Oct-2021 Palo Alto Networks PCNSA Certification Real 2021 Mock Exam
PCNSA Exam Questions and Valid PMP Dumps PDF
NEW QUESTION 22
Match the cyber-attack lifecycle stage to its correct description.
Answer:
Explanation:
NEW QUESTION 23
Which option shows the attributes that are selectable when setting up application filters?
- A. Category, Subcategory, Technology, and Characteristic
- B. Category, Subcategory, Risk, Standard Ports, and Technology
- C. Name, Category, Technology, Risk, and Characteristic
- D. Category, Subcategory, Technology, Risk, and Characteristic
Answer: D
NEW QUESTION 24
Complete the statement. A security profile can block or allow traffic.
- A. on unknown-tcp or unknown-udp traffic
- B. after it is evaluated by a security policy that allows or blocks traffic
- C. after it is evaluated by a security policy that allows traffic
- D. before it is evaluated by a security policy
Answer: C
Explanation:
Security profiles are not used in the match criteria of a traffic flow. The security profile is applied to scan traffic after the application or category is allowed by the security policy.
NEW QUESTION 25
Order the steps needed to create a new security zone with a Palo Alto Networks firewall.
Answer:
Explanation:
Explanation
Step 1 - Select network tab
Step 2 - Select zones from the list of available items
Step 3 - Select Add
Step 4 - Specify Zone Name
Step 5 - Specify Zone Type
Step 6 - Assign interfaces as needed
NEW QUESTION 26
Actions can be set for which two items in a URL filtering security profile? (Choose two.)
- A. Block List
- B. PAN-DB URL Categories
- C. Custom URL Categories
- D. Allow List
Answer: A,D
Explanation:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/url-filtering-concepts/url-filtering-profile-actions
NEW QUESTION 27
How often does WildFire release dynamic updates?
- A. every 15 minutes
- B. every 60 minutes
- C. every 5 minutes
- D. every 30 minutes
Answer: C
Explanation:
References:
NEW QUESTION 28
How many zones can an interface be assigned with a Palo Alto Networks firewall?
- A. one
- B. two
- C. four
- D. three
Answer: A
Explanation:
Explanation/Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/network/network-zones/ security-zone-overview
NEW QUESTION 29
Arrange the correct order that the URL classifications are processed within the system.
Answer:
Explanation:
Explanation:
First - Block List
Second - Allow List
Third - Custom URL Categories
Fourth - External Dynamic Lists
Fifth - Downloaded PAN-DB Files
Sixth - PAN-DB Cloud
NEW QUESTION 30
Based on the security policy rules shown, ssh will be allowed on which port?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: C
NEW QUESTION 31
What in the minimum frequency for which you can configure the firewall too check for new wildfire antivirus signatures?
- A. every 1 minute
- B. every 5 minutes
- C. every 24 hours
- D. every 30 minutes
Answer: A
Explanation:
NEW QUESTION 32
An administrator would like to see the traffic that matches the interzone-default rule in the traffic logs.
What is the correct process to enable this logging1?
- A. Select the interzone-default rule and click Override on the Actions tab select Log at Session End and click OK
- B. Select the interzone-default rule and edit the rule on the Actions tab select Log at Session Start and click OK
- C. Select the interzone-default rule and edit the rule on the Actions tab select Log at Session End and click OK
- D. This rule has traffic logging enabled by default no further action is required
Answer: A
NEW QUESTION 33
Your company requires positive username attribution of every IP address used by wireless devices to support a new compliance requirement. You must collect IP -to-user mappings as soon as possible with minimal downtime and minimal configuration changes to the wireless devices themselves. The wireless devices are from various manufactures.
Given the scenario, choose the option for sending IP-to-user mappings to the NGFW.
- A. syslog
- B. XFF headers
- C. RADIUS
- D. UID redistribution
Answer: A
NEW QUESTION 34
Based on the graphic which statement accurately describes the output shown in the server monitoring panel?
- A. The host lab-client has been by the User-ID agent.
- B. The User-ID agent is connected to a domain controller labeled lab client.
- C. The host lab-client has been found by a domain controller.
Answer: B
NEW QUESTION 35
Which two security profile types can be attached to a security policy? (Choose two.)
- A. antivirus
- B. vulnerability
- C. DDoS protection
- D. threat
Answer: A,B
Explanation:
Explanation/Reference: https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/policy/security-profiles
NEW QUESTION 36
Which three types of authentication services can be used to authenticate user traffic flowing through the firewalls data plane? (Choose three )
- A. TACACS
- B. Kerberos
- C. SAML10
- D. SAML2
- E. TACACS+
Answer: A,B,D
NEW QUESTION 37 
Given the topology, which zone type should interface E1/1 be configured with?
- A. Virtual Wire
- B. Layer3
- C. Tunnel
- D. Tap
Answer: D
Explanation:
Explanation/Reference:
NEW QUESTION 38
......
Prerequisites for Taking PCNSA Exam
According to the information on the vendor’s website, there are no prerequisites to enroll for the PCNSA test. However, it’s recommended that you attend the Firewall Essentials: Configuration and Management (EDU-210) class prior to sitting for the official validation.
PCNSA Question Bank: Free PDF Download Recently Updated Questions: https://www.torrentvce.com/PCNSA-valid-vce-collection.html
PCNSA Brain Dump: A Study Guide with Tips & Tricks for passing Exam: https://drive.google.com/open?id=1XY3MpmmyA2hj5IxPzf9ta1kygkdQRlAD