Buy Now
Questions 12

How are service routes used in PAN-OS?

Options:

A.

By the OSPF protocol, as part of Dijkstra's algorithm, to give access to the various services offered in the network

B.

To statically route subnets so they are joinable from, and have access to, the Palo Alto Networks external services

C.

For routing, because they are the shortest path selected by the BGP routing protocol

D.

To route management plane services through data interfaces rather than the management interface

Buy Now
Questions 13

You receive notification about new malware that infects hosts through malicious files transferred by FTP.

Which Security profile detects and protects your internal networks from this threat after you update your firewall’s threat signature database?

Options:

A.

URL Filtering profile applied to inbound Security policy rules.

B.

Data Filtering profile applied to outbound Security policy rules.

C.

Antivirus profile applied to inbound Security policy rules.

D.

Vulnerability Prote

ction profile applied to outbound Security policy rules.

Buy Now
Questions 14

Which two options does the firewall use to dynamically populate address group members? (Choose two.)

Options:

A.

IP Addresses

B.

Tags

C.

MAC Addresses

D.

Tag-based filters

Buy Now
Questions 15

A network administrator creates an intrazone security policy rule on a NGFW. The source zones are set to IT. Finance, and HR.

To which two types of traffic will the rule apply? (Choose two.)

Options:

A.

Within zone HR

B.

Within zone IT

C.

Between zone IT and zone HR

D.

Between zone IT and zone Finance

Questions 16

Which protocol used to map username to user groups when user-ID is configured?

Options:

A.

SAML

B.

RADIUS

C.

TACACS+

D.

LDAP

Buy Now
Questions 17

Which two rule types allow the administrator to modify the destination zone? (Choose two )

Options:

A.

interzone

B.

intrazone

C.

universal

D.

shadowed

Buy Now
Questions 18

What are the two main reasons a custom application is created? (Choose two.)

Options:

A.

To correctly identify an internal application in the traffic log

B.

To change the default categorization of an application

C.

To visually group similar applications

D.

To reduce unidentified traffic on a network

Questions 19

Which type of profile must be applied to the Security policy rule to protect against buffer overflows illegal code execution and other attempts to exploit system flaws?

Options:

A.

anti-spyware

B.

URL filtering

C.

vulnerability protection

D.

file blocking

Buy Now
Questions 20

Place the steps in the correct packet-processing order of operations.

Options:

Buy Now
Questions 21

How would a Security policy need to be written to allow outbound traffic using Secure Shell (SSH) to destination ports tcp/22 and tcp/4422?

Options:

A.

The admin creates a custom service object named "tcp-4422" with port tcp/4422.

The admin then creates a Security policy allowing application "ssh" and service "tcp-4422".

B.

The admin creates a custom service object named "tcp-4422" with port tcp/4422.

The admin then creates a Security policy allowing application "ssh", service "tcp-4422". and service "application-default".

C.

The admin creates a Security policy allowing application "ssh" and service "application-default".

D.

The admin creates a custom service object named "tcp-4422" with port tcp/4422.

The admin also creates a custom service object named "tcp-22" with port tcp/22.

The admin then creates a Security policy allowing application "ssh", service "tcp-4422". and service "tcp-22".

Buy Now
Questions 22

After making multiple changes to the candidate configuration of a firewall, the administrator would like to start over with a candidate configuration that matches the running configuration.

Which command in Device > Setup > Operations would provide the most operationally efficient way to accomplish this?

Options:

A.

Import named config snapshot

B.

Load named configuration snapshot

C.

Revert to running configuration

D.

Revert to last saved configuration

Buy Now
Questions 23

Which type security policy rule would match traffic flowing between the inside zone and outside zone within the inside zone and within the outside zone?

Options:

A.

global

B.

universal

C.

intrazone

D.

interzone

Buy Now
Questions 24

Access to which feature requires the PAN-OS Filtering license?

Options:

A.

PAN-DB database

B.

DNS Security

C.

Custom URL categories

D.

URL external dynamic lists

Buy Now
Questions 25

Which two configuration settings shown are not the default? (Choose two.)

