Palo Alto Networks Certified Network Security Administrator (PCNSA) Exam Questions and Answers

The latest Palo Alto Networks Certified Network Security Administrator (PCNSA) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Palo Alto Networks Certified Network Security Administrator (PCNSA) exam and earn Palo Alto Networks Certified Network Security Administrator (PCNSA) certification.

Exam Question 41

Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks Firewall? (Choose two.)

A. Layer-ID
B. User-ID
C. QoS-ID
D. App-ID
Correct Answer:
B. User-ID
D. App-ID

Exam Question 42

Which path is used to save and load a configuration with a Palo Alto Networks firewall?

A. Device>Setup>Services
B. Device>Setup>Management
C. Device>Setup>Operations
D. Device>Setup>Interfaces
Correct Answer:
C. Device>Setup>Operations

Exam Question 43

Which action related to App-ID updates will enable a security administrator to view the existing security policy rule that matches new application signatures?

A. Review Policies
B. Review Apps
C. Pre-analyze
D. Review App Matches
Correct Answer:
A. Review Policies

Exam Question 44

Which data flow direction is protected in a zero-trust firewall deployment that is not protected in a perimeteronly firewall deployment?

A. north-south
B. inbound
C. outbound
D. east-west
Correct Answer:
D. east-west

Exam Question 45

Which definition describes the guiding principle of the zero-trust architecture?

A. trust, but verify
B. always connect and verify
C. never trust, never connect
D. never trust, always verify
Correct Answer:
D. never trust, always verify

Exam Question 46

All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone.
Complete the two empty fields in the Security policy rules that permits only this type of access.
Source Zone: Internal
Destination Zone: DMZ Zone
Application: _________?
Service: ____________?
Action: allow
(Choose two.)

A. Service = “application-default”
B. Service = “service-telnet”
C. Application = “Telnet”
D. Application = “any”
Correct Answer:
A. Service = “application-default”
C. Application = “Telnet”

Exam Question 47

In which profile should you configure the DNS Security feature?

A. Anti-Spyware Profile
B. Zone Protection Profile
C. Antivirus Profile
D. URL Filtering Profile
Correct Answer:
A. Anti-Spyware Profile

Exam Question 48

Which two statements are true for the DNS Security service introduced in PAN-OS version 9.0? (Choose two.)

A. It is automatically enabled and configured.
B. It eliminates the need for dynamic DNS updates.
C. It functions like PAN-DB and requires activation through the app portal.
D. It removes the 100K limit for DNS entries for the downloaded DNS updates.
Correct Answer:
A. It is automatically enabled and configured.
B. It eliminates the need for dynamic DNS updates.

Exam Question 49

You must configure which firewall feature to enable a data-plane interface to submit DNS queries on behalf of the control plane?

A. virtual router
B. Admin Role profile
C. DNS proxy
D. service route
Correct Answer:
C. DNS proxy

Exam Question 50

Which component provides network security for mobile endpoints by inspecting traffic routed through gateways?

A. Prisma SaaS
B. GlobalProtect
C. AutoFocus
D. Panorama
Correct Answer:
A. Prisma SaaS