2022 Updated Verified PCNSA dumps Q&As - 100% Pass Guaranteed [Q17-Q39]

Rate this post

2022 Updated Verified PCNSA dumps Q&As – 100% Pass Guaranteed

Provide Valid Dumps To Help You Prepare For Palo Alto Networks Certified Network Security Administrator Exam

QUESTION 17
Which Palo Alto network security operating platform component provides consolidated policy creation and centralized management?

Prisma SaaS

Panorama

AutoFocus

GlobalProtect

QUESTION 18
Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping.
What is the quickest way to reset the hit counter to zero in all the security policy rules?

At the CLI enter the command reset rules and press Enter

Highlight a rule and use the Reset Rule Hit Counter > Selected Rules for each rule

Reboot the firewall

Use the Reset Rule Hit Counter > All Rules option

QUESTION 19
Which data flow direction is protected in a zero trust firewall deployment that is not protected in a perimeter-only firewall deployment?

outbound

north south

inbound

east west

QUESTION 20

Given the topology, which zone type should you configure for firewall interface E1/1?

Tap

Tunnel

Virtual Wire

Layer3

QUESTION 21
Based on the graphic which statement accurately describes the output shown in the server monitoring panel?

The host lab-client has been found by a domain controller.

The host lab-client has been by the User-ID agent.

The User-ID agent is connected to a domain controller labeled lab client.

QUESTION 22
An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?

branch office traffic

north-south traffic

perimeter traffic

east-west traffic

QUESTION 23
For the firewall to use Active Directory to authenticate users, which Server Profile is required in the Authentication Profile?

TACACS+

RADIUS

LDAP

SAML

QUESTION 24
Complete the statement. A security profile can block or allow traffic____________

on unknown-tcp or unknown-udp traffic

after it is matched by a security policy that allows traffic

before it is matched by a security policy

after it is matched by a security policy that allows or blocks traffic Security profiles are objects added to policy rules that are configured with an action of allow.

QUESTION 25
Which dynamic update type includes updated anti-spyware signatures?

Applications and Threats

GlobalProtect Data File

Antivirus

PAN-DB

QUESTION 26
A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone. What configuration-changes should the Firewall-admin make?

Create a custom-service-object called SERVICE-SSH for destination-port-TCP-22. Create a security-rule between zone USERS and OUTSIDE to allow traffic from any source IP-address to any destination IP-address for SERVICE-SSH

Create a security-rule that allows traffic from zone USERS to OUTSIDE to allow traffic from any source IP-address to any destination IP-address for application SSH

In addition to option a, a custom-service-object called SERVICE-SSH-RETURN that contains source-port-TCP-22 should be created. A second security-rule is required that allows traffic from zone OUTSIDE to USERS for SERVICE-SSH-RETURN for any source-IP-address to any destination-Ip-address

In addition to option c, an additional rule from zone OUTSIDE to USERS for application SSH from any source-IP-address to any destination-IP-address is required to allow the return-traffic from the SSH-servers to reach the server-admin

QUESTION 27
What in the minimum frequency for which you can configure the firewall too check for new wildfire antivirus signatures?

every 5 minutes

every 1 minute

every 24 hours

every 30 minutes

QUESTION 28
Which action related to App-ID updates will enable a security administrator to view the existing security policy rule that matches new application signatures?

Review Policies

Review Apps

Pre-analyze

Review App Matches

QUESTION 29
Which option lists the attributes that are selectable when setting up an Application filters?

Category, Subcategory, Technology, and Characteristic

Category, Subcategory, Technology, Risk, and Characteristic

Name, Category, Technology, Risk, and Characteristic

Category, Subcategory, Risk, Standard Ports, and Technology

QUESTION 30
Which file is used to save the running configuration with a Palo Alto Networks firewall?

running-config.xml

run-config.xml

running-configuration.xml

run-configuratin.xml

QUESTION 31
Which three statement describe the operation of Security Policy rules or Security Profiles? (Choose three)

Security policy rules inspect but do not block traffic.

Security Profile should be used only on allowed traffic.

Security Profile are attached to security policy rules.

Security Policy rules are attached to Security Profiles.

Security Policy rules can block or allow traffic.

QUESTION 32
Which data flow direction is protected in a zero trust firewall deployment that is not protected in a perimeter-only firewall deployment?

outbound

north south

inbound

east west

QUESTION 33
How are Application Fillers or Application Groups used in firewall policy?

An Application Filter is a static way of grouping applications and can be configured as a nested member of an Application Group

An Application Filter is a dynamic way to group applications and can be configured as a nested member of an Application Group

An Application Group is a dynamic way of grouping applications and can be configured as a nested member of an Application Group

An Application Group is a static way of grouping applications and cannot be configured as a nested member of Application Group

QUESTION 34
Arrange the correct order that the URL classifications are processed within the system.

QUESTION 35
When HTTPS for management and GlobalProtect are enabled on the same interface, which TCP port is used for management access?

8443

4443

443

QUESTION 36
To use Active Directory to authenticate administrators, which server profile is required in the authentication profile?

domain controller

TACACS+

LDAP

RADIUS

QUESTION 37
Which data-plane processor layer of the graphic shown provides uniform matching for spyware and vulnerability exploits on a Palo Alto Networks Firewall?

Signature Matching

Network Processing

Security Processing

Security Matching

QUESTION 38
Which URL Filtering profile action would you set to allow users the option to access a site only if they provide a URL admin password?

override

authorization

authentication

continue