Black Friday / Cyber Monday Special Sales Coupon - 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sdisc65

PCNSA PDF

$38.5

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

PCNSA PDF + Testing Engine

$61.6

$175.99

3 Months Free Update

  • Exam Name: Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)
  • Last Update: Dec 1, 2022
  • Questions and Answers: 247
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

PCNSA Engine

$46.2

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

PCNSA Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0) Questions and Answers

Question # 6

Match the Palo Alto Networks Security Operating Platform architecture to its description.

PCNSA question answer

Full Access
Question # 7

Which type of administrator account cannot be used to authenticate user traffic flowing through the firewall’s

data plane?

A.

Kerberos user

B.

SAML user

C.

local database user

D.

local user

Full Access
Question # 8

An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command-and-control (C2) server. Which two security profile components will detect and prevent this threat after the firewall’s signature database has been updated? (Choose two.)

A.

vulnerability protection profile applied to outbound security policies

B.

anti-spyware profile applied to outbound security policies

C.

antivirus profile applied to outbound security policies

D.

URL filtering profile applied to outbound security policies

Full Access
Question # 9

Which information is included in device state other than the local configuration?

A.

uncommitted changes

B.

audit logs to provide information of administrative account changes

C.

system logs to provide information of PAN-OS changes

D.

device group and template settings pushed from Panorama

Full Access
Question # 10

The CFO found a malware infected USB drive in the parking lot, which when inserted infected their corporate laptop the malware contacted a known command-and-control server which exfiltrating corporate data.

Which Security profile feature could have been used to prevent the communications with the command-and-control server?

A.

Create a Data Filtering Profile and enable its DNS sinkhole feature.

B.

Create an Antivirus Profile and enable its DNS sinkhole feature.

C.

Create an Anti-Spyware Profile and enable its DNS sinkhole feature.

D.

Create a URL Filtering Profile and block the DNS sinkhole URL category.

Full Access
Question # 11

Which three types of authentication services can be used to authenticate user traffic flowing through the firewalls data plane? (Choose three )

A.

TACACS

B.

SAML2

C.

SAML10

D.

Kerberos

E.

TACACS+

Full Access
Question # 12

You receive notification about new malware that is being used to attack hosts The malware exploits a software bug in a common application

Which Security Profile detects and blocks access to this threat after you update the firewall's threat signature database?

A.

Data Filtering Profile applied to outbound Security policy rules

B.

Antivirus Profile applied to outbound Security policy rules

C.

Data Filtering Profile applied to inbound Security policy rules

D.

Vulnerability Profile applied to inbound Security policy rules

Full Access
Question # 13

Which user mapping method could be used to discover user IDs in an environment with multiple Windows domain controllers?

A.

Active Directory monitoring

B.

Windows session monitoring

C.

Windows client probing

D.

domain controller monitoring

Full Access
Question # 14

Actions can be set for which two items in a URL filtering security profile? (Choose two.)

A.

Block List

B.

Custom URL Categories

C.

PAN-DB URL Categories

D.

Allow List

Full Access
Question # 15

What are two valid selections within an Antivirus profile? (Choose two.)

A.

deny

B.

drop

C.

default

D.

block-ip

Full Access
Question # 16

Which URL Filtering profile action would you set to allow users the option to access a site only if they provide a URL admin password?

A.

override

B.

authorization

C.

authentication

D.

continue

Full Access
Question # 17

Which component is a building block in a Security policy rule?

A.

decryption profile

B.

destination interface

C.

timeout (min)

D.

application

Full Access
Question # 18

Identify the correct order to configure the PAN-OS integrated USER-ID agent.

3. add the service account to monitor the server(s)

2. define the address of the servers to be monitored on the firewall

4. commit the configuration, and verify agent connection status

1. create a service account on the Domain Controller with sufficient permissions to execute the User- ID agent

A.

2-3-4-1

B.

1-4-3-2

C.

3-1-2-4

D.

1-3-2-4

Full Access
Question # 19

Refer to the exhibit. An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and Host B (10.1.1.101) receives SSH traffic.

PCNSA question answer

Which two Security policy rules will accomplish this configuration? (Choose two.)

A- Untrust (Any) to DMZ (1.1.1.100), ssh - Allow

B. Untrust (Any) to Untrust (10.1.1.1), web-browsing -Allow

C. Untrust (Any) to Untrust (10.1.1.1), ssh -Allow

D. Untrust (Any)to DMZ (10.1.1.100. 10.1.1.101), ssh, web-browsing-Allow

E. Untrust (Any) to DMZ (1.1.1.100), web-browsing - Allow

Full Access
Question # 20

What allows a security administrator to preview the Security policy rules that match new application signatures?

