100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
PCNSA Exam 2024 – Questions And Verified Answers $24.99   Add to cart

Exam (elaborations)

PCNSA Exam 2024 – Questions And Verified Answers

 6 views  0 purchase
  • Course
  • Institution

PCNSA Exam 2024 – Questions And Verified Answers

Preview 4 out of 53  pages

  • January 13, 2024
  • 53
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers
avatar-seller
PCNSA Exam 2024 – Questions And Verified Answers

Which Palo Alto Networks firewall security platform provides network
security for mobile endpoints by inspecting traffic deployed as internet
gateways?
A. GlobalProtect
B. AutoFocus
C. Aperture
D. Panorama Correct Ans - A. GlobalProtect

An administrator receives a global notification for a new malware that
infects hosts. The infection will result in the infected host attempting to
contact a command-and-control (C2) server. Which two security profile
components will detect and prevent this threat after the firewall's
signature database has been updated? (Choose two.)

A. vulnerability protection profile applied to outbound security policies
B. anti-spyware profile applied to outbound security policies
C. antivirus profile applied to outbound security policies
D. URL filtering profile applied to outbound security policies Correct
Ans - B, D - p. 140-141

When is the content inspection performed in the packet flow process?

A. after the application has been identified
B. after the SSL Proxy re-encrypts the packet
C. before the packet forwarding process
D. before session lookup Correct Ans - A - p. 122

An administrator is configuring a NAT ruleAt a minimum, which three
forms of information are required? (Choose three.)

A. name
B. source zone
C. destination interface
D. destination address
E. destination zone Correct Ans - B,D,E - p. 133-134

,Based on the graphic, what is the purpose of the SSL/TLS Service profile
configuration option?

A. It defines the SSUTLS encryption strength used to protect the
management interface.
B. It defines the CA certificate used to verify the client's browser.
C. It defines the certificate to send to the client's browser from the
management interface.
D. It defines the firewall's global SSL/TLS timeout values. Correct Ans -

In the example security policy shown, which two websites are blocked?
(Choose two.)

A. LinkedIn
B. Facebook
C. YouTube
D. Amazon Correct Ans - A, B

Which attribute can a dynamic address group use as a filtering condition to
determine its membership?
A. tag
B. wildcard mask
C. IP address
D. subnet mask Correct Ans - A - p. 85-86

A network administrator is required to use a dynamic routing protocol for
network connectivity.
Which three dynamic routing protocols are supported by the NGFW Virtual
Router for this purpose? (Choose three.)
A. RIP
B. OSPF
C. IS-IS
D. EIGRP
E. BGP Correct Ans - A,B,E-p.64

After making multiple changes to the candidate configuration of a firewall,
the administrator would like to start over with a candidate configuration
that matches the running configuration.

,Which command in Device > Setup > Operations would provide the most
operationally efficient way to accomplish this?
A. Import named config snapshot
B. Load named configuration snapshot
C. Revert to running configuration
D. Revert to last saved configuration Correct Ans - B - p. 23

Which stage of the cyber-attack lifecycle makes it important to provide
ongoing education to users on spear phishing links, unknown emails, and
risky websites?
A. reconnaissance
B. delivery
C. exploitation
D. installation Correct Ans - B

Which Palo Alto network security operating platform component provides
consolidated policy creation and centralized management?
A. Prisma SaaS
B. Panorama
C. AutoFocus
D. GlobalProtect Correct Ans - B

An administrator is reviewing the Security policy rules shown in the
screenshot below. Which statement is correct about the information
displayed?
A. Eleven rules use the "Infrastructure* tag.
B. The view Rulebase as Groups is checked.
C. There are seven Security policy rules on this firewall.
D. Highlight Unused Rules is checked. Correct Ans - B-

Which action can be set in a URL Filtering Security profile to provide users
temporary access to all websites in a given category using a provided
password?
A. exclude
B. continue
C. hold
D. override Correct Ans - D - p. 151-152

, Which feature would be useful for preventing traffic from hosting providers
that place few restrictions on content, whose services are frequently used
by attackers to distribute illegal or unethical material?
A. Palo Alto Networks Bulletproof IP Addresses
B. Palo Alto Networks C&C IP Addresses
C. Palo Alto Networks Known Malicious IP Addresses
D. Palo Alto Networks High-Risk IP Addresses Correct Ans - A - p.
95

An administrator would like to apply a more restrictive Security profile to
traffic for file sharing applications. The administrator does not want to
update the Security policy or object when new applications are released.
Which object should the administrator use as a match condition in the
Security policy?
A. the Content Delivery Networks URL category
B. the Online Storage and Backup URL category
C. an application group containing all of the file-sharing App-IDs reported
in the traffic logs
D. an application filter for applications whose subcategory is file-sharing
Correct Ans - D - p. 108

Identify the correct order to configure the PAN-OS integrated USER-ID
agent.
3. add the service account to monitor the server(s)
2. define the address of the servers to be monitored on the firewall
4. commit the configuration, and verify agent connection status
1. create a service account on the Domain Controller with sufficient
permissions to execute the User- ID agent
A. 2-3-4-1
B. 1-4-3-2
C. 3-1-2-4
D. 1-3-2-4 Correct Ans - D - p. 160

Based on the security policy rules shown, ssh will be allowed on which
port?
A. any port
B. same port as ssl and snmpv3
C. the default port
D. only ephemeral ports Correct Ans -

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Studyhall. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $24.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

77254 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$24.99
  • (0)
  Add to cart