The latest Palo Alto Networks Certified Network Security Administrator (PCNSA) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Palo Alto Networks Certified Network Security Administrator (PCNSA) exam and earn Palo Alto Networks Certified Network Security Administrator (PCNSA) certification.
Exam Question 1
A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base.
On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days.
Based on the information, how is the SuperApp traffic affected after the 30 days have passed?
A. All traffic matching the SuperApp_chat, and SuperApp_download is denied because it no longer matches the SuperApp-base application
B. No impact because the apps were automatically downloaded and installed
C. No impact because the firewall automatically adds the rules to the App-ID interface
D. All traffic matching the SuperApp_base, SuperApp_chat, and SuperApp_download is denied until the security administrator approves the applications
Correct Answer:
C. No impact because the firewall automatically adds the rules to the App-ID interface
Exam Question 2
How many zones can an interface be assigned with a Palo Alto Networks firewall?
A. two
B. three
C. four
D. one
Correct Answer:
D. one
Exam Question 3
Which dataplane layer of the graphic shown provides pattern protection for spyware and vulnerability exploits on a Palo Alto Networks Firewall?
A. Signature Matching
B. Network Processing
C. Security Processing
D. Data Interfaces
Correct Answer:
A. Signature Matching
Exam Question 4
Which option shows the attributes that are selectable when setting up application filters?
A. Category, Subcategory, Technology, and Characteristic
B. Category, Subcategory, Technology, Risk, and Characteristic
C. Name, Category, Technology, Risk, and Characteristic
D. Category, Subcategory, Risk, Standard Ports, and Technology
Correct Answer:
B. Category, Subcategory, Technology, Risk, and Characteristic
Exam Question 5
Actions can be set for which two items in a URL filtering security profile? (Choose two.)
A. Block List
B. Custom URL Categories
C. PAN-DB URL Categories
D. Allow List
Correct Answer:
A. Block List
D. Allow List
Exam Question 6
Which two statements are correct about App-ID content updates? (Choose two.)
A. Updated application content might change how Security policy rules are enforced.
B. After an application content update, new applications must be manually classified prior to use.
C. Existing security policy rules are not affected by application content updates.
D. After an application content update, new applications are automatically identified and classified.
Correct Answer:
C. Existing security policy rules are not affected by application content updates.
D. After an application content update, new applications are automatically identified and classified.
Exam Question 7
Which User-ID mapping method should be used for an environment with users that do not authenticate to Active Directory?
A. Windows session monitoring
B. passive server monitoring using the Windows-based agent
C. Captive Portal
D. passive server monitoring using a PAN-OS integrated User-ID agent
Correct Answer:
C. Captive Portal
Exam Question 8
An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?
A. Create an Application Filter and name it Office Programs, then filter it on the business-systems category, office-programs subcategory
B. Create an Application Group and add business-systems to it
C. Create an Application Filter and name it Office Programs, then filter it on the business-systems category
D. Create an Application Group and add Office 365, Evernote, Google Docs, and Libre Office
Correct Answer:
B. Create an Application Group and add business-systems to it
Exam Question 9
Employees are shown an application block page when they try to access YouTube. Which security policy is blocking the YouTube application?
A. intrazone-default
B. Deny Google
C. allowed-security services
D. interzone-default
Correct Answer:
D. interzone-default
Exam Question 10
Choose the option that correctly completes this statement. A Security Profile can block or allow traffic ____________.
A. on either the data place or the management plane.
B. after it is matched by a security policy rule that allows traffic.
C. before it is matched to a Security policy rule.
D. after it is matched by a security policy rule that allows or blocks traffic.
Correct Answer:
D. after it is matched by a security policy rule that allows or blocks traffic.