Palo Alto Networks Certified Network Security Administrator (PCNSA) Exam Questions and Answers

The latest Palo Alto Networks Certified Network Security Administrator (PCNSA) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Palo Alto Networks Certified Network Security Administrator (PCNSA) exam and earn Palo Alto Networks Certified Network Security Administrator (PCNSA) certification.

Exam Question 31

Which service protects cloud-based applications such as Dropbox and Salesforce by administering permissions and scanning files for sensitive information?

A. Aperture
B. AutoFocus
C. Panorama
D. GlobalProtect
Correct Answer:
A. Aperture

Exam Question 32

An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact and command-and-control (C2) server.
Which security profile components will detect and prevent this threat after the firewall’s signature database has been updated?

A. antivirus profile applied to outbound security policies
B. data filtering profile applied to inbound security policies
C. data filtering profile applied to outbound security policies
D. vulnerability profile applied to inbound security policies
Correct Answer:
C. data filtering profile applied to outbound security policies

Exam Question 33

How often does WildFire release dynamic updates?

A. every 5 minutes
B. every 15 minutes
C. every 60 minutes
D. every 30 minutes
Correct Answer:
A. every 5 minutes

Exam Question 34

What is the minimum frequency for which you can configure the firewall to check for new WildFire antivirus signatures?

A. every 30 minutes
B. every 5 minutes
C. every 24 hours
D. every 1 minute
Correct Answer:
D. every 1 minute

Exam Question 35

Your company has 10 Active Directory domain controllers spread across multiple WAN links. All users authenticate to Active Directory. Each link has substantial network bandwidth to support all mission critical applications. The firewall’s management plane is highly utilized.
Given the scenario, which type of User-ID agent is considered a best practice by Palo Alto Networks?

A. Windows-based agent on a domain controller
B. Captive Portal
C. Citrix terminal server agent with adequate data-plane resources
D. PAN-OS integrated agent
Correct Answer:
A. Windows-based agent on a domain controller

Exam Question 36

What must you configure to enable the firewall to access multiple Authentication Profiles to authenticate a nonlocal account?

A. authentication sequence
B. LDAP server profile
C. authentication server list
D. authentication list profile
Correct Answer:
A. authentication sequence

Exam Question 37

Which interface type uses virtual routers and routing protocols?

A. Tap
B. Layer3
C. Virtual Wire
D. Layer2
Correct Answer:
B. Layer3

Exam Question 38

Which URL Filtering Profile action does not generate a log entry when a user attempts to access a URL?

A. Override
B. Allow
C. Block
D. Continue
Correct Answer:
B. Allow

Exam Question 39

Which Security Profile can provide protection against ICMP floods, based on individual combinations of a packet’s source and destination IP addresses?

A. DoS protection
B. URL filtering
C. packet buffering
D. anti-spyware
Correct Answer:
A. DoS protection

Exam Question 40

Which path in PAN-OS 9.0 displays the list of port-based security policy rules?

A. Policies> Security> Rule Usage> No App Specified
B. Policies> Security> Rule Usage> Port only specified
C. Policies> Security> Rule Usage> Port-based Rules
D. Policies> Security> Rule Usage> Unused Apps
Correct Answer:
C. Policies> Security> Rule Usage> Port-based Rules