Paloalto Network Security Administrator PCNSA Dumps | Updated Nov 18, 2021 - Fast2test
Master 2021 Latest The Questions Paloalto Network Security Administrator and Pass PCNSA Real Exam!
What Areas PCNSA Assesses You on?
There are six different domains covered under this certification exam. These areas and their details are as follows:
- Traffic Visibility
Traffic visibility concerns rules for security and this covers application shifts, dependent applications, and implicit applications as well as determining them. Such a topic is also about application filters or groups, application characteristics, properties, timeouts, and tools for optimizing security policies. The last part concerns features for streamlining policy creation for App-ID such as application tags and dependencies and explicit app dependency resolution targeting workflows.
- Simply Passing Traffic
To start is the subsection on identifying and configuring management interfaces for the firewall. It covers access to the firewalls for Palo Alto Networks, steps to gaining access to firewall, methods for managing firewall, services for firewall, etc. Managing firewall features is next with a focus on configurations for candidates, running, last saved, saved name configuration snapshot, export and import device states, and more. There is also configuring internal as well as external services targeting account administration, administrative roles, authentication sequence, configuration logs, etc. What follows further is the domain of firewall interfaces that include Ethernet, Virtual, Layer 2, Tap, Layer 3, and aggregate. Some parts cover security zones and virtual routers while others focus on the function of specific types of security, followed by identifying and configuring conditions, logging options, security policies. Also, implicit in addition to explicit rules and security rule hit count are to be covered by the PCNSA test. Finally, are the matters of NAT solution implementation covering NAT types, configuring source NAT, and more.
- Palo Alto Networks Cybersecurity Portfolio Core
First, this topic is concerned with identifying the components alongside operations targeting the architecture of Single-Pass Parallel Processing. In addition, candidates will learn more about Strata Security for organizations, Prismas Security for the Cloud, and Cortex Security Operational procedures. The next area to be covered here is centered on the stages of the lifecycle of a cyberattack as well as the firewall mitigations which are capable of preventing attacks. To finalize, this domain describes the Zero Trust model as well as traffic moving via networks.
- Deployment Optimization
This topic engages the advantages as well as differences occurring between the PBA reports and Heatmap. In particular, it includes the Heatmap component that analyzes the deployment of Palo Alto Networks and filters the data by making use of various group devices. To know more, this area also covers the feature section for Zone mapping, which helps you identify the best traffic to use by choosing the appropriate zone.
- Securing Traffic
This objective covers risk scenarios and how the appropriate profile can be applied. Included here are threat logs, security profiles, and customization for antivirus, anti-spyware, vulnerability protection, URL filtering, and file blocking. Also, there is a safe search and HTTP header logging. The next part is about firewall protection against packet & protocol attacks. Included within this topic are protections like Denial-of-Service, zone, flood attack, SYN cookies, UDP, ICMP, reconnaissance attack, packet-based attack, etc. What comes after is how cloud DNS security can be used by the firewall in controlling domains based on traffic and how the PAN-DB database can be used by the firewall for controlling websites based on traffic. At last, in this section, candidates will get equipped with the knowledge of URL filtering components and how to monitor access to them.
- Identifying Users
The PCNSA exam also looks at user identification and maps different IP addresses for them. Additionally, it considers controlling access to particular URLs by utilizing custom filtering categories for URL and identifying the proper user ID agent to be deployed. Also, it connects to how the mapping of firewalls to user groups is done and the ID configuration options for users.
NEW QUESTION 90
Actions can be set for which two items in a URL filtering security profile? (Choose two.)
- A. Custom URL Categories
- B. Allow List
- C. PAN-DB URL Categories
- D. Block List
Answer: B,D
Explanation:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/url-filtering-concepts/url-filtering-profile-actions
NEW QUESTION 91
Order the steps needed to create a new security zone with a Palo Alto Networks firewall.
Answer:
Explanation:
NEW QUESTION 92
At which stage of the cyber-attack lifecycle would the attacker attach an infected PDF file to an email?
- A. installation
- B. command and control
- C. reinsurance
- D. delivery
- E. explotation
Answer: D
NEW QUESTION 93
Which interface type can use virtual routers and routing protocols?
- A. Layer2
- B. Tap
- C. Virtual Wire
- D. Layer3
Answer: D
NEW QUESTION 94
An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?
- A. branch office traffic
- B. perimeter traffic
- C. east-west traffic
- D. north-south traffic
Answer: C
NEW QUESTION 95
Which two security profile types can be attached to a security policy? (Choose two.)
- A. antivirus
- B. DDoS protection
- C. vulnerability
- D. threat
Answer: A,C
Explanation:
References:
NEW QUESTION 96
Given the cyber-attack lifecycle diagram identify the stage in which the attacker can run malicious code against a vulnerability in a targeted machine.