Options:

A.

Enable Security Log

B.

Server Log Monitor Frequency (sec)

C.

Enable Session

D.

Enable Probing

Buy Now
Questions 26

Based on the screenshot what is the purpose of the included groups?

Options:

A.

They are only groups visible based on the firewall's credentials.

B.

They are used to map usernames to group names.

C.

They contain only the users you allow to manage the firewall.

D.

They are groups that are imported from RADIUS authentication servers.

Buy Now
Questions 27

Which URL profiling action does not generate a log entry when a user attempts to access that URL?

Options:

A.

Override

B.

Allow

C.

Block

D.

Continue

Buy Now
Questions 28

What are the requirements for using Palo Alto Networks EDL Hosting Sen/ice?

Options:

A.

any supported Palo Alto Networks firewall or Prisma Access firewall

B.

an additional subscription free of charge

C.

a firewall device running with a minimum version of PAN-OS 10.1

D.

an additional paid subscription

Buy Now
Questions 29

What allows a security administrator to preview the Security policy rules that match new application signatures?

Options:

A.

Review Release Notes

B.

Dynamic Updates-Review Policies

C.

Dynamic Updates-Review App

D.

Policy Optimizer-New App Viewer

Questions 30

Which administrative management services can be configured to access a management interface?

Options:

A.

HTTP, CLI, SNMP, HTTPS

B.

HTTPS, SSH telnet SNMP

C.

SSH: telnet HTTP, HTTPS

D.

HTTPS, HTTP. CLI, API

Buy Now
Questions 31

Prior to a maintenance-window activity, the administrator would like to make a backup of only the running configuration to an external location.

What command in Device > Setup > Operations would provide the most operationally efficient way to achieve this outcome?

Options:

A.

save named configuration snapshot

B.

export device state

C.

export named configuration snapshot

D.

save candidate config

Buy Now
Questions 32

An administrator is updating Security policy to align with best practices.

Which Policy Optimizer feature is shown in the screenshot below?

Options:

A.

Rules without App Controls

B.

New App Viewer

C.

Rule Usage

D.

Unused Unused Apps

Buy Now
Questions 33

Which type of address object is www.paloaltonetworks.com?

Options:

A.

IP range

B.

IP netmask

C.

named address

D.

FQDN

Buy Now
Questions 34

An administrator creates a new Security policy rule to allow DNS traffic from the LAN to the DMZ zones. The administrator does not change the rule type from its default value.

What type of Security policy rule is created?

Options:

A.

Tagged

B.

Intrazone

C.

Universal

D.

Interzone

Buy Now
Questions 35

What must be configured for the firewall to access multiple authentication profiles for external services to authenticate a non-local account?

Options:

A.

authentication sequence

B.

LDAP server profile

C.

authentication server list

D.

authentication list profile

Buy Now
Questions 36

Which built-in IP address EDL would be useful for preventing traffic from IP addresses that are verified as unsafe based on WildFire analysis Unit 42 research and data gathered from telemetry?

Options:

A.

Palo Alto Networks C&C IP Addresses

B.

Palo Alto Networks Bulletproof IP Addresses

C.

Palo Alto Networks High-Risk IP Addresses

D.

Palo Alto Networks Known Malicious IP Addresses

Buy Now
Questions 37

What is the default action for the SYN Flood option within the DoS Protection profile?

Options:

A.

Alert

B.

Random Early Drop

C.

Reset-client

D.

Sinkhole

Buy Now
Questions 38

What does an administrator use to validate whether a session is matching an expected NAT policy?

Options:

A.

system log

B.

test command

C.

threat log

D.

config audit

Buy Now
Questions 39

How often does WildFire release dynamic updates?

Options:

A.

every 5 minutes

B.

every 15 minutes

C.

every 60 minutes

D.

every 30 minutes

Buy Now
Questions 40

Match the network device with the correct User-ID technology.

Options:

Buy Now
Questions 41

When creating a Source NAT policy, which entry in the Translated Packet tab will display the options Dynamic IP and Port, Dynamic, Static IP, and None?

