Weekend Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 2493360325

Good News !!! PCNSA Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0) is now Stable and Pass

PCNSA Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0) Question and Answers

Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)

Last Update 5 days ago
Total Questions : 286

PCNSA Exam is stable now with all latest questions are added 5 days ago. Just download our Full package and start your journey with Paloalto Networks Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0) certification. All these Paloalto Networks Exam PCNSA questions are real and verified by our Experts in the related industry fields.

PCNSA PDF

PCNSA PDF (Printable)
$48
$119.99

PCNSA Testing Engine

PCNSA PDF (Printable)
$56
$139.99

PCNSA PDF + Testing Engine

PCNSA PDF (Printable)
$70.8
$176.99
Question # 1

An administrator would like to protect against inbound threats such as buffer overflows and illegal code execution.

Which Security profile should be used?

Options:

A.  

Antivirus

B.  

URL filtering

C.  

Anti-spyware

D.  

Vulnerability protection

Discussion 0
Question # 2

What does an administrator use to validate whether a session is matching an expected NAT policy?

Options:

A.  

system log

B.  

test command

C.  

threat log

D.  

config audit

Discussion 0
Question # 3

Question # 3

Given the topology, which zone type should you configure for firewall interface E1/1?

Options:

A.  

Tap

B.  

Tunnel

C.  

Virtual Wire

D.  

Layer3

Discussion 0
Question # 4

Question # 4

Given the network diagram, traffic should be permitted for both Trusted and Guest users to access general Internet and DMZ servers using SSH. web-browsing and SSL applications

Which policy achieves the desired results?

A)

Question # 4

B)

Question # 4

C)

Question # 4

D)

Question # 4

Options:

A.  

Option

B.  

Option

C.  

Option

D.  

Option

Discussion 0
Question # 5

Which dynamic update type includes updated anti-spyware signatures?

Options:

A.  

Applications and Threats

B.  

GlobalProtect Data File

C.  

Antivirus

D.  

PAN-DB

Discussion 0
Question # 6

An administrator is reviewing another administrator s Security policy log settings

Which log setting configuration is consistent with best practices tor normal traffic?

Options:

A.  

Log at Session Start and Log at Session End both enabled

B.  

Log at Session Start disabled Log at Session End enabled

C.  

Log at Session Start enabled Log at Session End disabled

D.  

Log at Session Start and Log at Session End both disabled

Discussion 0
Question # 7

Which type of security rule will match traffic between the Inside zone and Outside zone, within the Inside zone, and within the Outside zone?

Options:

A.  

global

B.  

intrazone

C.  

interzone

D.  

universal

Discussion 0
Question # 8

Which Security profile can you apply to protect against malware such as worms and Trojans?

Options:

A.  

data filtering

B.  

antivirus

C.  

vulnerability protection

D.  

anti-spyware

Discussion 0
Question # 9

Actions can be set for which two items in a URL filtering security profile? (Choose two.)

Options:

A.  

Block List

B.  

Custom URL Categories

C.  

PAN-DB URL Categories

D.  

Allow List

Discussion 0
Question # 10

Which two App-ID applications will need to be allowed to use Facebook-chat? (Choose two.)

Options:

A.  

facebook

B.  

facebook-chat

C.  

facebook-base

D.  

facebook-email

Discussion 0
Question # 11

Which action results in the firewall blocking network traffic without notifying the sender?

Options:

A.  

Deny

B.  

No notification

C.  

Drop

D.  

Reset Client

Discussion 0
Question # 12

In which stage of the Cyber-Attack Lifecycle would the attacker inject a PDF file within an email?

Options:

A.  

Weaponization

B.  

Reconnaissance

C.  

Installation

D.  

Command and Control

E.  

Exploitation

Discussion 0
Question # 13

Starting with PAN_OS version 9.1 which new type of object is supported for use within the user field of a security policy rule?

Options:

A.  

local username

B.  

dynamic user group

C.  

remote username

D.  

static user group

Discussion 0
Question # 14

Which interface type requires no routing or switching but applies Security or NAT policy rules before passing allowed traffic?

Options:

A.  

Layer 3

B.  

Virtual Wire

C.  

Tap

D.  

Layer 2

Discussion 0
Question # 15

Match the Cyber-Attack Lifecycle stage to its correct description.

Question # 15

Options:

Discussion 0
Question # 16

An administrator is configuring a NAT rule

At a minimum, which three forms of information are required? (Choose three.)

