[Feb-2024] Practice Palo Alto Networks PCNSA exam. Online Exam Practice Tests with detailed explanations! Pass PCNSA with confidence! [Q79-Q98]

4/5 - (1 vote)

Practice Paloalto Network Security Administrator PCNSA exam. Online Exam Practice Tests with detailed explanations! Pass PCNSA with confidence!

PCNSA – Palo Alto Networks Certified Network Security Administrator Practice Tests 2024 | Dumpleader

NEW QUESTION 79
Given the topology, which zone type should you configure for firewall interface E1/1?

Tap

Tunnel

Virtual Wire

Layer3

NEW QUESTION 80
An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?

branch office traffic

north-south traffic

perimeter traffic

east-west traffic

NEW QUESTION 81
Which statement is true about Panorama managed devices?

Panorama automatically removes local configuration locks after a commit from Panorama

Local configuration locks prohibit Security policy changes for a Panorama managed device

Security policy rules configured on local firewalls always take precedence

Local configuration locks can be manually unlocked from Panorama

NEW QUESTION 82
Match the Cyber-Attack Lifecycle stage to its correct description.

NEW QUESTION 83
Which definition describes the guiding principle of the zero-trust architecture?

trust, but verify

always connect and verify

never trust, never connect

never trust, always verify

NEW QUESTION 84
Which administrative management services can be configured to access a management interface?

HTTP, CLI, SNMP, HTTPS

HTTPS, SSH, telnet, SNMP

SSH, telnet, HTTP, HTTPS

HTTPS, HTTP, CLI, API

NEW QUESTION 85
Which two security profile types can be attached to a security policy? (Choose two.)

antivirus

DDoS protection

threat

vulnerability

NEW QUESTION 86
Based on the security policy rules shown, ssh will be allowed on which port?

NEW QUESTION 87
Your company occupies one floor in a single building. You have two Active Directory domain controllers on a single network. The firewall’s management plane is only slightly utilized.
Which User-ID agent is sufficient in your network?

Windows-based agent deployed on each domain controller

PAN-OS integrated agent deployed on the firewall

Citrix terminal server agent deployed on the network

Windows-based agent deployed on the internal network a domain member

NEW QUESTION 88
An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?

Create an Application Filter and name it Office Programs, then filter it on the business-systems category, office-programs subcategory

Create an Application Group and add business-systems to it

Create an Application Filter and name it Office Programs, then filter it on the business-systems category

Create an Application Group and add Office 365, Evernote, Google Docs, and Libre Office

NEW QUESTION 89
At which stage of the cyber-attack lifecycle would the attacker attach an infected PDF file to an email?

delivery

command and control

explotation

reinsurance

installation

NEW QUESTION 90
Which license must an Administrator acquire prior to downloading Antivirus Updates for use with the firewall?

Threat Prevention License

Threat Implementation License

Threat Environment License

Threat Protection License

NEW QUESTION 91
How are service routes used in PAN-OS?

By the OSPF protocol, as part of Dijkstra’s algorithm, to give access to the various services offered in the network

To statically route subnets so they are joinable from, and have access to, the Palo Alto Networks external services

For routing, because they are the shortest path selected by the BGP routing protocol

To route management plane services through data interfaces rather than the management interface

NEW QUESTION 92
Given the image, which two options are true about the Security policy rules. (Choose two.)

The Allow Office Programs rule is using an Application Filter

In the Allow FTP to web server rule, FTP is allowed using App-ID

The Allow Office Programs rule is using an Application Group

In the Allow Social Networking rule, allows all of Facebook’s functions

NEW QUESTION 93
Which object would an administrator create to block access to all high-risk applications?

HIP profile

application filter

application group

Vulnerability Protection profile

NEW QUESTION 94
Place the following steps in the packet processing order of operations from first to last.

NEW QUESTION 95
Based on the security policy rules shown, ssh will be allowed on which port?

NEW QUESTION 96
Where within the firewall GUI can all existing tags be viewed?

Network > Tags

Monitor > Tags

Objects > Tags

Policies > Tags

NEW QUESTION 97
What is the default metric value of static routes?

NEW QUESTION 98
All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone.
Complete the two empty fields in the Security policy rules that permits only this type of access. (Choose two.) Source Zone: Internal Destination Zone: DMZ Zone Application: _________?
Service: ____________?
Action: allow

Service = “application-default”

Service = “service-telnet”

Application = “Telnet”

Application = “any”

The best PCNSA exam study material and preparation tool is here: https://www.dumpleader.com/PCNSA_exam.html

Leave a Reply Cancel reply