Paloalto Network Security Administrator PCNSA Dumps Updated Nov 18, 2021 - Fast2test [Q90-Q112]

Share

Paloalto Network Security Administrator PCNSA Dumps | Updated  Nov 18, 2021 - Fast2test

Master 2021 Latest The Questions Paloalto Network Security Administrator and Pass PCNSA  Real Exam!


What Areas PCNSA Assesses You on?

There are six different domains covered under this certification exam. These areas and their details are as follows:

  • Traffic Visibility

    Traffic visibility concerns rules for security and this covers application shifts, dependent applications, and implicit applications as well as determining them. Such a topic is also about application filters or groups, application characteristics, properties, timeouts, and tools for optimizing security policies. The last part concerns features for streamlining policy creation for App-ID such as application tags and dependencies and explicit app dependency resolution targeting workflows.

  • Simply Passing Traffic

    To start is the subsection on identifying and configuring management interfaces for the firewall. It covers access to the firewalls for Palo Alto Networks, steps to gaining access to firewall, methods for managing firewall, services for firewall, etc. Managing firewall features is next with a focus on configurations for candidates, running, last saved, saved name configuration snapshot, export and import device states, and more. There is also configuring internal as well as external services targeting account administration, administrative roles, authentication sequence, configuration logs, etc. What follows further is the domain of firewall interfaces that include Ethernet, Virtual, Layer 2, Tap, Layer 3, and aggregate. Some parts cover security zones and virtual routers while others focus on the function of specific types of security, followed by identifying and configuring conditions, logging options, security policies. Also, implicit in addition to explicit rules and security rule hit count are to be covered by the PCNSA test. Finally, are the matters of NAT solution implementation covering NAT types, configuring source NAT, and more.

  • Palo Alto Networks Cybersecurity Portfolio Core

    First, this topic is concerned with identifying the components alongside operations targeting the architecture of Single-Pass Parallel Processing. In addition, candidates will learn more about Strata Security for organizations, Prismas Security for the Cloud, and Cortex Security Operational procedures. The next area to be covered here is centered on the stages of the lifecycle of a cyberattack as well as the firewall mitigations which are capable of preventing attacks. To finalize, this domain describes the Zero Trust model as well as traffic moving via networks.

  • Deployment Optimization

    This topic engages the advantages as well as differences occurring between the PBA reports and Heatmap. In particular, it includes the Heatmap component that analyzes the deployment of Palo Alto Networks and filters the data by making use of various group devices. To know more, this area also covers the feature section for Zone mapping, which helps you identify the best traffic to use by choosing the appropriate zone.

  • Securing Traffic

    This objective covers risk scenarios and how the appropriate profile can be applied. Included here are threat logs, security profiles, and customization for antivirus, anti-spyware, vulnerability protection, URL filtering, and file blocking. Also, there is a safe search and HTTP header logging. The next part is about firewall protection against packet & protocol attacks. Included within this topic are protections like Denial-of-Service, zone, flood attack, SYN cookies, UDP, ICMP, reconnaissance attack, packet-based attack, etc. What comes after is how cloud DNS security can be used by the firewall in controlling domains based on traffic and how the PAN-DB database can be used by the firewall for controlling websites based on traffic. At last, in this section, candidates will get equipped with the knowledge of URL filtering components and how to monitor access to them.

  • Identifying Users

    The PCNSA exam also looks at user identification and maps different IP addresses for them. Additionally, it considers controlling access to particular URLs by utilizing custom filtering categories for URL and identifying the proper user ID agent to be deployed. Also, it connects to how the mapping of firewalls to user groups is done and the ID configuration options for users.

 

NEW QUESTION 90
Actions can be set for which two items in a URL filtering security profile? (Choose two.)

  • A. Custom URL Categories
  • B. Allow List
  • C. PAN-DB URL Categories
  • D. Block List

Answer: B,D

Explanation:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/url-filtering-concepts/url-filtering-profile-actions

 

NEW QUESTION 91
Order the steps needed to create a new security zone with a Palo Alto Networks firewall.

Answer:

Explanation:

 

NEW QUESTION 92
At which stage of the cyber-attack lifecycle would the attacker attach an infected PDF file to an email?

  • A. installation
  • B. command and control
  • C. reinsurance
  • D. delivery
  • E. explotation

Answer: D

 

NEW QUESTION 93
Which interface type can use virtual routers and routing protocols?

  • A. Layer2
  • B. Tap
  • C. Virtual Wire
  • D. Layer3

Answer: D

 

NEW QUESTION 94
An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?

  • A. branch office traffic
  • B. perimeter traffic
  • C. east-west traffic
  • D. north-south traffic

Answer: C

 

NEW QUESTION 95
Which two security profile types can be attached to a security policy? (Choose two.)

  • A. antivirus
  • B. DDoS protection
  • C. vulnerability
  • D. threat

Answer: A,C

Explanation:
References:

 

NEW QUESTION 96
Given the cyber-attack lifecycle diagram identify the stage in which the attacker can run malicious code against a vulnerability in a targeted machine.

