Get Palo Alto Networks PCNSA Dumps Questions [2021] To Gain Brilliant Result
PCNSA dumps - Dumps4PDF - 100% Passing Guarantee
NEW QUESTION 64
Which service protects cloud-based applications such as Dropbox and Salesforce by administering permissions and scanning files for sensitive information?
- A. Panorama
- B. GlobalProtect
- C. Aperture
- D. AutoFocus
Answer: C
NEW QUESTION 65
Match the network device with the correct User-ID technology.
Answer:
Explanation:
NEW QUESTION 66
Which interface type can use virtual routers and routing protocols?
- A. Layer3
- B. Tap
- C. Virtual Wire
- D. Layer2
Answer: A
NEW QUESTION 67
Which path in PAN-OS 9.0 displays the list of port-based security policy rules?
- A. Policies> Security> Rule Usage> Unused Apps
- B. Policies> Security> Rule Usage> Port only specified
- C. Policies> Security> Rule Usage> No App Specified
- D. Policies> Security> Rule Usage> Port-based Rules
Answer: C
Explanation:
Explanation
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/security-policy-rule-optimization/migrate-po
NEW QUESTION 68
Match the Cyber-Attack Lifecycle stage to its correct description.
Answer:
Explanation:
Explanation
Reconnaissance - stage where the attacker scans for network vulnerabilities and services that can be exploited.
Installation - stage where the attacker will explore methods such as a root kit to establish persistence Command and Control - stage where the attacker has access to a specific server so they can communicate and pass data to and from infected devices within a network.
Act on the Objective - stage where an attacker has motivation for attacking a network to deface web property
NEW QUESTION 69
In the example security policy shown, which two websites would be blocked? (Choose two.)
- A. Facebook
- B. YouTube
- C. LinkedIn
- D. Amazon
Answer: A,C
NEW QUESTION 70
What is the minimum timeframe that can be set on the firewall to check for new WildFire signatures?
- A. every 30 minutes
- B. once every 24 hours
- C. every 5 minutes
- D. every 1 minute
Answer: C
Explanation:
Explanation
Firewalls with an active WildFire license can retrieve the latest WildFire signatures every five minutes. If you do not have a WildFire subscription, signatures are made available within 24-48 hours as part of the antivirus update for firewalls with an active Threat Prevention license.
https://docs.paloaltonetworks.com/wildfire/9-0/wildfire-admin/wildfire-overview/wildfire-concepts/wildfire-sign
NEW QUESTION 71
What can be achieved by selecting a policy target prior to pushing policy rules from Panorama?
- A. Doing so provides audit information prior to making changes for selected policy rules
- B. You specify the location as pre can - or post-rules to push policy rules
- C. Doing so limits the templates that receive the policy rules
- D. You can specify the firewalls m a device group to which to push policy rules
Answer: D
NEW QUESTION 72
Employees are shown an application block page when they try to access YouTube. Which security policy is blocking the YouTube application?
- A. intrazone-default
- B. allowed-security services
- C. Deny Google
- D. interzone-default
Answer: D
NEW QUESTION 73
Complete the statement. A security profile can block or allow traffic.
- A. after it is evaluated by a security policy that allows traffic
- B. before it is evaluated by a security policy
- C. on unknown-tcp or unknown-udp traffic
- D. after it is evaluated by a security policy that allows or blocks traffic
Answer: D
NEW QUESTION 74
Given the cyber-attack lifecycle diagram identify the stage in which the attacker can run malicious code against a vulnerability in a targeted machine.
- A. Installation
- B. Reconnaissance
- C. Exploitation
- D. Act on the Objective
Answer: C
NEW QUESTION 75
Based on the security policy rules shown, ssh will be allowed on which port?
- A. the default port
- B. only ephemeral ports
- C. same port as ssl and snmpv3
- D. any port
Answer: A
NEW QUESTION 76
Based on the security policy rules shown, ssh will be allowed on which port?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: D
NEW QUESTION 77
Match the Palo Alto Networks Security Operating Platform architecture to its description.
