The latest Palo Alto Networks Certified Network Security Administrator (PCNSA) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Palo Alto Networks Certified Network Security Administrator (PCNSA) exam and earn Palo Alto Networks Certified Network Security Administrator (PCNSA) certification.
Exam Question 41
Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks Firewall? (Choose two.)
A. Layer-ID
B. User-ID
C. QoS-ID
D. App-ID
Correct Answer:
B. User-ID
D. App-ID
Exam Question 42
Which path is used to save and load a configuration with a Palo Alto Networks firewall?
A. Device>Setup>Services
B. Device>Setup>Management
C. Device>Setup>Operations
D. Device>Setup>Interfaces
Correct Answer:
C. Device>Setup>Operations
Exam Question 43
Which action related to App-ID updates will enable a security administrator to view the existing security policy rule that matches new application signatures?
A. Review Policies
B. Review Apps
C. Pre-analyze
D. Review App Matches
Correct Answer:
A. Review Policies
Exam Question 44
Which data flow direction is protected in a zero-trust firewall deployment that is not protected in a perimeteronly firewall deployment?
A. north-south
B. inbound
C. outbound
D. east-west
Correct Answer:
D. east-west
Exam Question 45
Which definition describes the guiding principle of the zero-trust architecture?
A. trust, but verify
B. always connect and verify
C. never trust, never connect
D. never trust, always verify
Correct Answer:
D. never trust, always verify
Exam Question 46
All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone.
Complete the two empty fields in the Security policy rules that permits only this type of access.
Source Zone: Internal
Destination Zone: DMZ Zone
Application: _________?
Service: ____________?
Action: allow
(Choose two.)
A. Service = “application-default”
B. Service = “service-telnet”
C. Application = “Telnet”
D. Application = “any”
Correct Answer:
A. Service = “application-default”
C. Application = “Telnet”
Exam Question 47
In which profile should you configure the DNS Security feature?
A. Anti-Spyware Profile
B. Zone Protection Profile
C. Antivirus Profile
D. URL Filtering Profile
Correct Answer:
A. Anti-Spyware Profile
Exam Question 48
Which two statements are true for the DNS Security service introduced in PAN-OS version 9.0? (Choose two.)
A. It is automatically enabled and configured.
B. It eliminates the need for dynamic DNS updates.
C. It functions like PAN-DB and requires activation through the app portal.
D. It removes the 100K limit for DNS entries for the downloaded DNS updates.
Correct Answer:
A. It is automatically enabled and configured.
B. It eliminates the need for dynamic DNS updates.
Exam Question 49
You must configure which firewall feature to enable a data-plane interface to submit DNS queries on behalf of the control plane?
A. virtual router
B. Admin Role profile
C. DNS proxy
D. service route
Correct Answer:
C. DNS proxy
Exam Question 50
Which component provides network security for mobile endpoints by inspecting traffic routed through gateways?
A. Prisma SaaS
B. GlobalProtect
C. AutoFocus
D. Panorama
Correct Answer:
A. Prisma SaaS