2021 Latest Palo Alto Networks PCNSA Real Exam Dumps PDF [Q99-Q116]

2021 Latest Palo Alto Networks PCNSA Real Exam Dumps PDF

PCNSA Exam Dumps, PCNSA Practice Test Questions

NEW QUESTION 99
Match the network device with the correct User-ID technology.

Answer:

Explanation:

Explanation
Microsoft Exchange - Server monitoring
Linux authentication - syslog monitoring
Windows Client - client probing
Citrix client - Terminal Services agent

NEW QUESTION 100
A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone. What configuration-changes should the Firewall-admin make?

A. Create a custom-service-object called SERVICE-SSH for destination-port-TCP-22. Create a security-rule between zone USERS and OUTSIDE to allow traffic from any source IP-address to any destination IP- address for SERVICE-SSH
B. In addition to option a, a custom-service-object called SERVICE-SSH-RETURN that contains source-port- TCP-22 should be created. A second security-rule is required that allows traffic from zone OUTSIDE to USERS for SERVICE-SSH-RETURN for any source-IP-address to any destination-Ip-address
C. In addition to option c, an additional rule from zone OUTSIDE to USERS for application SSH from any source-IP-address to any destination-IP-address is required to allow the return-traffic from the SSH-servers to reach the server-admin
D. Create a security-rule that allows traffic from zone USERS to OUTSIDE to allow traffic from any source IP- address to any destination IP-address for application SSH

Answer: D

Explanation:
Explanation/Reference:

NEW QUESTION 101
Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping.
What is the quickest way to reset the hit counter to zero in all the security policy rules?

A. Use the Reset Rule Hit Counter > All Rules option
B. Reboot the firewall
C. At the CLI enter the command reset rules and press Enter
D. Highlight a rule and use the Reset Rule Hit Counter > Selected Rules for each rule

Answer: A

Explanation:
References:

NEW QUESTION 102
Which user mapping method could be used to discover user IDs in an environment with multiple Windows domain controllers?

A. Windows client probing
B. domain controller monitoring
C. Active Directory monitoring
D. Windows session monitoring

Answer: C

NEW QUESTION 103
Arrange the correct order that the URL classifications are processed within the system.

Answer:

Explanation:

NEW QUESTION 104
Arrange the correct order that the URL classifications are processed within the system.

Answer:

Explanation:

Explanation
First - Block List
Second - Allow List
Third - Custom URL Categories
Fourth - External Dynamic Lists
Fifth - Downloaded PAN-DB Files
Sixth - PAN-DB Cloud

NEW QUESTION 105
Which Palo Alto Networks firewall security platform provides network security for mobile endpoints by inspecting traffic deployed as internet gateways?

A. GlobalProtect
B. Aperture
C. Panorama
D. AutoFocus

Answer: A

NEW QUESTION 106
Which two configuration settings shown are not the default? (Choose two.)

A. Enable Session
B. Enable Probing
C. Enable Security Log
D. Server Log Monitor Frequency (sec)

Answer: A,D

Explanation:
Explanation/Reference:
Reference: https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-web-interface-help/user-identification/ device-user-identification-user-mapping/enable-server-monitoring

NEW QUESTION 107
Which two firewall components enable you to configure SYN flood protection thresholds? (Choose two.)

A. DoS Protection policy
B. DoS Protection profile
C. Zone Protection profile
D. QoS profile

Answer: B,C

NEW QUESTION 108
All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone. Complete the two empty fields in the Security Policy rules that permits only this type of access.

Choose two.

A. Application = "any"
B. Service = "any"
C. Application = "Telnet"
D. Service - "application-default"

Answer: C,D

NEW QUESTION 109
Palo Alto Networks firewall architecture accelerates content map minimizing latency using which two components'? (Choose two )

A. Parallel Processing Hardware
B. Single Stream-based Engine
C. Policy Engine
D. Network Processing Engine

Answer: B

NEW QUESTION 110
Place the following steps in the packet processing order of operations from first to last.

Answer:

Explanation:

NEW QUESTION 111
What is an advantage for using application tags?

A. They are helpful during the creation of new zones
B. They help with the creation of interfaces
C. They help with the design of IP address allocations in DHCP.
D. They help content updates automate policy updates

Answer: D

NEW QUESTION 112
Which action results in the firewall blocking network traffic with out notifying the sender?

A. Reset Server
B. Reset Client
C. Deny
D. Drop

Answer: D

NEW QUESTION 113
Which two configuration settings shown are not the default? (Choose two.)

A. Enable Session
B. Enable Probing
C. Enable Security Log
D. Server Log Monitor Frequency (sec)

Answer: A,D

Explanation:
Explanation
References:

NEW QUESTION 114
Match the Cyber-Attack Lifecycle stage to its correct description.

Answer:

Explanation:

Explanation
Reconnaissance - stage where the attacker scans for network vulnerabilities and services that can be exploited.
Installation - stage where the attacker will explore methods such as a root kit to establish persistence Command and Control - stage where the attacker has access to a specific server so they can communicate and pass data to and from infected devices within a network.
Act on the Objective - stage where an attacker has motivation for attacking a network to deface web property

NEW QUESTION 115
Given the network diagram, traffic should be permitted for both Trusted and Guest users to access general Internet and DMZ servers using SSH. web-browsing and SSL applications Which policy achieves the desired results?
A)

B)

C)

D)