Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

PCNSA Exam Dumps - Paloalto Networks Network Security Administrator Questions and Answers

Question # 54

Based on the screenshot what is the purpose of the group in User labelled ''it"?

Options:

A.

Allows users to access IT applications on all ports

B.

Allows users in group "DMZ" lo access IT applications

C.

Allows "any" users to access servers in the DMZ zone

D.

Allows users in group "it" to access IT applications

Buy Now
Question # 55

Based on the security policy rules shown, ssh will be allowed on which port?

Options:

A.

80

B.

53

C.

22

D.

23

Buy Now
Question # 56

The PowerBall Lottery has reached an unusually high value this week. Your company has decided to raise morale by allowing employees to access the PowerBall Lottery website (www.powerball.com) for just this week. However, the company does not want employees to access any other websites also listed in the URL filtering “gambling” category.

Which method allows the employees to access the PowerBall Lottery website but without unblocking access to the “gambling” URL category?

Options:

A.

Add just the URL www.powerball.com to a Security policy allow rule.

B.

Manually remove powerball.com from the gambling URL category.

C.

Add *.powerball.com to the URL Filtering allow list.

D.

Create a custom URL category, add *.powerball.com to it and allow it in the Security Profile.

Buy Now
Question # 57

Prior to a maintenance-window activity, the administrator would like to make a backup of only the running configuration to an external location.

What command in Device > Setup > Operations would provide the most operationally efficient way to achieve this outcome?

Options:

A.

save named configuration snapshot

B.

export device state

C.

export named configuration snapshot

D.

save candidate config

Buy Now
Question # 58

What must be configured for the firewall to access multiple authentication profiles for external services to authenticate a non-local account?

Options:

A.

authentication sequence

B.

LDAP server profile

C.

authentication server list

D.

authentication list profile

Buy Now
Question # 59

The compliance officer requests that all evasive applications need to be blocked on all perimeter firewalls out to the internet The firewall is configured with two zones;

1. trust for internal networks

2. untrust to the internet

Based on the capabilities of the Palo Alto Networks NGFW, what are two ways to configure a security policy using App-ID to comply with this request? (Choose two )

Options:

A.

Create a deny rule at the top of the policy from trust to untrust with service application-default and add an application filter with the evasive characteristic

B.

Create a deny rule at the top of the policy from trust to untrust over any service and select evasive as the application

C.

Create a deny rule at the top of the policy from trust to untrust with service application-default and select evasive as the application

D.

Create a deny rule at the top of the policy from trust to untrust over any service and add an application filter with the evasive characteristic

Buy Now
Question # 60

In which three places on the PAN-OS interface can the application characteristics be found? (Choose three.)

Options:

A.

Objects tab > Application Filters

B.

Policies tab > Security

C.

ACC tab > Global Filters

D.

Objects tab > Application Groups

E.

Objects tab > Applications

Buy Now
Question # 61

Which interface type is used to monitor traffic and cannot be used to perform traffic shaping?

Options:

A.

Layer 2

B.

Tap

C.

Layer 3

D.

Virtual Wire

Buy Now
Question # 62

The firewall sends employees an application block page when they try to access Youtube.

Which Security policy rule is blocking the youtube application?

Options:

A.

intrazone-default

B.

Deny Google

C.

allowed-security services

D.

interzone-default

Buy Now
Question # 63

Which statement is true about Panorama managed devices?

Options:

A.

Panorama automatically removes local configuration locks after a commit from Panorama

B.

Local configuration locks prohibit Security policy changes for a Panorama managed device

C.

Security policy rules configured on local firewalls always take precedence

D.

Local configuration locks can be manually unlocked from Panorama

Buy Now
Exam Code: PCNSA
Exam Name: Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)
Last Update: Apr 1, 2025
Questions: 364
PCNSA pdf

PCNSA PDF

$25.5  $84.99
PCNSA Engine

PCNSA Testing Engine

$28.5  $94.99
PCNSA PDF + Engine

PCNSA PDF + Testing Engine

$40.5  $134.99