• Home
  • Blogs
  • Prepare PCNSA Question Answers - PCNSA Exam Dumps [Q102-Q123]

Prepare PCNSA Question Answers - PCNSA Exam Dumps [Q102-Q123]

Share

Prepare PCNSA Question Answers - PCNSA Exam Dumps

Real Palo Alto Networks PCNSA Exam Questions [Updated 2021]


Palo Alto Networks PCNSA Practice Test Questions, Palo Alto Networks PCNSA Exam Practice Test Questions

The PCNSA: Palo Alto Networks Certified Network Security Administrator certification is designed to validate the professionals’ knowledge and skills in designing, installing configuring, and maintaining the majority of implementations on the Palo Alto Networks platform. Obtaining this certificate confirms that an individual has the requisite expertise to apply the Palo Alto Networks Next-Generation Firewall PAN-OS 10.0 platform in various environments.

 

NEW QUESTION 102
Complete the statement. A security profile can block or allow traffic.

  • A. before it is evaluated by a security policy
  • B. on unknown-tcp or unknown-udp traffic
  • C. after it is evaluated by a security policy that allows traffic
  • D. after it is evaluated by a security policy that allows or blocks traffic

Answer: C

Explanation:
Explanation
Security profiles are not used in the match criteria of a traffic flow. The security profile is applied to scan traffic after the application or category is allowed by the security policy.

 

NEW QUESTION 103
Match the Cyber-Attack Lifecycle stage to its correct description.

Answer:

Explanation:

Explanation
Reconnaissance - stage where the attacker scans for network vulnerabilities and services that can be exploited.
Installation - stage where the attacker will explore methods such as a root kit to establish persistence Command and Control - stage where the attacker has access to a specific server so they can communicate and pass data to and from infected devices within a network.
Act on the Objective - stage where an attacker has motivation for attacking a network to deface web property

 

NEW QUESTION 104
Based on the security policy rules shown, ssh will be allowed on which port?

  • A. any port
  • B. only ephemeral ports
  • C. same port as ssl and snmpv3
  • D. the default port

Answer: D

 

NEW QUESTION 105
A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base.
On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days.
Based on the information, how is the SuperApp traffic affected after the 30 days have passed?

  • A. No impact because the apps were automatically downloaded and installed
  • B. All traffic matching the SuperApp_base, SuperApp_chat, and SuperApp_download is denied until the security administrator approves the applications
  • C. No impact because the firewall automatically adds the rules to the App-ID interface
  • D. All traffic matching the SuperApp_chat, and SuperApp_download is denied because it no longer matches the SuperApp-base application

Answer: D

Explanation:
Explanation
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/manage-new-app-ids-introduced-in-content-r

 

NEW QUESTION 106
Based on the graphic which statement accurately describes the output shown in the server monitoring panel?

  • A. The host lab-client has been found by a domain controller.
  • B. The host lab-client has been found by the User-ID agent.
  • C. The User-ID agent is connected to a domain controller labeled lab-client.
  • D. The User-ID agent is connected to the firewall labeled lab-client.

Answer: A

 

NEW QUESTION 107
Which administrator type utilizes predefined roles for a local administrator account?

  • A. Device administrator
  • B. Superuser
  • C. Role-based
  • D. Dynamic

Answer: D

Explanation:
References:

 

NEW QUESTION 108
An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command-and-control (C2) server. Which two security profile components will detect and prevent this threat after the firewall's signature database has been updated? (Choose two.)

  • A. anti-spyware profile applied to outbound security policies
  • B. vulnerability protection profile applied to outbound security policies
  • C. antivirus profile applied to outbound security policies
  • D. URL filtering profile applied to outbound security policies

Answer: A,D

Explanation:
References:

 

NEW QUESTION 109
Which interface does not require a MAC or IP address?

  • A. Virtual Wire
  • B. Loopback
  • C. Layer2
  • D. Layer3

Answer: A

Explanation:
Explanation/Reference:

 

NEW QUESTION 110
When creating a Source NAT policy, which entry in the Translated Packet tab will display the options Dynamic IP and Port, Dynamic, Static IP, and None?

  • A. Translation Type
  • B. Address Type
  • C. Interface
  • D. IP Address

Answer: A

 

NEW QUESTION 111
In the example security policy shown, which two websites would be blocked? (Choose two.)