  • A. Exploitation
  • B. Installation
  • C. Reconnaissance
  • D. Act on the Objective

Answer: A

 

NEW QUESTION 97
Actions can be set for which two items in a URL filtering security profile? (Choose two.)

  • A. Block List
  • B. Custom URL Categories
  • C. PAN-DB URL Categories
  • D. Allow List

Answer: B,C

Explanation:
Explanation
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000boO3CAI

 

NEW QUESTION 98
Match each feature to the DoS Protection Policy or the DoS Protection Profile.

Answer:

Explanation:

 

NEW QUESTION 99
Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks Firewall? (Choose two.)

  • A. QoS-ID
  • B. Layer-ID
  • C. User-ID
  • D. App-ID

Answer: C,D

Explanation:
Explanation/Reference: http://www.firewall.cx/networking-topics/firewalls/palo-alto-firewalls/1152-palo-alto-firewall-single- pass-parallel-processing-hardware-architecture.html

 

NEW QUESTION 100
Which three statement describe the operation of Security Policy rules or Security Profiles? (Choose three)

  • A. Security policy rules inspect but do not block traffic.
  • B. Security Profile are attached to security policy rules.
  • C. Security Policy rules are attached to Security Profiles.
  • D. Security Profile should be used only on allowed traffic.
  • E. Security Policy rules can block or allow traffic.

Answer: B,C,D

 

NEW QUESTION 101
Which two statements are true for the DNS security service introduced in PAN-OS version 10.0?

  • A. It removes the 100K limit for DNS entries for the downloaded DNS updates.
  • B. It functions like PAN-DB and requires activation through the app portal.
  • C. IT eliminates the need for dynamic DNS updates.
  • D. IT is automatically enabled and configured.

Answer: A,B

 

NEW QUESTION 102
An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?

  • A. Create an Application Filter and name it Office Programs, then filter it on the business-systems category
  • B. Create an Application Filter and name it Office Programs, the filter it on the business-systems category, office-programs subcategory
  • C. Create an Application Group and add business-systems to it
  • D. Create an Application Group and add Office 365, Evernote, Google Docs, and Libre Office

Answer: C

 

NEW QUESTION 103
Which three configuration settings are required on a Palo Alto Network firewall management interface?
(Choose three.)

  • A. netmask
  • B. default gateway
  • C. IP address
  • D. auto-negotiation
  • E. hostname

Answer: A,B,C

Explanation:
Explanation/Reference: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClN7CAK

 

NEW QUESTION 104
An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?

  • A. branch office traffic
  • B. perimeter traffic
  • C. east-west traffic
  • D. north-south traffic

Answer: C

 

NEW QUESTION 105
Which two App-ID applications will need to be allowed to use Facebook-chat? (Choose two.)

  • A. facebook-chat
  • B. facebook-email
  • C. facebook-base
  • D. facebook

Answer: A,C

 

NEW QUESTION 106
Which type firewall configuration contains in-progress configuration changes?

  • A. committed
  • B. backup
  • C. running
  • D. candidate

Answer: C

 

NEW QUESTION 107
Actions can be set for which two items in a URL filtering security profile? (Choose two.)

  • A. Custom URL Categories
  • B. Allow List
  • C. PAN-DB URL Categories
  • D. Block List

Answer: B,D

Explanation:
Explanation

 

NEW QUESTION 108
Based on the security policy rules shown, ssh will be allowed on which port?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: A

 

NEW QUESTION 109
Which two configuration settings shown are not the default? (Choose two.)

  • A. Server Log Monitor Frequency (sec)
  • B. Enable Probing
  • C. Enable Session
  • D. Enable Security Log

Answer: A,C

Explanation:
Explanation/Reference:
Reference: https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-web-interface-help/user-identification/ device-user-identification-user-mapping/enable-server-monitoring

 

NEW QUESTION 110
What must be configured for the firewall to access multiple authentication profiles for external services to authenticate a non-local account?

  • A. LDAP server profile
  • B. authentication server list
  • C. authentication sequence
  • D. authentication list profile

Answer: C

 

NEW QUESTION 111
Which two statements are correct regarding multiple static default routes when they are configured as shown in the image? (Choose two.)

  • A. Route with lowest metric is actively used.
  • B. Path monitoring determines if route is useable.
  • C. Path monitoring does not determine if route is useable.
  • D. Route with highest metric is actively used.

Answer: A,B

Explanation:
Explanation

 

NEW QUESTION 112
......

A fully updated 2021 PCNSA Exam Dumps exam guide from training expert Fast2test: https://www.fast2test.com/PCNSA-premium-file.html

Practice To PCNSA - Fast2test Remarkable Practice On your Palo Alto Networks Certified Network Security Administrator Exam: https://drive.google.com/open?id=19NtpsGBM9t2T8lrO10bsTTfnYOIUE2uz

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어