Get Palo Alto Networks PCNSA Dumps Questions [2021] To Gain Brilliant Result [Q64-Q87]

Share

Get Palo Alto Networks PCNSA Dumps Questions [2021] To Gain Brilliant Result

PCNSA dumps - Dumps4PDF - 100% Passing Guarantee

NEW QUESTION 64
Which service protects cloud-based applications such as Dropbox and Salesforce by administering permissions and scanning files for sensitive information?

  • A. Panorama
  • B. GlobalProtect
  • C. Aperture
  • D. AutoFocus

Answer: C

 

NEW QUESTION 65
Match the network device with the correct User-ID technology.

Answer:

Explanation:

 

NEW QUESTION 66
Which interface type can use virtual routers and routing protocols?

  • A. Layer3
  • B. Tap
  • C. Virtual Wire
  • D. Layer2

Answer: A

 

NEW QUESTION 67
Which path in PAN-OS 9.0 displays the list of port-based security policy rules?

  • A. Policies> Security> Rule Usage> Unused Apps
  • B. Policies> Security> Rule Usage> Port only specified
  • C. Policies> Security> Rule Usage> No App Specified
  • D. Policies> Security> Rule Usage> Port-based Rules

Answer: C

Explanation:
Explanation
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/security-policy-rule-optimization/migrate-po

 

NEW QUESTION 68
Match the Cyber-Attack Lifecycle stage to its correct description.

Answer:

Explanation:

Explanation
Reconnaissance - stage where the attacker scans for network vulnerabilities and services that can be exploited.
Installation - stage where the attacker will explore methods such as a root kit to establish persistence Command and Control - stage where the attacker has access to a specific server so they can communicate and pass data to and from infected devices within a network.
Act on the Objective - stage where an attacker has motivation for attacking a network to deface web property

 

NEW QUESTION 69
In the example security policy shown, which two websites would be blocked? (Choose two.)

  • A. Facebook
  • B. YouTube
  • C. LinkedIn
  • D. Amazon

Answer: A,C

 

NEW QUESTION 70
What is the minimum timeframe that can be set on the firewall to check for new WildFire signatures?

  • A. every 30 minutes
  • B. once every 24 hours
  • C. every 5 minutes
  • D. every 1 minute

Answer: C

Explanation:
Explanation
Firewalls with an active WildFire license can retrieve the latest WildFire signatures every five minutes. If you do not have a WildFire subscription, signatures are made available within 24-48 hours as part of the antivirus update for firewalls with an active Threat Prevention license.
https://docs.paloaltonetworks.com/wildfire/9-0/wildfire-admin/wildfire-overview/wildfire-concepts/wildfire-sign

 

NEW QUESTION 71
What can be achieved by selecting a policy target prior to pushing policy rules from Panorama?

  • A. Doing so provides audit information prior to making changes for selected policy rules
  • B. You specify the location as pre can - or post-rules to push policy rules
  • C. Doing so limits the templates that receive the policy rules
  • D. You can specify the firewalls m a device group to which to push policy rules

Answer: D

 

NEW QUESTION 72
Employees are shown an application block page when they try to access YouTube. Which security policy is blocking the YouTube application?

  • A. intrazone-default
  • B. allowed-security services
  • C. Deny Google
  • D. interzone-default

Answer: D

 

NEW QUESTION 73
Complete the statement. A security profile can block or allow traffic.

  • A. after it is evaluated by a security policy that allows traffic
  • B. before it is evaluated by a security policy
  • C. on unknown-tcp or unknown-udp traffic
  • D. after it is evaluated by a security policy that allows or blocks traffic

Answer: D

 

NEW QUESTION 74
Given the cyber-attack lifecycle diagram identify the stage in which the attacker can run malicious code against a vulnerability in a targeted machine.

  • A. Installation
  • B. Reconnaissance
  • C. Exploitation
  • D. Act on the Objective

Answer: C

 

NEW QUESTION 75
Based on the security policy rules shown, ssh will be allowed on which port?

  • A. the default port
  • B. only ephemeral ports
  • C. same port as ssl and snmpv3
  • D. any port

Answer: A

 

NEW QUESTION 76
Based on the security policy rules shown, ssh will be allowed on which port?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: D

 

NEW QUESTION 77
Match the Palo Alto Networks Security Operating Platform architecture to its description.

