The latest Palo Alto Networks Certified Network Security Administrator (PCNSA) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Palo Alto Networks Certified Network Security Administrator (PCNSA) exam and earn Palo Alto Networks Certified Network Security Administrator (PCNSA) certification.
Exam Question 31
Which service protects cloud-based applications such as Dropbox and Salesforce by administering permissions and scanning files for sensitive information?
A. Aperture
B. AutoFocus
C. Panorama
D. GlobalProtect
Correct Answer:
A. Aperture
Exam Question 32
An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact and command-and-control (C2) server.
Which security profile components will detect and prevent this threat after the firewall’s signature database has been updated?
A. antivirus profile applied to outbound security policies
B. data filtering profile applied to inbound security policies
C. data filtering profile applied to outbound security policies
D. vulnerability profile applied to inbound security policies
Correct Answer:
C. data filtering profile applied to outbound security policies
Exam Question 33
How often does WildFire release dynamic updates?
A. every 5 minutes
B. every 15 minutes
C. every 60 minutes
D. every 30 minutes
Correct Answer:
A. every 5 minutes
Exam Question 34
What is the minimum frequency for which you can configure the firewall to check for new WildFire antivirus signatures?
A. every 30 minutes
B. every 5 minutes
C. every 24 hours
D. every 1 minute
Correct Answer:
D. every 1 minute
Exam Question 35
Your company has 10 Active Directory domain controllers spread across multiple WAN links. All users authenticate to Active Directory. Each link has substantial network bandwidth to support all mission critical applications. The firewall’s management plane is highly utilized.
Given the scenario, which type of User-ID agent is considered a best practice by Palo Alto Networks?
A. Windows-based agent on a domain controller
B. Captive Portal
C. Citrix terminal server agent with adequate data-plane resources
D. PAN-OS integrated agent
Correct Answer:
A. Windows-based agent on a domain controller
Exam Question 36
What must you configure to enable the firewall to access multiple Authentication Profiles to authenticate a nonlocal account?
A. authentication sequence
B. LDAP server profile
C. authentication server list
D. authentication list profile
Correct Answer:
A. authentication sequence
Exam Question 37
Which interface type uses virtual routers and routing protocols?
A. Tap
B. Layer3
C. Virtual Wire
D. Layer2
Correct Answer:
B. Layer3
Exam Question 38
Which URL Filtering Profile action does not generate a log entry when a user attempts to access a URL?
A. Override
B. Allow
C. Block
D. Continue
Correct Answer:
B. Allow
Exam Question 39
Which Security Profile can provide protection against ICMP floods, based on individual combinations of a packet’s source and destination IP addresses?
A. DoS protection
B. URL filtering
C. packet buffering
D. anti-spyware
Correct Answer:
A. DoS protection
Exam Question 40
Which path in PAN-OS 9.0 displays the list of port-based security policy rules?
A. Policies> Security> Rule Usage> No App Specified
B. Policies> Security> Rule Usage> Port only specified
C. Policies> Security> Rule Usage> Port-based Rules
D. Policies> Security> Rule Usage> Unused Apps
Correct Answer:
C. Policies> Security> Rule Usage> Port-based Rules