If you want to ace the PCNSA exam on the 1st try, try SPOTO 100% authentic PCNSA dumps! SPOTO PCNSA exam practice tests cover 100% real PCNSA exam questions and answers to help you pass the PCNSA exam easily!
Categories | Exam Code | 100% Pass Dumps |
---|---|---|
Palo Alto | PSE Platform Professional ( STRATA ) | |
PCNSE | ||
PCNSC | ||
PCNSA | ||
PCCSA | ||
PCNSC proxy service |
This post lists out 10 PCNSA questions with verified answers. Try the demo below to assess yourself!
QUESTION 1
A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base. Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days on a content update notice. Based on the information, how is the SuperApp traffic affected after the 30 days have passed?
A. All traffic matching the SuperApp_chat and SuperApp_download is denied because it no longer matches the SuperApp-base application
B. No impact because the apps were automatically downloaded and installed
C. No impact because the firewall automatically adds the rules to the App-ID interface
D. All traffic matching the SuperApp_base, SuperApp_chat, and SuperApp_download is denied until the security administrator approves the applications
Correct Answer: A
QUESTION 2
How many zones can an interface be assigned with a Palo Alto Networks firewall?
A. two
B. three
C. four
D. one
Correct Answer: D
QUESTION 3
A company moved its old port-based firewall to a new Palo Alto Networks NGFW 60 days ago. Which utility should the company use to identify out-of-date or new rules on the firewall?
A. Rule Usage Filter > No App Specified
B. Rule Usage Filter >Hit Count > Unused in 30 days
C. Rule Usage Filter > Unused Apps
D. Rule Usage Filter > Hit Count > Unused in 90 days
Correct Answer: D
QUESTION 4
Which option shows the attributes that are selectable when setting up application filters?
A. Category, Subcategory, Technology, and Characteristic
B. Category, Subcategory, Technology, Risk, and Characteristic
C. Name, Category, Technology, Risk, and Characteristic
D. Category, Subcategory, Risk, Standard Ports, and Technology
Correct Answer: B
QUESTION 5
Actions can be set for which two items in a URL filtering security profile? (Choose two.)
A. Block List
B. Custom URL Categories
C. PAN-DB URL Categories
D. Allow List
Correct Answer: BC
QUESTION 6
Which two statements are correct about App-ID content updates? (Choose two.)
A. Updated application content may change how security policy rules are enforced
B. After an application content update, new applications must be manually classified before use
C. Existing security policy rules are not affected by application content updates
D. After an application content update, new applications are automatically identified and classified
Correct Answer: AD
QUESTION 7
Which User-ID mapping method should be used for an environment with clients that do not authenticate to Windows Active Directory?
A. Windows session monitoring via a domain controller
B. Windows session monitoring via a domain controller
C. Captive Portal
D. passive server monitoring using a PAN-OS integrated User-ID agent
Correct Answer: C
QUESTION 8
An administrator needs to allow users to use their office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?
A. Create an Application Filter and name it Office Programs, then filter it on the business-systems category, office-programs subcategory
B. Create an Application Group and add business systems to it
C. Create an Application Filter and name it Office Programs, then filter it on the business-systems category
D. Create an Application Group and add Office 365, Evernote, Google Docs, and Libre Office
Correct Answer: A
QUESTION 9
Complete the statement. A security profile can block or allow traffic.
A. on unknown-tcp or unknown-UDP traffic
B. after it is evaluated by a security policy that allows traffic
C. before a security policy evaluates it
D. after it is evaluated by a security policy that allows or blocks traffic
Correct Answer: B
QUESTION 10
Which interface does not require a MAC or IP address?
A. Virtual Wire
B. Layer3
C. Layer2
D. Loopback
Correct Answer: A
Conclusion
If you want more accurate and valid PCNSA exam dumps, get SPOTO to get real PCNSA exam questions! SPOTO 100% real PCNSA exam questions and answers can guarantee you a 100% pass.
Latest passing report-100% pass guarantee
Comments