[Q38-Q57] Updated Nov-2022 Exam Engine or PDF for the PCNSA Tests Free Updated Today!

Share

Updated Nov-2022 Exam Engine or PDF for the PCNSA Tests Free Updated Today!

Ultimate Guide to Prepare PCNSA with Accurate PDF Questions

NEW QUESTION 38
The CFO found a USB drive in the parking lot and decide to plug it into their corporate laptop. The USB drive had malware on it that loaded onto their computer and then contacted a known command and control (CnC) server, which ordered the infected machine to begin Exfiltrating data from the laptop.
Which security profile feature could have been used to prevent the communication with the CnC server?

  • A. Create an anti-spyware profile and enable DNS Sinkhole
  • B. Create a URL filtering profile and block the DNS Sinkhole category
  • C. Create a security policy and enable DNS Sinkhole
  • D. Create an antivirus profile and enable DNS Sinkhole

Answer: A

Explanation:
https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-web-interface-help/objects/objects-security-profiles-anti-spyware-profile

 

NEW QUESTION 39
Which two App-ID applications will need to be allowed to use facebook-chat? (Choose two.)

  • A. facebook
  • B. facebook-chat
  • C. facebook-base
  • D. facebook-email

Answer: B,C

Explanation:
Explanation/Reference: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV0CAK

 

NEW QUESTION 40
How frequently can wildfire updates be made available to firewalls?

  • A. every 5 minutes
  • B. every 30 minutes
  • C. every 15 m utes
  • D. every 60 minutes

Answer: A

 

NEW QUESTION 41

Given the topology, which zone type should interface E1/1 be configured with?

  • A. Layer3
  • B. Virtual Wire
  • C. Tap
  • D. Tunnel

Answer: C

 

NEW QUESTION 42
Match the Palo Alto Networks Security Operating Platform architecture to its description.

Answer:

Explanation:

Explanation
Threat Intelligence Cloud - Gathers, analyzes, correlates, and disseminates threats to and from the network and endpoints located within the network.
Next-Generation Firewall - Identifies and inspects all traffic to block known threats Advanced Endpoint Protection - Inspects processes and files to prevent known and unknown exploits

 

NEW QUESTION 43
Based on the screenshot presented which column contains the link that when clicked opens a window to display all applications matched to the policy rule?

  • A. Apps Allowed
  • B. Apps Seen
  • C. Name
  • D. Service

Answer: B

 

NEW QUESTION 44
Order the steps needed to create a new security zone with a Palo Alto Networks firewall.

Answer:

Explanation:

Explanation
Step 1 - Select network tab
Step 2 - Select zones from the list of available items
Step 3 - Select Add
Step 4 - Specify Zone Name
Step 5 - Specify Zone Type
Step 6 - Assign interfaces as needed

 

NEW QUESTION 45
Which two features can be used to tag a user name so that it is included in a dynamic user group? (Choose two)

  • A. User-ID Windows-based agent
  • B. log forwarding auto-tagging
  • C. XML API
  • D. GlobalProtect agent

Answer: A,D

 

NEW QUESTION 46
An administrator is reviewing the Security policy rules shown in the screenshot below.
Which statement is correct about the information displayed?

  • A. There are seven Security policy rules on this firewall.
  • B. Eleven rules use the "Infrastructure* tag.
  • C. Highlight Unused Rules is checked.
  • D. The view Rulebase as Groups is checked.

Answer: D

 

NEW QUESTION 47
Based on the screenshot presented which column contains the link that when clicked opens a window to display all applications matched to the policy rule?

  • A. Name
  • B. Apps Allowed
  • C. Apps Seen
  • D. Service

Answer: A

 

NEW QUESTION 48
Based on the screenshot what is the purpose of the group in User labelled ''it"?

  • A. Allows users in group "it" to access IT applications
  • B. Allows users to access IT applications on all ports
  • C. Allows users in group "DMZ" lo access IT applications
  • D. Allows "any" users to access servers in the DMZ zone

Answer: A

 

NEW QUESTION 49
An administrator wants to create a NAT policy to allow multiple source IP addresses to be translated to the same public IP address. What is the most appropriate NAT policy to achieve this?

  • A. Dynamic IP
  • B. Static IP
  • C. Dynamic IP and Port
  • D. Destination

Answer: C

 

NEW QUESTION 50
Given the image, which two options are true about the Security policy rules. (Choose two.)

  • A. In the Allow FTP to web server rule, FTP is allowed using App-ID
  • B. The Allow Office Programs rule is using an Application Group
  • C. The Allow Office Programs rule is using an Application Filter
  • D. In the Allow Social Networking rule, allows all of Facebook's functions

Answer: C,D

 

NEW QUESTION 51
Which dynamic update type includes updated anti-spyware signatures?

  • A. Antivirus
  • B. PAN-DB
  • C. Applications and Threats
  • D. GlobalProtect Data File

Answer: C

 

NEW QUESTION 52
Which statement is true regarding a Best Practice Assessment?

  • A. The assessment, guided by an experienced sales engineer, helps determine the areas of greatest risk where you should focus prevention activities
  • B. The BPA tool can be run only on firewalls
  • C. It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture
  • D. It provides a percentage of adoption for each assessment data

Answer: D

 

NEW QUESTION 53
Given the topology, which zone type should zone A and zone B to be configured with?

  • A. Tap
  • B. Virtual Wire
  • C. Layer2
  • D. Layer3

Answer: D

 

NEW QUESTION 54
Which feature would be useful for preventing traffic from hosting providers that place few restrictions on content, whose services are frequently used by attackers to distribute illegal or unethical material?

  • A. Palo Alto Networks High-Risk IP Addresses
  • B. Palo Alto Networks C&C IP Addresses
  • C. Palo Alto Networks Bulletproof IP Addresses
  • D. Palo Alto Networks Known Malicious IP Addresses

Answer: C

Explanation:
To block hosts that use bulletproof hosts to provide malicious, illegal, and/or unethical content, use the bulletproof IP address list in policy.
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/content-inspection-features/edl-for-bulletproof-isps#:~:text=A%20new%20built%2Din%20external,%2C%20illegal%2C%20and%20unethical%20content.

 

NEW QUESTION 55
You receive notification about new malware that is being used to attack hosts The malware exploits a software bug in a common application Which Security Profile detects and blocks access to this threat after you update the firewall's threat signature database?

  • A. Vulnerability Profile applied to inbound Security policy rules
  • B. Data Filtering Profile applied to inbound Security policy rules
  • C. Antivirus Profile applied to outbound Security policy rules
  • D. Data Filtering Profile applied to outbound Security policy rules

Answer: A

 

NEW QUESTION 56
Given the image, which two options are true about the Security policy rules. (Choose two.)

  • A. In the Allow Social Networking rule, allows all of Facebook's functions
  • B. The Allow Office Programs rule is using an Application Group
  • C. The Allow Office Programs rule is using an Application Filter
  • D. In the Allow FTP to web server rule, FTP is allowed using App-ID

Answer: B,D

 

NEW QUESTION 57
......

Pass Palo Alto Networks With Fast2test Exam Dumps: https://www.fast2test.com/PCNSA-premium-file.html

Fully Updated PCNSA Dumps - 100% Same Q&A In Your Real Exam: https://drive.google.com/open?id=19NtpsGBM9t2T8lrO10bsTTfnYOIUE2uz

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어