Options:

A.

Translation Type

B.

Interface

C.

Address Type

D.

IP Address

Buy Now
Questions 42

Based on the security policy rules shown, ssh will be allowed on which port?

Options:

A.

any port

B.

same port as ssl and snmpv3

C.

the default port

D.

only ephemeral ports

Buy Now
Questions 43

Which Security profile should be applied in order to protect against illegal code execution?

Options:

A.

Vulnerability Protection profile on allowed traffic

B.

Antivirus profile on allowed traffic

C.

Antivirus profile on denied traffic

D.

Vulnerability Protection profile on denied traffic

Buy Now
Questions 44

For the firewall to use Active Directory to authenticate users, which Server Profile is required in the Authentication Profile?

Options:

A.

TACACS+

B.

RADIUS

C.

LDAP

D.

SAML

Buy Now
Questions 45

Match the cyber-attack lifecycle stage to its correct description.

Options:

Buy Now
Questions 46

Which action can be set in a URL Filtering Security profile to provide users temporary access to all websites in a given category using a provided password?

Options:

A.

exclude

B.

continue

C.

hold

D.

override

Buy Now
Questions 47

An administrator configured a Security policy rule where the matching condition includes a single application and the action is set to deny. What deny action will the firewall perform?

Options:

A.

Drop the traffic silently

B.

Perform the default deny action as defined in the App-ID database for the application

C.

Send a TCP reset packet to the client- and server-side devices

D.

Discard the session's packets and send a TCP reset packet to let the client know the session has been terminated

Buy Now
Questions 48

Starting with PAN-OS version 9.1, application dependency information is now reported in which two locations? (Choose two.)

Options:

A.

on the App Dependency tab in the Commit Status window

B.

on the Policy Optimizer's Rule Usage page

C on the Application tab in the Security Policy Rule creation window

C.

on the Objects > Applications browser pages

Buy Now
Questions 49

In which two Security Profiles can an action equal to the block IP feature be configured? (Choose two.)

Options:

A.

Antivirus

B.

URL Filtering

C.

Vulnerability Protection

D.

Anti-spyware

Questions 50

What can be achieved by selecting a policy target prior to pushing policy rules from Panorama?

Options:

A.

Doing so limits the templates that receive the policy rules

B.

Doing so provides audit information prior to making changes for selected policy rules

C.

You can specify the firewalls m a device group to which to push policy rules

D.

You specify the location as pre can - or post-rules to push policy rules

Buy Now
Questions 51

Match each feature to the DoS Protection Policy or the DoS Protection Profile.

Options:

Buy Now
Questions 52

In order to attach an Antivirus, Anti-Spyware and Vulnerability Protection security profile to your Security Policy rules, which setting must be selected?

Options:

A.

Policies > Security > Actions Tab > Select Group-Profiles as Profile Type

B.

Policies > Security > Actions Tab > Select Default-Profiles as Profile Type

C.

Policies > Security > Actions Tab > Select Profiles as Profile Type

D.

Policies > Security > Actions Tab > Select Tagged-Profiles as Profile Type

Buy Now
Questions 53

Which path is used to save and load a configuration with a Palo Alto Networks firewall?

Options:

A.

Device>Setup>Services

B.

Device>Setup>Management

C.

Device>Setup>Operations

D.

Device>Setup>Interfaces

Buy Now
Questions 54

An administrator wants to prevent access to media content websites that are risky

Which two URL categories should be combined in a custom URL category to accomplish this goal? (Choose two)

Options:

A.

streaming-media

B.

high-risk

C.

recreation-and-hobbies

D.

known-risk

Buy Now
Questions 55

The PowerBall Lottery has reached a high payout amount and a company has decided to help employee morale by allowing employees to check the number, but doesn’t want to unblock the gambling URL category.

Which two methods will allow the employees to get to the PowerBall Lottery site without the company unlocking the gambling URL category? (Choose two.)

Options:

A.

Add all the URLs from the gambling category except powerball.com to the block list and then set the action for the gambling category to allow.

B.

