Testking offers free demo for PCNSA exam. "Palo Alto Networks Certified Network Security Administrator", also known as PCNSA exam, is a Paloalto-Networks Certification. This set of posts, Passing the Paloalto-Networks PCNSA exam, will help you answer those questions. The PCNSA Questions & Answers covers all the knowledge points of the real exam. 100% real Paloalto-Networks PCNSA exams and revised by experts!
Online Paloalto-Networks PCNSA free dumps demo Below:
NEW QUESTION 1
An administrator wishes to follow best practices for logging traffic that traverses the firewall Which log setting is correct?
- A. Disable all logging
- B. Enable Log at Session End
- C. Enable Log at Session Start
- D. Enable Log at both Session Start and End
Answer: B
Explanation:
Reference:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clt5CAC
NEW QUESTION 2
An administrator would like to override the default deny action for a given application and instead would like to block the traffic and send the ICMP code "communication with the destination is administratively prohibited"
Which security policy action causes this?
- A. Drop
- B. Drop, send ICMP Unreachable
- C. Reset both
- D. Reset server
Answer: B
NEW QUESTION 3
An administrator is reviewing the Security policy rules shown in the screenshot below. Which statement is correct about the information displayed?
- A. Eleven rules use the "Infrastructure* tag.
- B. The view Rulebase as Groups is checked.
- C. There are seven Security policy rules on this firewall.
- D. Highlight Unused Rules is checked.
Answer: B
Explanation:
NEW QUESTION 4
Which path is used to save and load a configuration with a Palo Alto Networks firewall?
- A. Device>Setup>Services
- B. Device>Setup>Management
- C. Device>Setup>Operations
- D. Device>Setup>Interfaces
Answer: C
NEW QUESTION 5
A company moved its old port-based firewall to a new Palo Alto Networks NGFW 60 days ago. Which utility should the company use to identify out-of-date or unused rules on the firewall?
- A. Rule Usage Filter > No App Specified
- B. Rule Usage Filter >Hit Count > Unused in 30 days
- C. Rule Usage Filter > Unused Apps
- D. Rule Usage Filter > Hit Count > Unused in 90 days
Answer: D
NEW QUESTION 6
Refer to the exhibit. A web server in the DMZ is being mapped to a public address through DNAT.
Which Security policy rule will allow traffic to flow to the web server?
Solution:
Reference:https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/networking/nat/nat-configuration-examples/destination-nat-exampleone-to-one-mapping
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 7
In a security policy what is the quickest way to rest all policy rule hit counters to zero?
- A. Use the CLI enter the command reset rules all
- B. Highlight each rule and use the Reset Rule Hit Counter > Selected Rules.
- C. use the Reset Rule Hit Counter > All Rules option.
- D. Reboot the firewall.
Answer: C
NEW QUESTION 8
Which Security policy action will message a user's browser thai their web session has been terminated?
Solution:
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 9
What is the purpose of the automated commit recovery feature?
- A. It reverts the Panorama configuration.
- B. It causes HA synchronization to occur automatically between the HA peers after a push from Panorama.
- C. It reverts the firewall configuration if the firewall recognizes a loss of connectivity to Panorama after the change.
- D. It generates a config log after the Panorama configuration successfully reverts to the last running configuration.
Answer: C
Explanation:
Reference:https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/administer-panorama/enable-automated-commit-recovery.html
NEW QUESTION 10
What in the minimum frequency for which you can configure the firewall too check for new wildfire antivirus signatures?
- A. every 5 minutes
- B. every 1 minute
- C. every 24 hours
- D. every 30 minutes
Answer: B
Explanation: 
NEW QUESTION 11
Which two security profile types can be attached to a security policy? (Choose two.)
- A. antivirus
- B. DDoS protection
- C. threat
- D. vulnerability
Answer: AD
NEW QUESTION 12
Based on the graphic, what is the purpose of the SSL/TLS Service profile configurationoption?
- A. It defines the SSUTLS encryption strength used to protect the management interface.
- B. It defines the CA certificate used to verify the client's browser.
- C. It defines the certificate to send to the client's browser from the management interface.
- D. It defines the firewall's global SSL/TLS timeout values.
Answer: C
Explanation:
Reference:https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g00000 0ClFGCA0
NEW QUESTION 13
Which component is a building block in a Security policy rule?
- A. decryption profile
- B. destination interface
- C. timeout (min)
- D. application
Answer: D
Explanation:
Reference:
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-web-interface-help/policies/policies-security/buildingblocks-in-a-security-policy-rule.html
NEW QUESTION 14
Which dynamic update type includes updated anti-spyware signatures?
- A. Applications and Threats
- B. GlobalProtect Data File
- C. Antivirus
- D. PAN-DB
Answer: A
NEW QUESTION 15
What is a recommended consideration when deploying content updates to the firewall from Panorama?
- A. Content updates for firewall A/P HA pairs can only be pushed to the active firewall.
- B. Content updates for firewall A/A HA pairs need a defined master device.
- C. Before deploying content updates, always check content release version compatibility.
- D. After deploying content updates, perform a commit and push to Panorama.
Answer: C
NEW QUESTION 16
Which two settings allow you to restrict access to the management interface? (Choose two)
Solution:
Does this meet the goal?
- A. Yes
- B. Not Mastered
Answer: A
NEW QUESTION 17
An administrator is investigating a log entry for a session that is allowed and has the end reason of aged-out. Which two fields could help in determining if this is normal? (Choosetwo.)
- A. Packets sent/received
- B. IP Protocol
- C. Action
- D. Decrypted
Answer: BD
NEW QUESTION 18
Which Security policy match condition would an administrator use to block traffic from IP addresses on the Palo Alto Networks EDL of Known Malicious IP Addresses list?
- A.
destination address - B. source address
- C. destination zone
- D. source zone
Answer: B
Explanation:
Reference:https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/use-an-external-dynamic-list-in-policy/external-dynamic-list.html
NEW QUESTION 19
What does an application filter help you to do?
- A. It dynamically provides application statistics based on network, threat, and blocked activity,
- B. It dynamically filters applications based on critical, high, medium, lo
- C. or informational severity.
- D. It dynamically groups applications based on application attributes such as category and subcategory.
- E. It dynamically shapes defined application traffic based on active sessions and bandwidth usage.
Answer: C
NEW QUESTION 20
Which option is part of the content inspection process?
- A. IPsec tunnel encryption
- B. Packet egress process
- C. SSL Proxy re-encrypt
- D. Packet forwarding process
Answer: C
NEW QUESTION 21
......
Thanks for reading the newest PCNSA exam dumps! We recommend you to try the PREMIUM Downloadfreepdf.net PCNSA dumps in VCE and PDF here: https://www.downloadfreepdf.net/PCNSA-pdf-download.html (287 Q&As Dumps)