Options:

A.  

name

B.  

source zone

C.  

destination interface

D.  

destination address

E.  

destination zone

Discussion 0
Question # 17

Where within the firewall GUI can all existing tags be viewed?

Options:

A.  

Network > Tags

B.  

Monitor > Tags

C.  

Objects > Tags

D.  

Policies > Tags

Discussion 0
Question # 18

An administrator would like to apply a more restrictive Security profile to traffic for file sharing applications. The administrator does not want to update the Security policy or object when new applications are released.

Which object should the administrator use as a match condition in the Security policy?

Options:

A.  

the Content Delivery Networks URL category

B.  

the Online Storage and Backup URL category

C.  

an application group containing all of the file-sharing App-IDs reported in the traffic logs

D.  

an application filter for applications whose subcategory is file-sharing

Discussion 0
Question # 19

Palo Alto Networks firewall architecture accelerates content map minimizing latency using which two components'? (Choose two )

Options:

A.  

Network Processing Engine

B.  

Single Stream-based Engine

C.  

Policy Engine

D.  

Parallel Processing Hardware

Discussion 0
Question # 20

Refer to the exhibit. A web server in the DMZ is being mapped to a public address through DNAT.

Question # 20

Which Security policy rule will allow traffic to flow to the web server?

Options:

A.  

Untrust (any) to DMZ (10.1.1.100), web browsing -Allow

B.  

Untrust (any) to Untrust (1.1.1.100), web browsing - Allow

C.  

Untrust (any) to Untrust (10.1.1.100), web browsing -Allow

D.  

Untrust (any) to DMZ (1.1.1.100), web browsing - Allow

Discussion 0
Question # 21

What in the minimum frequency for which you can configure the firewall too check for new wildfire antivirus signatures?

Options:

A.  

every 5 minutes

B.  

every 1 minute

C.  

every 24 hours

D.  

every 30 minutes

Discussion 0
Question # 22

You need to allow users to access the office–suite application of their choice. How should you configure the firewall to allow access to any office-suite application?

Options:

A.  

Create an Application Group and add Office 365, Evernote Google Docs and Libre Office

B.  

Create an Application Group and add business-systems to it.

C.  

Create an Application Filter and name it Office Programs, then filter it on the office programs subcategory.

D.  

Create an Application Filter and name it Office Programs then filter on the business-systems category.

Discussion 0
Question # 23

Which statement best describes a common use of Policy Optimizer?

Options:

A.  

Policy Optimizer on a VM-50 firewall can display which Layer 7 App-ID Security policies have unused applications.

B.  

Policy Optimizer can add or change a Log Forwarding profile for each Security policy selected.

C.  

Policy Optimizer can display which Security policies have not been used in the last 90 days.

D.  

Policy Optimizer can be used on a schedule to automatically create a disabled Layer 7 App-ID Security policy for every Layer 4 policy that exists. Admins can then manually enable policies they want to keep and delete ones they want to remove.

Discussion 0
Question # 24

What are three valid ways to map an IP address to a username? (Choose three.)

Options:

A.  

using the XML API

B.  

DHCP Relay logs

C.  

a user connecting into a GlobalProtect gateway using a GlobalProtect Agent

D.  

usernames inserted inside HTTP Headers

E.  

WildFire verdict reports

Discussion 0
Question # 25

Which three types of authentication services can be used to authenticate user traffic flowing through the firewalls data plane? (Choose three )

Options:

A.  

TACACS

B.  

SAML2

C.  

SAML10

D.  

Kerberos

E.  

TACACS+

Discussion 0
Question # 26

Which two matching criteria are used when creating a Security policy involving NAT? (Choose two.)

Options:

A.  

Post-NAT address

B.  

Post-NAT zone

C.  

Pre-NAT zone

D.  

Pre-NAT address

Discussion 0
Question # 27

What can be achieved by selecting a policy target prior to pushing policy rules from Panorama?

Options:

A.  

Doing so limits the templates that receive the policy rules

B.  

Doing so provides audit information prior to making changes for selected policy rules

C.  

You can specify the firewalls m a device group to which to push policy rules

D.  

You specify the location as pre can - or post-rules to push policy rules

Discussion 0
Question # 28

Which administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact and command-and-control (C2) server.

Which security profile components will detect and prevent this threat after the firewall`s signature database has been updated?