Manually remove powerball.com from the gambling URL category.

C.

Add *.powerball.com to the allow list

D.

Create a custom URL category called PowerBall and add *.powerball.com to the category and set the action to allow.

Buy Now
Questions 56

What is the correct process tor creating a custom URL category?

Options:

A.

Objects > Security Profiles > URL Category > Add

B.

Objects > Custom Objects > URL Filtering > Add

C.

Objects > Security Profiles > URL Filtering > Add

D.

Objects > Custom Objects > URL Category > Add

Buy Now
Questions 57

URL categories can be used as match criteria on which two policy types? (Choose two.)

Options:

A.

authentication

B.

decryption

C application override

C.

NAT

Buy Now
Questions 58

Which action results in the firewall blocking network traffic with out notifying the sender?

Options:

A.

Drop

B.

Deny

C.

Reset Server

D.

Reset Client

Buy Now
Questions 59

Which three types of entries can be excluded from an external dynamic list (EDL)? (Choose three.)

Options:

A.

IP addresses

B.

Domains

C.

User-ID

D.

URLs

E.

Applications

Buy Now
Questions 60

A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone. What configuration-changes should the Firewall-admin make?

Options:

A.

Create a custom-service-object called SERVICE-SSH for destination-port-TCP-22. Create a security-rule between zone USERS and OUTSIDE to allow traffic from any source IP-address to any destination IP-address for SERVICE-SSH

B.

Create a security-rule that allows traffic from zone USERS to OUTSIDE to allow traffic from any source IP-address to any destination IP-address for application SSH

C.

In addition to option a, a custom-service-object called SERVICE-SSH-RETURN that contains source-port-TCP-22 should be created. A second security-rule is required that allows traffic from zone OUTSIDE to USERS for SERVICE-SSH-RETURN for any source-IP-address to any destination-Ip-address

D.

In addition to option c, an additional rule from zone OUTSIDE to USERS for application SSH from any source-IP-address to any destination-IP-address is required to allow the return-traffic from the SSH-servers to reach the server-admin

Buy Now
Questions 61

What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)

Options:

A.

Service

B.

User

C.

Application

D.

Address

E.

Zone ab

Buy Now
Questions 62

Which object would an administrator create to enable access to all applications in the office-programs subcategory?

Options:

A.

application filter

B.

URL category

C.

HIP profile

D.

application group

Buy Now
Questions 63

Which user mapping method could be used to discover user IDs in an environment with multiple Windows domain controllers?

Options:

A.

Active Directory monitoring

B.

Windows session monitoring

C.

Windows client probing

D.

domain controller monitoring

Buy Now
Questions 64

Which three interface deployment methods can be used to block traffic flowing through the Palo Alto Networks firewall? (Choose three.)

Options:

A.

Layer 2

B.

Virtual Wire

C.

Tap

D.

Layer 3

E.

HA

Buy Now
Questions 65

All users from the internal zone must be allowed only HTTP access to a server in the DMZ zone.

Complete the empty field in the Security policy using an application object to permit only this type of access.

Source Zone: Internal -

Destination Zone: DMZ Zone -

Application: __________

Service: application-default -

Action: allow

Options:

A.

Application = "any"

B.

Application = "web-browsing"

C.

Application = "ssl"

D.

Application = "http"

Buy Now
Questions 66

Which option lists the attributes that are selectable when setting up an Application filters?

Options:

A.

Category, Subcategory, Technology, and Characteristic

B.

Category, Subcategory, Technology, Risk, and Characteristic

C.

Name, Category, Technology, Risk, and Characteristic

D.

Category, Subcategory, Risk, Standard Ports, and Technology

Buy Now
Questions 67

Arrange the correct order that the URL classifications are processed within the system.

Options:

Buy Now
Questions 68

Which statements is true regarding a Heatmap report?

Options:

A.

When guided by authorized sales engineer, it helps determine te areas of greatest security risk.

B.

It provides a percentage of adoption for each assessment area.

C.

It runs only on firewall.

D.

It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture.

