Share Palo Alto Networks PCNSA exam practice questions and answers from Lead4Pass latest updated PCNSA dumps free of charge.
Get the latest uploaded PCNSA dumps pdf from google driver online. To get the full Palo Alto Networks PCNSA dumps PDF or dumps
VCE visit: https://www.leads4pass.com/pcnsa.html (Q&As: 121). all Palo Alto Networks PCNSA exam questions have been updated, the answer has been corrected!
Make sure your exam questions are real and effective to help you pass your first exam!

Certification – Palo Alto Networks – website: https://www.paloaltonetworks.com/services/education/certification

[Palo Alto Networks PCNSA Dumps pdf] Latest Palo Alto Networks PCNSA Dumps PDF collected by Lead4pass Google Drive:
https://drive.google.com/file/d/1FuqX0d3UXkiH33WaF35a5uBfS68OVUBw/

[Palo Alto Networks PCNSA Youtube] Palo Alto Networks PCNSA exam questions and answers are shared free of charge from Youtube watching uploads from Lead4pass.

https://youtube.com/watch?v=OvLsxE3Q2zY

Latest Update Palo Alto Networks PCNSA Exam Practice Questions and Answers Online Test

QUESTION 1
Which three configuration settings are required on a Palo Alto Networks firewall management interface?
A. default gateway
B. netmask
C. IP address
D. hostname
E. auto-negotiation
Correct Answer: ABC

 

QUESTION 2
Which type of security policy rule would match traffic flowing between the inside zone and outside zone within the inside
zone and within the outside zone?
A. global
B. universal
C. intrazone
D. interzone
Correct Answer: B

 

QUESTION 3
A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud
environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone.
What configuration-changes should the Firewall-admin make?
A. Create a custom-service-object called SERVICE-SSH for destination-port-TCP-22. Create a security-rule between
zone USERS and OUTSIDE to allow traffic from any source IP-address to any destination IP-address for SERVICES
B. Create a security-rule that allows traffic from zone USERS to OUTSIDE to allow traffic from any source IP-address to
any destination IP-address for application SSH
C. In addition to option a, a custom-service-object called SERVICE-SSH-RETURN that contains source-port-TCP-22
should be created. A second security-rule is required that allows traffic from zone OUTSIDE to USERS for SERVICESSHRETURN for any source-IP-address to any destination-Ip-address
D. In addition to option c, an additional rule from zone OUTSIDE to USERS for application SSH from any source-IP address to any destination-IP-address is required to allow the return-traffic from the SSH-servers to reach the server admin
Correct Answer: B

 

QUESTION 4
Given the scenario, which two statements are correct regarding multiple static default routes? (Choose two.)[2021.1] lead4pass pcnsa practice test q4

A. Path monitoring does not determine if the route is useable
B. Route with the highest metric is actively used
C. Path monitoring determines if the route is useable
D. Route with the lowest metric is actively used
Correct Answer: CD

 

QUESTION 5
Given the topology, which zone type should zone A and zone B to be configured with?[2021.1] lead4pass pcnsa practice test q5

A. Layer3
B. Tap
C. Layer2
D. Virtual Wire
Correct Answer: A

 

QUESTION 6
Which protocol used to map usernames to user groups when user-ID is configured?
A. SAML
B. RADIUS
C. TACACS+
D. LDAP
Correct Answer: D

 

QUESTION 7
What do dynamic user groups you to do?
A. create a QoS policy that provides auto-remediation for anomalous user behavior and malicious activity
B. create a policy that provides auto-sizing for anomalous user behavior and malicious activity
C. create a policy that provides auto-remediation for anomalous user behavior and malicious activity
D. create a dynamic list of firewall administrators
Correct Answer: D

 

QUESTION 8
Which action related to App-ID updates will enable a security administrator to view the existing security policy rule that
matches new application signatures?
A. Review Policies
B. Review Apps
C. Pre-analyze
D. Review App Matches
Correct Answer: A
Reference: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/manage-new-app-ids-introduced-incontent-releases/review-new-app-id-impact-on-existing-policy-rules

 

QUESTION 9
Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can initiate malicious code against a
targeted machine.[2021.1] lead4pass pcnsa practice test q9

A. Exploitation
B. Installation
C. Reconnaissance
D. Act on Objective
Correct Answer: A

 

QUESTION 10
Users from the internal zone need to be allowed to Telnet into a server in the DMZ zone.
Complete the security policy to ensure only Telnet is allowed.
Security Policy: Source Zone: Internal to DMZ Zone __________services “Application defaults”, and action = Allow
A. Destination IP: 192.168.1.123/24
B. Application = `Telnet\\’
C. Log Forwarding
D. USER-ID = `Allow users in Trusted\\’
Correct Answer: B

 

QUESTION 11
Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks
Firewall? (Choose two.)
A. Layer-ID
B. User-ID
C. QoS-ID
D. App-ID
Correct Answer: BD
Reference: http://www.firewall.cx/networking-topics/firewalls/palo-alto-firewalls/1152-palo-alto-firewall-single-passparallel-processing-hardware-architecture.html

 

QUESTION 12
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a
packet`s source and destination IP address?
A. DoS protection
B. URL filtering
C. packet buffering
D. anti-spyware
Correct Answer: A

 

QUESTION 13
How is the hit count reset on a rule?
A. select a security policy rule, right-click Hit Count > Reset
B. with a data plane reboot
C. Device > Setup > Logging and Reporting Settings > Reset Hit Count
D. in the CLI, type command reset hitcount
Correct Answer: A


For the full Palo Alto Networks PCNSA exam dumps from Lead4pass PCNSA Dumps pdf or Dumps VCE visit: https://www.leads4pass.com/pcnsa.html (Q&As: 121 dumps)

ps.
Get free Palo Alto Networks PCNSA dumps PDF online: https://drive.google.com/file/d/1FuqX0d3UXkiH33WaF35a5uBfS68OVUBw/

Related Posts