Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

PCNSA Exam Dumps - Paloalto Networks Network Security Administrator Questions and Answers

Question # 64

Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping.

What is the quickest way to reset the hit counter to zero in all the security policy rules?

Options:

A.

At the CLI enter the command reset rules and press Enter

B.

Highlight a rule and use the Reset Rule Hit Counter > Selected Rules for each rule

C.

Reboot the firewall

D.

Use the Reset Rule Hit Counter > All Rules option

Buy Now
Question # 65

Which feature must be configured to enable a data plane interface to submit DNS queries originated from the firewall on behalf of the control plane?

Options:

A.

Service route

B.

Admin role profile

C.

DNS proxy

D.

Virtual router

Buy Now
Question # 66

Which prevention technique will prevent attacks based on packet count?

Options:

A.

zone protection profile

B.

URL filtering profile

C.

antivirus profile

D.

vulnerability profile

Buy Now
Question # 67

Based on the screenshot presented which column contains the link that when clicked opens a window to display all applications matched to the policy rule?

Options:

A.

Apps Allowed

B.

Name

C.

Apps Seen

D.

Service

Buy Now
Question # 68

What must first be created on the firewall for SAML authentication to be configured?

Options:

A.

Server Policy

B.

Server Profile

C.

Server Location

D.

Server Group

Buy Now
Question # 69

Which two statements are true for the DNS security service introduced in PAN-OS version 10.0?

Options:

A.

It functions like PAN-DB and requires activation through the app portal.

B.

It removes the 100K limit for DNS entries for the downloaded DNS updates.

C.

IT eliminates the need for dynamic DNS updates.

D.

IT is automatically enabled and configured.

Buy Now
Question # 70

Users from the internal zone need to be allowed to Telnet into a server in the DMZ zone.

Complete the security policy to ensure only Telnet is allowed.

Security Policy: Source Zone: Internal to DMZ Zone __________services “Application defaults”, and action = Allow

Options:

A.

Destination IP: 192.168.1.123/24

B.

Application = ‘Telnet’

C.

Log Forwarding

D.

USER-ID = ‘Allow users in Trusted’

Buy Now
Question # 71

Match each rule type with its example

Options:

Buy Now
Question # 72

Given the cyber-attack lifecycle diagram identify the stage in which the attacker can run malicious code against a vulnerability in a targeted machine.

Options:

A.

Exploitation

B.

Installation

C.

Reconnaissance

D.

Act on the Objective

Buy Now
Question # 73

An administrator would like to override the default deny action for a given application and instead would like to block the traffic and send the ICMP code "communication with the destination is administratively prohibited"

Which security policy action causes this?

Options:

A.

Drop

B.

Drop, send ICMP Unreachable

C.

Reset both

D.

Reset server

Buy Now
Exam Code: PCNSA
Exam Name: Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)
Last Update: Apr 1, 2025
Questions: 364
PCNSA pdf

PCNSA PDF

$25.5  $84.99
PCNSA Engine

PCNSA Testing Engine

$28.5  $94.99
PCNSA PDF + Engine

PCNSA PDF + Testing Engine

$40.5  $134.99