Buy Now
Questions 69

Which CLI command will help confirm if FQDN objects are resolved in the event there is a shadow rule?

Options:

A.

>show system fqdn

B.

>request fqdn show system

C.

>request show system fqdn

D.

>request system fqdn show

Buy Now
Questions 70

Order the steps needed to create a new security zone with a Palo Alto Networks firewall.

Options:

Buy Now
Questions 71

What is a function of application tags?

Options:

A.

creation of new zones

B.

application prioritization

C.

automated referenced applications in a policy

D.

IP address allocations in DHCP

Buy Now
Questions 72

When HTTPS for management and GlobalProtect are enabled on the same data plane interface, which TCP port is used for management access?

Options:

A.

80

B.

443

C.

4443

D.

8443

Buy Now
Questions 73

An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?

Options:

A.

Create an Application Filter and name it Office Programs, the filter it on the business-systems category, office-programs subcategory

B.

Create an Application Group and add business-systems to it

C.

Create an Application Filter and name it Office Programs, then filter it on the business-systems category

D.

Create an Application Group and add Office 365, Evernote, Google Docs, and Libre Office

Buy Now
Questions 74

A website is unexpectedly allowed due to miscategorization.

What are two way-s to resolve this issue for a proper response? (Choose two.)

Options:

A.

Identify the URL category being assigned to the website.

Edit the active URL Filtering profile and update that category's site access settings to block.

B.

Create a URL category and assign the affected URL.

Update the active URL Filtering profile site access setting for the custom URL category to block.

C.

Review the categorization of the website on https://urlfiltering.paloaltonetworks.com.

Submit for "request change*, identifying the appropriate categorization, and wait for confirmation before testing again.

D.

Create a URL category and assign the affected URL.

Add a Security policy with a URL category qualifier of the custom URL category below the original policy. Set the policy action to Deny.

Buy Now
Questions 75

Which Security profile must be added to Security policies to enable DNS Signatures to be checked?

Options:

A.

Anti-Spyware

B.

Antivirus

C.

Vulnerability Protection

D.

URL Filtering

Buy Now
Questions 76

How is the hit count reset on a rule?

Options:

A.

select a security policy rule, right click Hit Count > Reset

B.

with a dataplane reboot

C.

Device > Setup > Logging and Reporting Settings > Reset Hit Count

D.

in the CLI, type command reset hitcount

Buy Now
Questions 77

A network has 10 domain controllers, multiple WAN links, and a network infrastructure with bandwidth needed to support mission-critical applications. Given the scenario, which type of User-ID agent is considered a best practice by Palo Alto Networks?

Options:

A.

Windows-based agent on a domain controller

B.

Captive Portal

C.

Citrix terminal server with adequate data-plane resources

D.

PAN-OS integrated agent

Buy Now
Questions 78

When a security rule is configured as Intrazone, which field cannot be changed?

Options:

A.

Actions

B.

Source Zone

C.

Application

D.

Destination Zone

Buy Now
Questions 79

What is considered best practice with regards to committing configuration changes?

Options:

A.

Disable the automatic commit feature that prioritizes content database installations before committing

B.

Validate configuration changes prior to committing

C.

Wait until all running and pending jobs are finished before committing

D.

Export configuration after each single configuration change performed

Buy Now
Questions 80

Where in Panorama Would Zone Protection profiles be configured?

Options:

A.

Shared

B.

Templates

C.

Device Groups

D.

Panorama tab

Questions 81

Match each rule type with its example

Options:

Buy Now
Questions 82

Which table for NAT and NPTv6 (IPv6-to-IPv6 Network Prefix Translation) settings is available only on Panorama?

Options:

A.

NAT Target Tab

B.

NAT Active/Active HA Binding Tab

C.

NAT Translated Packet Tab

D.

NAT Policies General Tab

Buy Now
Questions 83

Actions can be set for which two items in a URL filtering security profile? (Choose two.)

Options:

A.

Block List

B.

Custom URL Categories

C.

PAN-DB URL Categories

D.

Allow List

Buy Now
Questions 84

Based on the graphic which statement accurately describes the output shown in the server monitoring panel?