Answer:
Explanation:
Explanation
Threat Intelligence Cloud - Gathers, analyzes, correlates, and disseminates threats to and from the network and endpoints located within the network.
Next-Generation Firewall - Identifies and inspects all traffic to block known threats Advanced Endpoint Protection - Inspects processes and files to prevent known and unknown exploits
NEW QUESTION 78
Users from the internal zone need to be allowed to Telnet into a server in the DMZ zone.
Complete the security policy to ensure only Telnet is allowed.
Security Policy: Source Zone: Internal to DMZ Zone __________services "Application defaults", and action = Allow
- A. Application = 'Telnet'
- B. USER-ID = 'Allow users in Trusted'
- C. Destination IP: 192.168.1.123/24
- D. Log Forwarding
Answer: A
NEW QUESTION 79
Order the steps needed to create a new security zone with a Palo Alto Networks firewall.
Answer:
Explanation:
Explanation
Step 1 - Select network tab
Step 2 - Select zones from the list of available items
Step 3 - Select Add
Step 4 - Specify Zone Name
Step 5 - Specify Zone Type
Step 6 - Assign interfaces as needed
NEW QUESTION 80
What is the minimum timeframe that can be set on the firewall to check for new WildFire signatures?
- A. every 1 minute
- B. every 5 minutes
- C. every 30 minutes
- D. once every 24 hours
Answer: A
NEW QUESTION 81
Which administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact and command-and-control (C2) server.
Which security profile components will detect and prevent this threat after the firewall`s signature database has been updated?
- A. data filtering profile applied to inbound security policies
- B. data filtering profile applied to outbound security policies
- C. antivirus profile applied to outbound security policies
- D. vulnerability profile applied to inbound security policies
Answer: B
NEW QUESTION 82
An internal host wants to connect to servers of the internet through using source NAT.
Which policy is required to enable source NAT on the firewall?
- A. NAT policy with no source of destination zone selected
- B. post-NAT policy with external source and any destination address
- C. pre-NAT policy with external source and any destination address
- D. NAT policy with source zone and destination zone specified
Answer: D
Explanation:
Explanation
NEW QUESTION 83
Match the Palo Alto Networks Security Operating Platform architecture to its description.
Answer:
Explanation:
Explanation
Threat Intelligence Cloud - Gathers, analyzes, correlates, and disseminates threats to and from the network and endpoints located within the network.
Next-Generation Firewall - Identifies and inspects all traffic to block known threats Advanced Endpoint Protection - Inspects processes and files to prevent known and unknown exploits
NEW QUESTION 84
Match the Palo Alto Networks Security Operating Platform architecture to its description.
Answer:
Explanation:
Explanation
Threat Intelligence Cloud - Gathers, analyzes, correlates, and disseminates threats to and from the network and endpoints located within the network.
Next-Generation Firewall - Identifies and inspects all traffic to block known threats Advanced Endpoint Protection - Inspects processes and files to prevent known and unknown exploits
NEW QUESTION 85
Which three statement describe the operation of Security Policy rules or Security Profiles? (Choose three)
- A. Security Policy rules can block or allow traffic.
- B. Security policy rules inspect but do not block traffic.
- C. Security Profile are attached to security policy rules.
- D. Security Profile should be used only on allowed traffic.
- E. Security Policy rules are attached to Security Profiles.
Answer: A,C,D
NEW QUESTION 86
Selecting the option to revert firewall changes will replace what settings?
- A. the candidate configuration with settings from the running configuration
- B. the device state with settings from another configuration
- C. the running configuration with settings from the candidate configuration
- D. dynamic update scheduler settings
Answer: A
NEW QUESTION 87
......
Get 100% Passing Success With True PCNSA Exam: https://www.dumps4pdf.com/PCNSA-valid-braindumps.html
Premium Quality Palo Alto Networks PCNSA Online dumps: https://drive.google.com/open?id=1MO9YcgtBr-4p0dUGciEIennPNC5WVPY6