The Palo Alto Networks Certified Network Security Administrator certification assists network security administrators in gaining the skills necessary to implement and operate the Palo Alto Networks Next-Generation Firewall (NGFWs). It assists the applicant in acquiring the necessary skills to operate in the field of cyber-security. People who manage Palo Alto Networks Next-Generation Firewalls to safeguard networks from cutting-edge cyberthreats are targeted by the PCNSA.
QUESTION 1
An administrator has configured a Security policy where the matching condition includes a single application, and the action is deny. If the application’s default deny action is reset-both, what action does the firewall take?
A. It silently drops the traffic and sends an ICMP unreachable code.
B. It sends a TCP reset to the client-side and server-side devices.
C. It silently drops the traffic.
D. It sends a TCP reset to the server-side device.
Correct Answer: B
QUESTION 2
Assume that traffic matches a Security policy rule but the attached Security Profiles is configured to block matching traffic. Which statement accurately describes how the firewall will apply an action to matching traffic?
A. If it is a block rule, then Security Profile action is applied last.
B. If it is a block rule, then the Security policy rule action is applied last.
C. If it is an allowed rule, then the Security Profile action is applied last.
D. If it is an allow rule, then the Security policy rule is applied last.
Correct Answer: C
QUESTION 3
What does an administrator use to validate whether a session is matching an expected NAT policy?
A. system logs
B. test command
C. traffic log
D. config audit
Correct Answer: B
QUESTION 4
The compliance officer requests that all P2P (Peer-to-Peer) communication needs to be blocked on all of your perimeter firewalls out to the internet. The firewall is configured with two zones.
1. trust for internal networks
2. untrust to the internet
Based on the capabilities of the Palo Alto Networks NGFW, what are two ways to configure a security policy using App-ID to comply with this request? (Choose two.)
A. Create a deny rule at the top of the policy from trust to untrust over any service and add an Application Filter with P2P.
B. Create a deny rule at the top of the policy from trust to untrust over any service and select P2P as the application.
C. Create a deny rule at the top of the policy from trust to untrust with service application-default and add an Application Filter with P2P.
D. Create a deny rule at the top of the policy from trust to untrust with service application-default and select P2P as the application.
Correct Answer: AC
QUESTION 5
Which license is required to use the Palo Alto Networks built-in IP address EDLs?
A. Threat Prevention
B. WildFire
C. DNS Security
D. SD-Wan
Correct Answer: A
QUESTION 6
Which administrative management services can be configured to access a management interface?
A. HTTPS, SSH, telnet, SNMP
B. SSH, telnet, HTTP, HTTPS
C. HTTPS, HTTP, CLI, API
D. HTTP, CLI, SNMP, HTTPS
Correct Answer: B
QUESTION 7
Which firewall component enables you to configure asset protection settings?
A. QoS profile
B. DoS Protection policy
C. DoS Protection profile
D. Zone Protection profile
Correct Answer: C
QUESTION 8
What are two valid types of custom URL category? (Choose two.)
A. dynamic
B. category match
C. wildcard
D. URL list
Correct Answer: BD
QUESTION 9
An administrator is reviewing another administrator’s Security policy log settings. Which log setting configuration is consistent with best practices for normal traffic?
A. Log at Session Start and Log at Session End both disabled
B. Log at Session Start enabled, Log at Session End disabled
C. Log at Session Start disabled, Log at Session End enabled
D. Log at Session Start and Log at Session End both enabled
Correct Answer: B
QUESTION 10
Which advanced feature does the PAN DNS Security service provide?
A. sandbox environment for malicious domain testing
B. custom DNS signature creation
C. protection for data in motion and data at rest via pre-defined patterns
D. real-time protections using advanced predictive analytics
Correct Answer: B
Conclusion
Our PCNSA practice questions and answers cover all of the topics covered on the Palo Alto PCNSA exam, so you’ll be prepared to pass the real PCNSA exam. Get a deal on the most current dump right now!
Comments