Options:

A.

The User-ID agent is connected to a domain controller labeled lab-client.

B.

The host lab-client has been found by the User-ID agent.

C.

The host lab-client has been found by a domain controller.

D.

The User-ID agent is connected to the firewall labeled lab-client.

Buy Now
Questions 85

A network administrator is required to use a dynamic routing protocol for network connectivity.

Which three dynamic routing protocols are supported by the NGFW Virtual Router for this purpose? (Choose three.)

Options:

A.

RIP

B.

OSPF

C.

IS-IS

D.

EIGRP

E.

BGP

Buy Now
Questions 86

In a security policy what is the quickest way to rest all policy rule hit counters to zero?

Options:

A.

Use the CLI enter the command reset rules all

B.

Highlight each rule and use the Reset Rule Hit Counter > Selected Rules.

C.

use the Reset Rule Hit Counter > All Rules option.

D.

Reboot the firewall.

Buy Now
Questions 87

Given the detailed log information above, what was the result of the firewall traffic inspection?

Options:

A.

It was blocked by the Anti-Virus Security profile action.

B.

It was blocked by the Anti-Spyware Profile action.

C.

It was blocked by the Vulnerability Protection profile action.

D.

It was blocked by the Security policy action.

Buy Now
Questions 88

What must first be created on the firewall for SAML authentication to be configured?

Options:

A.

Server Policy

B.

Server Profile

C.

Server Location

D.

Server Group

Buy Now
Questions 89

In the PAN-OS Web Interface, which is a session distribution method offered under NAT Translated Packet Tab to choose how the firewall assigns sessions?

Options:

A.

Destination IP Hash b

B.

Concurrent Sessions

C.

Max Sessions

D.

IP Modulo

Buy Now
Questions 90

Which three statement describe the operation of Security Policy rules or Security Profiles? (Choose three)

Options:

A.

Security policy rules inspect but do not block traffic.

B.

Security Profile should be used only on allowed traffic.

C.

Security Profile are attached to security policy rules.

D.

Security Policy rules are attached to Security Profiles.

E.

Security Policy rules can block or allow traffic.

Buy Now
Questions 91

Which feature would be useful for preventing traffic from hosting providers that place few restrictions on content, whose services are frequently used by attackers to distribute illegal or unethical material?

Options:

A.

Palo Alto Networks Bulletproof IP Addresses

B.

Palo Alto Networks C&C IP Addresses

C.

Palo Alto Networks Known Malicious IP Addresses

D.

Palo Alto Networks High-Risk IP Addresses

Buy Now
Questions 92

What are three ways application characteristics are used? (Choose three.)

Options:

A.

As an attribute to define an application group

B.

As a setting to define a new custom application

C.

As an Object to define Security policies

D.

As an attribute to define an application filter

E.

As a global filter in the Application Command Center (ACC)

Buy Now
Questions 93

Which User-ID mapping method should be used for an environment with clients that do not authenticate to Windows Active Directory?

Options:

A.

Windows session monitoring via a domain controller

B.

passive server monitoring using the Windows-based agent

C.

Captive Portal

D.

passive server monitoring using a PAN-OS integrated User-ID agent

Buy Now
Questions 94

At which stage of the cyber-attack lifecycle would the attacker attach an infected PDF file to an email?

Options:

A.

delivery

B.

command and control

C.

explotation

D.

reinsurance

E.

installation

Buy Now
Questions 95

What is the minimum timeframe that can be set on the firewall to check for new WildFire signatures?

Options:

A.

every 30 minutes

B.

every 5 minutes

C.

once every 24 hours

D.

every 1 minute

Buy Now
Questions 96

Given the topology, which zone type should interface E1/1 be configured with?

Options:

A.

Tap

B.

Tunnel

C.

Virtual Wire

D.

Layer3

Buy Now
Questions 97

Why should a company have a File Blocking profile that is attached to a Security policy?

Options:

A.

To block uploading and downloading of specific types of files

B.

To detonate files in a sandbox environment

C.

To analyze file types

D.