  • A. Amazon
  • B. Facebook
  • C. YouTube
  • D. LinkedIn

Answer: B,D

 

NEW QUESTION 112
Which plane on a Palo alto networks firewall provides configuration logging and reporting functions on a separate processor?

  • A. management
  • B. network processing
  • C. data
  • D. security processing

Answer: A

 

NEW QUESTION 113
At which stage of the cyber-attack lifecycle would the attacker attach an infected PDF file to an email?

  • A. reinsurance
  • B. command and control
  • C. delivery
  • D. installation
  • E. explotation

Answer: C

 

NEW QUESTION 114
Place the following steps in the packet processing order of operations from first to last.

Answer:

Explanation:

 

NEW QUESTION 115
An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command-and-control (C2) server. Which two security profile components will detect and prevent this threat after the firewall's signature database has been updated?
(Choose two.)

  • A. anti-spyware profile applied to outbound security policies
  • B. vulnerability protection profile applied to outbound security policies
  • C. antivirus profile applied to outbound security policies
  • D. URL filtering profile applied to outbound security policies

Answer: A,D

Explanation:
Explanation/Reference:
Reference: https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/policy/create-best-practice- security-profiles

 

NEW QUESTION 116
Match the Palo Alto Networks Security Operating Platform architecture to its description.

Answer:

Explanation:

Explanation:
Threat Intelligence Cloud - Gathers, analyzes, correlates, and disseminates threats to and from the network and endpoints located within the network.
Next-Generation Firewall - Identifies and inspects all traffic to block known threats Advanced Endpoint Protection - Inspects processes and files to prevent known and unknown exploits

 

NEW QUESTION 117
How many zones can an interface be assigned with a Palo Alto Networks firewall?

  • A. one
  • B. three
  • C. two
  • D. four

Answer: A

 

NEW QUESTION 118
Match the network device with the correct User-ID technology.

Answer:

Explanation:

 

NEW QUESTION 119
What is the minimum timeframe that can be set on the firewall to check for new WildFire signatures?

  • A. once every 24 hours
  • B. every 1 minute
  • C. every 30 minutes
  • D. every 5 minutes

Answer: B

Explanation:
Because new WildFire signatures are now available every five minutes, it is a best practice to use this setting to ensure the firewall retrieves these signatures within a minute of availability.

 

NEW QUESTION 120
Match the Cyber-Attack Lifecycle stage to its correct description.

Answer:

Explanation:

Explanation
Reconnaissance - stage where the attacker scans for network vulnerabilities and services that can be exploited.
Installation - stage where the attacker will explore methods such as a root kit to establish persistence Command and Control - stage where the attacker has access to a specific server so they can communicate and pass data to and from infected devices within a network.
Act on the Objective - stage where an attacker has motivation for attacking a network to deface web property

 

NEW QUESTION 121
Starting with PAN-OS version 9.1, which new type of object is supported for use within the User field of a Security policy rule?

  • A. remote username
  • B. local username
  • C. static user group
  • D. dynamic user group

Answer: D

 

NEW QUESTION 122
A company moved its old port-based firewall to a new Palo Alto Networks NGFW 60 days ago. Which utility should the company use to identify out-of-date or unused rules on the firewall?

  • A. Rule Usage Filter > No App Specified
  • B. Rule Usage Filter >Hit Count > Unused in 30 days
  • C. Rule Usage Filter > Unused Apps
  • D. Rule Usage Filter > Hit Count > Unused in 90 days

Answer: B

 

NEW QUESTION 123
......

PCNSA Exam Dumps Pass with Updated 2021: https://www.actualtestsquiz.com/PCNSA-test-torrent.html

Free PCNSA Exam Dumps to Pass Exam Easily: https://drive.google.com/open?id=1WVO7DSUFdg8GoiZtzzTXGM2u5yyQ5Ekv

Related Blogs

more
Palo Alto Networks PCNSA Certification Practice Exam

ActualTestsQuiz offers best test Quiz materials to help all candidates pass exams and obtain certification successfully all over the world. If you are eager to obtain a certification, we will be your best select.

Latest Update

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 ACTUALTESTSQUIZ.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor. Privacy Policy