Options:

A.  

antivirus profile applied to outbound security policies

B.  

data filtering profile applied to inbound security policies

C.  

data filtering profile applied to outbound security policies

D.  

vulnerability profile applied to inbound security policies

Discussion 0
Question # 29

Which Palo Alto networks security operating platform service protects cloud-based application such as Dropbox and salesforce by monitoring permissions and shared and scanning files for Sensitive information?

Options:

A.  

Prisma SaaS

B.  

AutoFocus

C.  

Panorama

D.  

GlobalProtect

Discussion 0
Question # 30

An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?

Options:

A.  

Create an Application Filter and name it Office Programs, the filter it on the business-systems category, office-programs subcategory

B.  

Create an Application Group and add business-systems to it

C.  

Create an Application Filter and name it Office Programs, then filter it on the business-systems category

D.  

Create an Application Group and add Office 365, Evernote, Google Docs, and Libre Office

Discussion 0
Question # 31

Which option is part of the content inspection process?

Options:

A.  

IPsec tunnel encryption

B.  

Packet egress process

C.  

SSL Proxy re-encrypt

D.  

Packet forwarding process

Discussion 0
Question # 32

What are two differences between an implicit dependency and an explicit dependency in App-ID? (Choose two.)

Options:

A.  

An implicit dependency does not require the dependent application to be added in the security policy

B.  

An implicit dependency requires the dependent application to be added in the security policy

C.  

An explicit dependency does not require the dependent application to be added in the security policy

D.  

An explicit dependency requires the dependent application to be added in the security policy

Discussion 0
Question # 33

What must be considered with regards to content updates deployed from Panorama?

Options:

A.  

Content update schedulers need to be configured separately per device group.

B.  

Panorama can only install up to five content versions of the same type for potential rollback scenarios.

C.  

A PAN-OS upgrade resets all scheduler configurations for content updates.

D.  

Panorama can only download one content update at a time for content updates of the same type.

Discussion 0
Question # 34

What must be configured for the firewall to access multiple authentication profiles for external services to authenticate a non-local account?

Options:

A.  

authentication sequence

B.  

LDAP server profile

C.  

authentication server list

D.  

authentication list profile

Discussion 0
Question # 35

Which rule type is appropriate for matching traffic both within and between the source and destination zones?

Options:

A.  

interzone

B.  

shadowed

C.  

intrazone

D.  

universal

Discussion 0
Question # 36

Which User-ID agent would be appropriate in a network with multiple WAN links, limited network bandwidth, and limited firewall management plane resources?

Options:

A.  

Windows-based agent deployed on the internal network

B.  

PAN-OS integrated agent deployed on the internal network

C.  

Citrix terminal server deployed on the internal network

D.  

Windows-based agent deployed on each of the WAN Links

Discussion 0
Question # 37

How is the hit count reset on a rule?

Options:

A.  

select a security policy rule, right click Hit Count > Reset

B.  

with a dataplane reboot

C.  

Device > Setup > Logging and Reporting Settings > Reset Hit Count

D.  

in the CLI, type command reset hitcount

Discussion 0
Question # 38

An administrator is investigating a log entry for a session that is allowed and has the end reason of aged-out. Which two fields could help in determining if this is normal? (Choose two.)

Options:

A.  

Packets sent/received

B.  

IP Protocol

C.  

Action

D.  

Decrypted

Discussion 0
Question # 39

Which stage of the cyber-attack lifecycle makes it important to provide ongoing education to users on spear phishing links, unknown emails, and risky websites?

Options:

A.  

reconnaissance

B.  

delivery

C.  

exploitation

D.  

installation

Discussion 0
Question # 40

Which Security profile would you apply to identify infected hosts on the protected network using DNS traffic?

Options:

A.  

URL traffic

B.  

vulnerability protection

C.  

anti-spyware

D.  

antivirus

Discussion 0
Question # 41

Which solution is a viable option to capture user identification when Active Directory is not in use?

Options:

A.  

Cloud Identity Engine

B.  

group mapping

C.  

Directory Sync Service

D.  

Authentication Portal

Discussion 0
Question # 42

Question # 42

Given the detailed log information above, what was the result of the firewall traffic inspection?

Options:

A.  

It was blocked by the Vulnerability Protection profile action.

B.  

It was blocked by the Anti-Virus Security profile action.

C.  

It was blocked by the Anti-Spyware Profile action.

D.  

It was blocked by the Security policy action.

Discussion 0