To block uploading and downloading of any type of files

Buy Now
Questions 98

You receive notification about a new malware that infects hosts An infection results in the infected host attempting to contact a command-and-control server Which Security Profile when applied to outbound Security policy rules detects and prevents this threat from establishing a command-and-control connection?

Options:

A.

Antivirus Profile

B.

Data Filtering Profile

C.

Vulnerability Protection Profile

D.

Anti-Spyware Profile

Buy Now
Questions 99

Which action would an administrator take to ensure that a service object will be available only to the selected device group?

Options:

A.

create the service object in the specific template

B.

uncheck the shared option

C.

ensure that disable override is selected

D.

ensure that disable override is cleared

Buy Now
Questions 100

By default, which action is assigned to the interzone-default rule?

Options:

A.

Reset-client

B.

Reset-server

C.

Deny

D.

Allow

Buy Now
Questions 101

You have been tasked to configure access to a new web server located in the DMZ

Based on the diagram what configuration changes are required in the NGFW virtual router to route traffic from the 10 1 1 0/24 network to 192 168 1 0/24?

Options:

A.

Add a route with the destination of 192 168 1 0/24 using interface Eth 1/3 with a next-hop of 192.168 1.10

B.

Add a route with the destination of 192 168 1 0/24 using interface Eth 1/2 with a next-hop of 172.16.1.2

C.

Add a route with the destination of 192 168 1 0/24 using interface Eth 1/3 with a next-hop of 172.16.1.2

D.

Add a route with the destination of 192 168 1 0/24 using interface Eth 1/3 with a next-hop of 192.168.1.254

Buy Now
Questions 102

In which profile should you configure the DNS Security feature?

Options:

A.

URL Filtering Profile

B.

Anti-Spyware Profile

C.

Zone Protection Profile

D.

Antivirus Profile

Buy Now
Questions 103

Which two firewall components enable you to configure SYN flood protection thresholds? (Choose two.)

Options:

A.

QoS profile

B.

DoS Protection profile

C.

Zone Protection profile

D.

DoS Protection policy

Buy Now
Questions 104

Starting with PAN_OS version 9.1 which new type of object is supported for use within the user field of a security policy rule?

Options:

A.

local username

B.

dynamic user group

C.

remote username

D.

static user group

Buy Now
Questions 105

You receive notification about new malware that is being used to attack hosts The malware exploits a software bug in a common application

Which Security Profile detects and blocks access to this threat after you update the firewall's threat signature database?

Options:

A.

Data Filtering Profile applied to outbound Security policy rules

B.

Antivirus Profile applied to outbound Security policy rules

C.

Data Filtering Profile applied to inbound Security policy rules

D.

Vulnerability Profile applied to inbound Security policy rules

Buy Now
Questions 106

Users from the internal zone need to be allowed to Telnet into a server in the DMZ zone.

Complete the security policy to ensure only Telnet is allowed.

Security Policy: Source Zone: Internal to DMZ Zone __________services “Application defaults”, and action = Allow

Options:

A.

Destination IP: 192.168.1.123/24

B.

Application = ‘Telnet’

C.

Log Forwarding

D.

USER-ID = ‘Allow users in Trusted’

Buy Now
Questions 107

What are three characteristics of the Palo Alto Networks DNS Security service? (Choose three.)

Options:

A.

It uses techniques such as DGA.DNS tunneling detection and machine learning.

B.

It requires a valid Threat Prevention license.

C.

It enables users to access real-time protections using advanced predictive analytics.

D.

It requires a valid URL Filtering license.

E.

It requires an active subscription to a third-party DNS Security service.

Buy Now
Questions 108

Which profile should be used to obtain a verdict regarding analyzed files?

Options:

A.

WildFire analysis

B.

Vulnerability profile

C.

Content-ID

D.

Advanced threat prevention

Buy Now
Exam Code: PCNSA
Exam Name: Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)
Last Update: Dec 22, 2024
Questions: 364

PDF + Testing Engine

$134.99

Testing Engine

$99.99

PDF (Q&A)

$84.99