A.

Review Release Notes

B.

Dynamic Updates-Review Policies

C.

Dynamic Updates-Review App

D.

Policy Optimizer-New App Viewer

Full Access
Question # 21

Which three statement describe the operation of Security Policy rules or Security Profiles? (Choose three)

A.

Security policy rules inspect but do not block traffic.

B.

Security Profile should be used only on allowed traffic.

C.

Security Profile are attached to security policy rules.

D.

Security Policy rules are attached to Security Profiles.

E.

Security Policy rules can block or allow traffic.

Full Access
Question # 22

Which type of address object is "10 5 1 1/0 127 248 2"?

A.

IP subnet

B.

IP wildcard mask

C.

IP netmask

D.

IP range

Full Access
Question # 23

PCNSA question answer

Given the network diagram, traffic should be permitted for both Trusted and Guest users to access general Internet and DMZ servers using SSH. web-browsing and SSL applications

Which policy achieves the desired results?

A)

PCNSA question answer

B)

PCNSA question answer

C)

PCNSA question answer

D)

PCNSA question answer

A.

Option

B.

Option

C.

Option

D.

Option

Full Access
Question # 24

An administrator wants to create a No-NAT rule to exempt a flow from the default NAT rule. What is the best way to do this?

A.

Create a Security policy rule to allow the traffic.

B.

Create a new NAT rule with the correct parameters and leave the translation type as None

C.

Create a static NAT rule with an application override.

D.

Create a static NAT rule translating to the destination interface.

Full Access
Question # 25

After making multiple changes to the candidate configuration of a firewall, the administrator would like to start over with a candidate configuration that matches the running configuration.

Which command in Device > Setup > Operations would provide the most operationally efficient way to accomplish this?

A.

Import named config snapshot

B.

Load named configuration snapshot

C.

Revert to running configuration

D.

Revert to last saved configuration

Full Access
Question # 26

Which two Palo Alto Networks security management tools provide a consolidated creation of policies, centralized management and centralized threat intelligence. (Choose two.)

A.

GlobalProtect

B.

Panorama

C.

Aperture

D.

AutoFocus

Full Access
Question # 27

What are the two default behaviors for the intrazone-default policy? (Choose two.)

A.

Allow

B.

Logging disabled

C.

Log at Session End

D.

Deny

Full Access
Question # 28

What must be configured for the firewall to access multiple authentication profiles for external services to authenticate a non-local account?

A.

authentication sequence

B.

LDAP server profile

C.

authentication server list

D.

authentication list profile

Full Access
Question # 29

What does an administrator use to validate whether a session is matching an expected NAT policy?

A.

system log

B.

test command

C.

threat log

D.

config audit

Full Access
Question # 30

Given the cyber-attack lifecycle diagram identify the stage in which the attacker can run malicious code against a vulnerability in a targeted machine.

PCNSA question answer

A.

Exploitation

B.

Installation

C.

Reconnaissance

D.

Act on the Objective

Full Access
Question # 31

In which profile should you configure the DNS Security feature?

A.

URL Filtering Profile

B.

Anti-Spyware Profile

C.

Zone Protection Profile

D.

Antivirus Profile

Full Access
Question # 32

How many zones can an interface be assigned with a Palo Alto Networks firewall?

A.

two

B.

three

C.

four

D.

one

Full Access
Question # 33

What are three characteristics of the Palo Alto Networks DNS Security service? (Choose three.)

A.

It uses techniques such as DGA.DNS tunneling detection and machine learning.

B.

It requires a valid Threat Prevention license.

C.

It enables users to access real-time protections using advanced predictive analytics.

D.

It requires a valid URL Filtering license.

E.

It requires an active subscription to a third-party DNS Security service.

Full Access
Question # 34

What must be configured before setting up Credential Phishing Prevention?

A.

Anti Phishing Block Page

B.

Threat Prevention

C.

Anti Phishing profiles

D.

User-ID

Full Access
Question # 35

In the example security policy shown, which two websites fcked? (Choose two.)

PCNSA question answer

A.

LinkedIn

B.

Facebook

C.

YouTube

D.

Amazon

Full Access
Question # 36

How is the hit count reset on a rule?

A.

select a security policy rule, right click Hit Count > Reset

B.

with a dataplane reboot

C.

Device > Setup > Logging and Reporting Settings > Reset Hit Count

D.

in the CLI, type command reset hitcount

Full Access
Question # 37

Which service protects cloud-based applications such as Dropbox and Salesforce by administering permissions and scanning files for sensitive information?

A.

Aperture

B.

AutoFocus

C.

Parisma SaaS

D.

GlobalProtect

Full Access