- A. Exploitation
- B. Installation
- C. Reconnaissance
- D. Act on the Objective
Answer: A
NEW QUESTION 97
Actions can be set for which two items in a URL filtering security profile? (Choose two.)
- A. Block List
- B. Custom URL Categories
- C. PAN-DB URL Categories
- D. Allow List
Answer: B,C
Explanation:
Explanation
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000boO3CAI
NEW QUESTION 98
Match each feature to the DoS Protection Policy or the DoS Protection Profile.
Answer:
Explanation:
NEW QUESTION 99
Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks Firewall? (Choose two.)
- A. QoS-ID
- B. Layer-ID
- C. User-ID
- D. App-ID
Answer: C,D
Explanation:
Explanation/Reference: http://www.firewall.cx/networking-topics/firewalls/palo-alto-firewalls/1152-palo-alto-firewall-single- pass-parallel-processing-hardware-architecture.html
NEW QUESTION 100
Which three statement describe the operation of Security Policy rules or Security Profiles? (Choose three)
- A. Security policy rules inspect but do not block traffic.
- B. Security Profile are attached to security policy rules.
- C. Security Policy rules are attached to Security Profiles.
- D. Security Profile should be used only on allowed traffic.
- E. Security Policy rules can block or allow traffic.
Answer: B,C,D
NEW QUESTION 101
Which two statements are true for the DNS security service introduced in PAN-OS version 10.0?
- A. It removes the 100K limit for DNS entries for the downloaded DNS updates.
- B. It functions like PAN-DB and requires activation through the app portal.
- C. IT eliminates the need for dynamic DNS updates.
- D. IT is automatically enabled and configured.
Answer: A,B
NEW QUESTION 102
An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?
- A. Create an Application Filter and name it Office Programs, then filter it on the business-systems category
- B. Create an Application Filter and name it Office Programs, the filter it on the business-systems category, office-programs subcategory
- C. Create an Application Group and add business-systems to it
- D. Create an Application Group and add Office 365, Evernote, Google Docs, and Libre Office
Answer: C
NEW QUESTION 103
Which three configuration settings are required on a Palo Alto Network firewall management interface?
(Choose three.)
- A. netmask
- B. default gateway
- C. IP address
- D. auto-negotiation
- E. hostname
Answer: A,B,C
Explanation:
Explanation/Reference: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClN7CAK
NEW QUESTION 104
An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?
- A. branch office traffic
- B. perimeter traffic
- C. east-west traffic
- D. north-south traffic
Answer: C
NEW QUESTION 105
Which two App-ID applications will need to be allowed to use Facebook-chat? (Choose two.)
- A. facebook-chat
- B. facebook-email
- C. facebook-base
- D. facebook
Answer: A,C
NEW QUESTION 106
Which type firewall configuration contains in-progress configuration changes?
- A. committed
- B. backup
- C. running
- D. candidate
Answer: C
NEW QUESTION 107
Actions can be set for which two items in a URL filtering security profile? (Choose two.)
- A. Custom URL Categories
- B. Allow List
- C. PAN-DB URL Categories
- D. Block List
Answer: B,D
Explanation:
Explanation
NEW QUESTION 108
Based on the security policy rules shown, ssh will be allowed on which port?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: A
NEW QUESTION 109
Which two configuration settings shown are not the default? (Choose two.)
- A. Server Log Monitor Frequency (sec)
- B. Enable Probing
- C. Enable Session
- D. Enable Security Log
Answer: A,C
Explanation:
Explanation/Reference:
Reference: https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-web-interface-help/user-identification/ device-user-identification-user-mapping/enable-server-monitoring
NEW QUESTION 110
What must be configured for the firewall to access multiple authentication profiles for external services to authenticate a non-local account?
- A. LDAP server profile
- B. authentication server list
- C. authentication sequence
- D. authentication list profile
Answer: C
NEW QUESTION 111
Which two statements are correct regarding multiple static default routes when they are configured as shown in the image? (Choose two.)
- A. Route with lowest metric is actively used.
- B. Path monitoring determines if route is useable.
- C. Path monitoring does not determine if route is useable.
- D. Route with highest metric is actively used.
Answer: A,B
Explanation:
Explanation
NEW QUESTION 112
......
A fully updated 2021 PCNSA Exam Dumps exam guide from training expert Fast2test: https://www.fast2test.com/PCNSA-premium-file.html
Practice To PCNSA - Fast2test Remarkable Practice On your Palo Alto Networks Certified Network Security Administrator Exam: https://drive.google.com/open?id=19NtpsGBM9t2T8lrO10bsTTfnYOIUE2uz