100% Pass Top-selling PCNSA Exams - New 2021 Palo Alto Networks Pratice Exam
Paloalto Network Security Administrator Dumps PCNSA Exam for Full Questions - Exam Study Guide
NEW QUESTION 29
Match the Palo Alto Networks Security Operating Platform architecture to its description.
Answer:
Explanation:
NEW QUESTION 30
Match the network device with the correct User-ID technology.
Answer:
Explanation:
Explanation
Microsoft Exchange - Server monitoring
Linux authentication - syslog monitoring
Windows Client - client probing
Citrix client - Terminal Services agent
NEW QUESTION 31
Which action results in the firewall blocking network traffic without notifying the sender?
- A. Deny
- B. Reset Client
- C. Drop
- D. No notification
Answer: C
NEW QUESTION 32
Given the topology, which zone type should zone A and zone B to be configured with?
- A. Layer3
- B. Tap
- C. Virtual Wire
- D. Layer2
Answer: A
NEW QUESTION 33
When creating a Source NAT policy, which entry in the Translated Packet tab will display the options Dynamic IP and Port, Dynamic, Static IP, and None?
- A. IP Address
- B. Interface
- C. Address Type
- D. Translation Type
Answer: D
NEW QUESTION 34
Match the Palo Alto Networks Security Operating Platform architecture to its description.
Answer:
Explanation:
NEW QUESTION 35
Which five Zero Trust concepts does a Palo Alto Networks firewall apply to achieve an integrated approach to prevent threats? (Choose five.)
- A. User identification
- B. Filtration protection
- C. Vulnerability protection
- D. Anti-spyware
- E. Antivirus
- F. Application identification
Answer: A,C,D,E,F
Explanation:
Explanation/Reference:
NEW QUESTION 36
Which plane on a Palo alto networks firewall provides configuration logging and reporting functions on a separate processor?
- A. data
- B. security processing
- C. network processing
- D. management
Answer: D
NEW QUESTION 37
Which five Zero Trust concepts does a Palo Alto Networks firewall apply to achieve an integrated approach to prevent threats? (Choose five.)
- A. User identification
- B. Filtration protection
- C. Vulnerability protection
- D. Anti-spyware
- E. Antivirus
- F. Application identification
Answer: A,C,D,E,F
NEW QUESTION 38
At which point in the app-ID update process can you determine if an existing policy rule is affected by an app-ID update?
- A. after clicking Check New in the Dynamic Update window
- B. after downloading the update
- C. after installing the update
- D. after connecting the firewall configuration
Answer: B
NEW QUESTION 39
Based on the show security policy rule would match all FTP traffic from the inside zone to the outside zone?
- A. intercone-default
- B. internal-inside-dmz
- C. engress outside
- D. inside-portal
Answer: A
NEW QUESTION 40
Based on the security policy rules shown, ssh will be allowed on which port?
- A. the default port
- B. only ephemeral ports
- C. same port as ssl and snmpv3
- D. any port
Answer: A
NEW QUESTION 41
Which option is part of the content inspection process?
- A. Packet forwarding process
- B. IPsec tunnel encryption
- C. SSL Proxy re-encrypt
- D. Packet egress process
Answer: C
NEW QUESTION 42
Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can initiate malicious code against a targeted machine.
- A. Act on Objective
- B. Installation
- C. Reconnaissance
- D. Exploitation
Answer: D
NEW QUESTION 43
Match the Palo Alto Networks Security Operating Platform architecture to its description.
Answer:
Explanation:
Explanation
Threat Intelligence Cloud - Gathers, analyzes, correlates, and disseminates threats to and from the network and endpoints located within the network.
Next-Generation Firewall - Identifies and inspects all traffic to block known threats Advanced Endpoint Protection - Inspects processes and files to prevent known and unknown exploits
NEW QUESTION 44 
Given the topology, which zone type should interface E1/1 be configured with?
- A. Tap
- B. Virtual Wire
- C. Layer3
- D. Tunnel
Answer: A
NEW QUESTION 45
Match the Cyber-Attack Lifecycle stage to its correct description.
Answer:
Explanation:
Explanation
Reconnaissance - stage where the attacker scans for network vulnerabilities and services that can be exploited.
Installation - stage where the attacker will explore methods such as a root kit to establish persistence Command and Control - stage where the attacker has access to a specific server so they can communicate and pass data to and from infected devices within a network.
Act on the Objective - stage where an attacker has motivation for attacking a network to deface web property
NEW QUESTION 46
Based on the show security policy rule would match all FTP traffic from the inside zone to the outside zone?
- A. internal-inside-dmz
- B. engress outside
- C. inside-portal
- D. intercone-default
Answer: B
NEW QUESTION 47
Match the Palo Alto Networks Security Operating Platform architecture to its description.
Answer:
Explanation:
Explanation
Threat Intelligence Cloud - Gathers, analyzes, correlates, and disseminates threats to and from the network and endpoints located within the network.
Next-Generation Firewall - Identifies and inspects all traffic to block known threats Advanced Endpoint Protection - Inspects processes and files to prevent known and unknown exploits
NEW QUESTION 48
......
Authentic Best resources for PCNSA Online Practice Exam: https://www.actual4labs.com/Palo-Alto-Networks/PCNSA-actual-exam-dumps.html
PCNSA Test Engine Practice Exam: https://drive.google.com/open?id=1_w773r2ycKSvRNroQn8DDTpS4WSrYpQv