Palo Alto Networks Certified Network Security Administrator (PCNSA) Exam Questions and Answers

The latest Palo Alto Networks Certified Network Security Administrator (PCNSA) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Palo Alto Networks Certified Network Security Administrator (PCNSA) exam and earn Palo Alto Networks Certified Network Security Administrator (PCNSA) certification.

Exam Question 51

For the firewall to use Active Directory to authenticate users, which Server Profile is required in the Authentication Profile?

A. TACACS+
B. RADIUS
C. LDAP
D. SAML
Correct Answer:
C. LDAP

Exam Question 52

Which operations are allowed when working with App-ID application tags?

A. Predefined tags may be deleted.
B. Predefined tags may be augmented by custom tags.
C. Predefined tags may be modified.
D. Predefined tags may be updated by WildFire dynamic updates.
Correct Answer:
C. Predefined tags may be modified.

Exam Question 53

Which type of administrative role must you assign to a firewall administrator account, if the account must include a custom set of firewall permissions?

A. Role-based
B. Multi-Factor Authentication
C. Dynamic
D. SAML
Correct Answer:
A. Role-based

Exam Question 54

Which statement is true regarding a Heatmap report?

A. When guided by authorized sales engineer, it helps determine the areas of greatest security risk
B. It runs only on firewalls.
C. It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture.
D. It provides a percentage of adoption for each assessment area.
Correct Answer:
D. It provides a percentage of adoption for each assessment area.

Exam Question 55

Based on the screenshot presented, which column contains the link that when clicked, opens a window to display all applications matched to the policy rule?

Based on the screenshot presented, which column contains the link that when clicked, opens a window to display all applications matched to the policy rule?

A. Apps Allowed
B. Service
C. Name
D. Apps Seen
Correct Answer:
C. Name

Exam Question 56

Access to which feature requires the PAN-OS Filtering license?

A. PAN-DB database
B. DNS Security
C. Custom URL categories
D. URL external dynamic lists
Correct Answer:
A. PAN-DB database

Exam Question 57

Based on the screenshot, what is the purpose of the Included Groups?

Based on the screenshot, what is the purpose of the Included Groups?

A. They are groups that are imported from RADIUS authentication servers.
B. They are the only groups visible based on the firewall’s credentials.
C. They contain only the users you allow to manage the firewall.
D. They are used to map users to groups.
Correct Answer:
D. They are used to map users to groups.

Exam Question 58

Which action results in the firewall blocking network traffic without notifying the sender?

A. Drop
B. Deny
C. Reset Server
D. Reset Client
Correct Answer:
B. Deny

Exam Question 59

Which type of administrator account cannot be used to authenticate user traffic flowing through the firewall’s data plane?

A. Kerberos user
B. SAML user
C. local database user
D. local user
Correct Answer:
B. SAML user

Exam Question 60

How frequently can WildFire updates be made available to firewalls?

A. every 15 minutes
B. every 30 minutes
C. every 60 minutes
D. every 5 minutes
Correct Answer:
D. every 5 minutes