[Oct-2022] PCNSA Free Sample Questions to Practice One Year Update [Q36-Q53]

Rate this post

[Oct-2022] PCNSA Free Sample Questions to Practice One Year Update

Download PCNSA exam with Palo Alto Networks PCNSA Real Exam Questions

Details for PCNSA Exam

The primary objective of the PCNSA test is to showcase that a candidate has a deep understanding of the Palo Alto Networks Platform and can protect networks from cyber threats by deploying his/her knowledge and skills. Success in this exam earns you the PCNSA certification. The PCNSA is available in English only and consists of 50 multiple-choice, matching, and scenarios with graphics questions. As per the vendor, the exam takes a total of 90 minutes. Ten of those minutes are dedicated to review the PCNSA policy and take a survey. And if you happen to fail an exam, you will get a report detailing the areas you should focus on before retaking the test. Also, it costs $155 to take the official exam in the US, but this registration fee varies across regions and is VAT dependent.

NO.36 Which URL Filtering profile action would you set to allow users the option to access a site only if they provide a URL admin password?

override

authorization

authentication

continue

Explanation/Reference:
Reference:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/url-filtering-concepts/url- filteringprofile-actions.html

NO.37 Based on the graphic, what is the purpose of the SSL/TLS Service profile configuration option?

It defines the SSL/TLS encryption strength used to protect the management interface.

It defines the CA certificate used to verify the client’s browser.

It defines the certificate to send to the client’s browser from the management interface.

It defines the firewall’s global SSL/TLS timeout values.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFGCA0

NO.38 An administrator would like to use App-ID’s deny action for an application and would like that action updated with dynamic updates as new content becomes available.
Which security policy action causes this?

Reset server

Reset both

Deny

Drop

NO.39 Which Palo Alto Networks firewall security platform provides network security for mobile endpoints by inspecting traffic deployed as internet gateways?

GlobalProtect

AutoFocus

Aperture

Panorama

NO.40 View the diagram. What is the most restrictive yet fully functional rule to allow general Internet and SSH traffic into both the DMZ and Untrust/lnternet zones from each of the lOT/Guest and Trust Zones?

NO.41 Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)

The web session was unsuccessfully decrypted.

The traffic was denied by security profile.

The traffic was denied by URL filtering.

The web session was decrypted.

NO.42 An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command-and-control (C2) server. Which two security profile components will detect and prevent this threat after the firewall’s signature database has been updated?
(Choose two.)

vulnerability protection profile applied to outbound security policies

anti-spyware profile applied to outbound security policies

antivirus profile applied to outbound security policies

URL filtering profile applied to outbound security policies

Explanation/Reference: https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/policy/create-best-practice-security- profiles

NO.43 Which license is required to use the Palo Alto Networks built-in IP address EDLs?

DNS Security

Threat Prevention

WildFire

SD-Wan

Reference:
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/use-an-external-dynamic-list-in- policy/builtin-edls.html#:~:text=With%20an%

NO.44 Match the Palo Alto Networks Security Operating Platform architecture to its description.

Explanation
Threat Intelligence Cloud – Gathers, analyzes, correlates, and disseminates threats to and from the network and endpoints located within the network.
Next-Generation Firewall – Identifies and inspects all traffic to block known threats Advanced Endpoint Protection – Inspects processes and files to prevent known and unknown exploits

NO.45 What is the purpose of the automated commit recovery feature?

It reverts the Panorama configuration.

It causes HA synchronization to occur automatically between the HA peers after a push from Panorama.

It reverts the firewall configuration if the firewall recognizes a loss of connectivity to Panorama after the change.

It generates a config log after the Panorama configuration successfully reverts to the last running configuration.

NO.46 Arrange the correct order that the URL classifications are processed within the system.

Explanation
First – Block List
Second – Allow List
Third – Custom URL Categories
Fourth – External Dynamic Lists
Fifth – Downloaded PAN-DB Files
Sixth – PAN-DB Cloud

NO.47 Which statement is true about Panorama managed devices?

Panorama automatically removes local configuration locks after a commit from Panorama

Local configuration locks prohibit Security policy changes for a Panorama managed device

Security policy rules configured on local firewalls always take precedence

Local configuration locks can be manually unlocked from Panorama

NO.48 Based on the security policy rules shown, ssh will be allowed on which port?

any port

same port as ssl and snmpv3

the default port

only ephemeral ports

NO.49 You receive notification about a new malware that infects hosts. An infection results in the infected host attempting to contact a command-and-control server.
Which Security Profile detects and prevents this threat from establishing a command-and-control connection?

Vulnerability Protection Profile applied to outbound Security policy rules.

Anti-Spyware Profile applied to outbound security policies.

Antivirus Profile applied to outbound Security policy rules

Data Filtering Profile applied to outbound Security policy rules.

NO.50 Which two security profile types can be attached to a security policy? (Choose two.)

antivirus

DDoS protection

threat

vulnerability

NO.51 An administrator has configured a Security policy where the matching condition includes a single application and the action is deny.
If the application s default deny action is reset-both what action does the firewall take*?

It sends a TCP reset to the client-side and server-side devices

It silently drops the traffic and sends an ICMP unreachable code

It silently drops the traffic

It sends a TCP reset to the server-side device

NO.52 Based on the security policy rules shown, ssh will be allowed on which port?

NO.53 Which operations are allowed when working with App-ID application tags?

Predefined tags may be deleted.

Predefined tags may be augmented by custom tags.

Predefined tags may be modified.

Predefined tags may be updated by WildFire dynamic updates.

Loading …

Real exam questions are provided for Paloalto Network Security Administrator tests, which can make sure you 100% pass: https://www.passtestking.com/Palo-Alto-Networks/PCNSA-practice-exam-dumps.html

Categories:PCNSAPalo Alto Networks