Palo Alto Networks Certified Network Security Administrator (PCNSA) Exam Questions and Answers

The latest Palo Alto Networks Certified Network Security Administrator (PCNSA) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Palo Alto Networks Certified Network Security Administrator (PCNSA) exam and earn Palo Alto Networks Certified Network Security Administrator (PCNSA) certification.

Exam Question 61

Starting with PAN-OS version 9.1, which new type of object is supported for use within the User field of a Security policy rule?

A. remote username
B. dynamic user group
C. static user group
D. local username
Correct Answer:
B. dynamic user group

Exam Question 62

Which link in the web interface enables a security administrator to view the Security policy rules that match new application signatures?

A. Review App Matches
B. Review Apps
C. Pre-analyze
D. Review Policies
Correct Answer:
D. Review Policies

Exam Question 63

At which point in the App-ID update process can you determine if an existing policy rule is affected by an App-ID update?

A. after clicking Check Now in the Dynamic Update window
B. after committing the firewall configuration
C. after installing the update
D. after downloading the update
Correct Answer:
D. after downloading the update

Exam Question 64

You receive notification about a new malware that infects hosts. An infection results in the infected host attempting to contact a command-and-control server.
Which Security Profile detects and prevents this threat from establishing a command-and-control connection?

A. Vulnerability Protection Profile applied to outbound Security policy rules.
B. Anti-Spyware Profile applied to outbound security policies.
C. Antivirus Profile applied to outbound Security policy rules
D. Data Filtering Profile applied to outbound Security policy rules.
Correct Answer:
B. Anti-Spyware Profile applied to outbound security policies.

Exam Question 65

The PowerBall Lottery has reached an unusually high value this week. Your company has decided to raise morale by allowing employees to access the PowerBall Lottery website (www.powerball.com) for just this week.
However, the company does not want employees to access any other websites also listed in the URL filtering “gambling” category.
Which method allows the employees to access the PowerBall Lottery website but without unblocking access to the “gambling” URL category?

A. Add just the URL www.powerball.com to a Security policy allow rule.
B. Manually remove powerball.com from the gambling URL category.
C. Add *.powerball.com to the URL Filtering allow list.
D. Create a custom URL category, add *.powerball.com to it and allow it in the Security Profile.
Correct Answer:
C. Add *.powerball.com to the URL Filtering allow list.
D. Create a custom URL category, add *.powerball.com to it and allow it in the Security Profile.

Exam Question 66

Which Palo Alto Networks service protects cloud-based applications such as Dropbox and Salesforce by monitoring permissions and shares and scanning files for sensitive information?

A. Prisma SaaS
B. AutoFocus
C. Panorama
D. GlobalProtect
Correct Answer:
A. Prisma SaaS

Exam Question 67

In a Security policy, what is the quickest way to reset all policy rule hit counters to zero?

A. Highlight each rule and use the Reset Rule Hit Counter > Selected Rules
B. Reboot the firewall
C. Use the Reset Rule Hit Counter > All Rules option
D. Use the CLI enter the command reset rules all
Correct Answer:
C. Use the Reset Rule Hit Counter > All Rules option

Exam Question 68

Which plane on a Palo Alto Networks Firewall provides configuration, logging, and reporting functions on a separate processor?

A. management
B. network processing
C. data
D. security processing
Correct Answer:
A. management

Exam Question 69

Which statement is true regarding a Best Practice Assessment?

A. The BPA tool can be run only on firewalls
B. It provides a percentage of adoption for each assessment area
C. The assessment, guided by an experienced sales engineer, helps determine the areas of greatest risk where you should focus prevention activities
D. It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture
Correct Answer:
B. It provides a percentage of adoption for each assessment area

Exam Question 70

Which two App-ID applications will you need to allow in your Security policy to use facebook-chat? (Choose two.)

A. facebook
B. facebook-chat
C. facebook-base
D. facebook-email
Correct Answer:

B. facebook-chat
C. facebook-base