Answer:

Explanation:

Explanation
Threat Intelligence Cloud - Gathers, analyzes, correlates, and disseminates threats to and from the network and endpoints located within the network.
Next-Generation Firewall - Identifies and inspects all traffic to block known threats Advanced Endpoint Protection - Inspects processes and files to prevent known and unknown exploits

 

NEW QUESTION 78
Users from the internal zone need to be allowed to Telnet into a server in the DMZ zone.
Complete the security policy to ensure only Telnet is allowed.
Security Policy: Source Zone: Internal to DMZ Zone __________services "Application defaults", and action = Allow

  • A. Application = 'Telnet'
  • B. USER-ID = 'Allow users in Trusted'
  • C. Destination IP: 192.168.1.123/24
  • D. Log Forwarding

Answer: A

 

NEW QUESTION 79
Order the steps needed to create a new security zone with a Palo Alto Networks firewall.

Answer:

Explanation:

Explanation
Step 1 - Select network tab
Step 2 - Select zones from the list of available items
Step 3 - Select Add
Step 4 - Specify Zone Name
Step 5 - Specify Zone Type
Step 6 - Assign interfaces as needed

 

NEW QUESTION 80
What is the minimum timeframe that can be set on the firewall to check for new WildFire signatures?

  • A. every 1 minute
  • B. every 5 minutes
  • C. every 30 minutes
  • D. once every 24 hours

Answer: A

 

NEW QUESTION 81
Which administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact and command-and-control (C2) server.
Which security profile components will detect and prevent this threat after the firewall`s signature database has been updated?

  • A. data filtering profile applied to inbound security policies
  • B. data filtering profile applied to outbound security policies
  • C. antivirus profile applied to outbound security policies
  • D. vulnerability profile applied to inbound security policies

Answer: B

 

NEW QUESTION 82
An internal host wants to connect to servers of the internet through using source NAT.
Which policy is required to enable source NAT on the firewall?

  • A. NAT policy with no source of destination zone selected
  • B. post-NAT policy with external source and any destination address
  • C. pre-NAT policy with external source and any destination address
  • D. NAT policy with source zone and destination zone specified

Answer: D

Explanation:
Explanation

 

NEW QUESTION 83
Match the Palo Alto Networks Security Operating Platform architecture to its description.

Answer:

Explanation:

Explanation
Threat Intelligence Cloud - Gathers, analyzes, correlates, and disseminates threats to and from the network and endpoints located within the network.
Next-Generation Firewall - Identifies and inspects all traffic to block known threats Advanced Endpoint Protection - Inspects processes and files to prevent known and unknown exploits

 

NEW QUESTION 84
Match the Palo Alto Networks Security Operating Platform architecture to its description.

Answer:

Explanation:

Explanation
Threat Intelligence Cloud - Gathers, analyzes, correlates, and disseminates threats to and from the network and endpoints located within the network.
Next-Generation Firewall - Identifies and inspects all traffic to block known threats Advanced Endpoint Protection - Inspects processes and files to prevent known and unknown exploits

 

NEW QUESTION 85
Which three statement describe the operation of Security Policy rules or Security Profiles? (Choose three)

  • A. Security Policy rules can block or allow traffic.
  • B. Security policy rules inspect but do not block traffic.
  • C. Security Profile are attached to security policy rules.
  • D. Security Profile should be used only on allowed traffic.
  • E. Security Policy rules are attached to Security Profiles.

Answer: A,C,D

 

NEW QUESTION 86
Selecting the option to revert firewall changes will replace what settings?

  • A. the candidate configuration with settings from the running configuration
  • B. the device state with settings from another configuration
  • C. the running configuration with settings from the candidate configuration
  • D. dynamic update scheduler settings

Answer: A

 

NEW QUESTION 87
......

Get 100% Passing Success With True PCNSA Exam: https://www.dumps4pdf.com/PCNSA-valid-braindumps.html

Premium Quality Palo Alto Networks PCNSA Online dumps: https://drive.google.com/open?id=1MO9YcgtBr-4p0dUGciEIennPNC5WVPY6