PCNSA Exam Dumps - Paloalto Networks Network Security Administrator Questions and Answers

Question # 54

Based on the screenshot what is the purpose of the group in User labelled ''it"?

Options:

Allows users to access IT applications on all ports

Allows users in group "DMZ" lo access IT applications

Allows "any" users to access servers in the DMZ zone

Allows users in group "it" to access IT applications

Buy Now

Question # 55

Based on the security policy rules shown, ssh will be allowed on which port?

Options:

Buy Now

Question # 56

The PowerBall Lottery has reached an unusually high value this week. Your company has decided to raise morale by allowing employees to access the PowerBall Lottery website (www.powerball.com) for just this week. However, the company does not want employees to access any other websites also listed in the URL filtering “gambling” category.

Which method allows the employees to access the PowerBall Lottery website but without unblocking access to the “gambling” URL category?

Options:

Add just the URL www.powerball.com to a Security policy allow rule.

Manually remove powerball.com from the gambling URL category.

Add *.powerball.com to the URL Filtering allow list.

Create a custom URL category, add *.powerball.com to it and allow it in the Security Profile.

Buy Now

Question # 57

Prior to a maintenance-window activity, the administrator would like to make a backup of only the running configuration to an external location.

What command in Device > Setup > Operations would provide the most operationally efficient way to achieve this outcome?

Options:

save named configuration snapshot

export device state

export named configuration snapshot

save candidate config

Buy Now

Question # 58

What must be configured for the firewall to access multiple authentication profiles for external services to authenticate a non-local account?

Options:

authentication sequence

LDAP server profile

authentication server list

authentication list profile

Buy Now

Question # 59

The compliance officer requests that all evasive applications need to be blocked on all perimeter firewalls out to the internet The firewall is configured with two zones;

1. trust for internal networks

2. untrust to the internet

Based on the capabilities of the Palo Alto Networks NGFW, what are two ways to configure a security policy using App-ID to comply with this request? (Choose two )

Options:

Create a deny rule at the top of the policy from trust to untrust with service application-default and add an application filter with the evasive characteristic

Create a deny rule at the top of the policy from trust to untrust over any service and select evasive as the application

Create a deny rule at the top of the policy from trust to untrust with service application-default and select evasive as the application

Create a deny rule at the top of the policy from trust to untrust over any service and add an application filter with the evasive characteristic

Buy Now

Question # 60

In which three places on the PAN-OS interface can the application characteristics be found? (Choose three.)

Options:

Objects tab > Application Filters

Policies tab > Security

ACC tab > Global Filters

Objects tab > Application Groups

Objects tab > Applications

Buy Now

Answer:

A, D, E

Explanation:

The application characteristics can be found in three places on the PAN-OS interface: Objects tab > Application Filters, Objects tab > Application Groups, and Objects tab > Applications. These places allow you to view and manage the applications and application groups that are used in your Security policy rules. You can also create custom applications and application filters based on various attributes, such as category, subcategory, technology, risk, and behavior1. Some of the characteristics of these places are:

Objects tab > Application Filters: An application filter is a dynamic object that groups applications based on specific criteria. You can use an application filter to match multiple applications in a Security policy rule without having to list them individually. For example, you can create an application filter that includes all applications that have a high risk level or use peer-to-peer technology.

Objects tab > Application Groups: An application group is a static object that groups applications based on your custom requirements. You can use an application group to match multiple applications in a Security policy rule without having to list them individually. For example, you can create an application group that includes all applications that are related to a specific business function or project.

Objects tab > Applications: An application is an object that identifies and classifies network traffic based on App-ID, which is a technology that uses multiple attributes to identify applications. You can use an application to match a specific application in a Security policy rule and control its access and behavior. For example, you can use an application to allow web browsing but block file sharing or social networking.

References: Objects, [Application Filters], [Application Groups], [Applications], Updated Certifications for PAN-OS 10.1, Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0) or [Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)].

Question # 61

Which interface type is used to monitor traffic and cannot be used to perform traffic shaping?

Options:

Layer 2

Tap

Layer 3

Virtual Wire

Buy Now

Question # 62

The firewall sends employees an application block page when they try to access Youtube.

Which Security policy rule is blocking the youtube application?

Options:

intrazone-default

Deny Google

allowed-security services

interzone-default

Buy Now

Question # 63

Which statement is true about Panorama managed devices?

Options:

Panorama automatically removes local configuration locks after a commit from Panorama

Local configuration locks prohibit Security policy changes for a Panorama managed device

Security policy rules configured on local firewalls always take precedence

Local configuration locks can be manually unlocked from Panorama

Buy Now

Exam Code: PCNSA

Exam Name: Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)

Last Update: Apr 1, 2025

Questions: 364

PCNSA PDF

$25.5 ~~$84.99~~

Add to Cart

PCNSA Testing Engine

$28.5 ~~$94.99~~

Add to Cart

PCNSA PDF + Testing Engine

$40.5 ~~$134.99~~

Add to Cart

Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

certsboard certification exams

Navigation:

PCNSA Exam Dumps - Paloalto Networks Network Security Administrator Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

PCNSA PDF

PCNSA Testing Engine

PCNSA PDF + Testing Engine

Quick Links

Recently New Released Certification Exams

Site Secure