The latest Palo Alto Networks Certified Network Security Administrator (PCNSA) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Palo Alto Networks Certified Network Security Administrator (PCNSA) exam and earn Palo Alto Networks Certified Network Security Administrator (PCNSA) certification.
Exam Question 51
For the firewall to use Active Directory to authenticate users, which Server Profile is required in the Authentication Profile?
A. TACACS+
B. RADIUS
C. LDAP
D. SAML
Correct Answer:
C. LDAP
Exam Question 52
Which operations are allowed when working with App-ID application tags?
A. Predefined tags may be deleted.
B. Predefined tags may be augmented by custom tags.
C. Predefined tags may be modified.
D. Predefined tags may be updated by WildFire dynamic updates.
Correct Answer:
C. Predefined tags may be modified.
Exam Question 53
Which type of administrative role must you assign to a firewall administrator account, if the account must include a custom set of firewall permissions?
A. Role-based
B. Multi-Factor Authentication
C. Dynamic
D. SAML
Correct Answer:
A. Role-based
Exam Question 54
Which statement is true regarding a Heatmap report?
A. When guided by authorized sales engineer, it helps determine the areas of greatest security risk
B. It runs only on firewalls.
C. It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture.
D. It provides a percentage of adoption for each assessment area.
Correct Answer:
D. It provides a percentage of adoption for each assessment area.
Exam Question 55
Based on the screenshot presented, which column contains the link that when clicked, opens a window to display all applications matched to the policy rule?
A. Apps Allowed
B. Service
C. Name
D. Apps Seen
Correct Answer:
C. Name
Exam Question 56
Access to which feature requires the PAN-OS Filtering license?
A. PAN-DB database
B. DNS Security
C. Custom URL categories
D. URL external dynamic lists
Correct Answer:
A. PAN-DB database
Exam Question 57
Based on the screenshot, what is the purpose of the Included Groups?
A. They are groups that are imported from RADIUS authentication servers.
B. They are the only groups visible based on the firewall’s credentials.
C. They contain only the users you allow to manage the firewall.
D. They are used to map users to groups.
Correct Answer:
D. They are used to map users to groups.
Exam Question 58
Which action results in the firewall blocking network traffic without notifying the sender?
A. Drop
B. Deny
C. Reset Server
D. Reset Client
Correct Answer:
B. Deny
Exam Question 59
Which type of administrator account cannot be used to authenticate user traffic flowing through the firewall’s data plane?
A. Kerberos user
B. SAML user
C. local database user
D. local user
Correct Answer:
B. SAML user
Exam Question 60
How frequently can WildFire updates be made available to firewalls?
A. every 15 minutes
B. every 30 minutes
C. every 60 minutes
D. every 5 minutes
Correct Answer:
D. every 5 minutes