Palo Alto Networks Certified Network Security Administrator (PCNSA) Exam Questions and Answers

The latest Palo Alto Networks Certified Network Security Administrator (PCNSA) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Palo Alto Networks Certified Network Security Administrator (PCNSA) exam and earn Palo Alto Networks Certified Network Security Administrator (PCNSA) certification.

Exam Question 71

Based on the security policy rules shown, ssh will be allowed on which port?

Based on the security policy rules shown, ssh will be allowed on which port?

A. 80
B. 53
C. 22
D. 23
Correct Answer:
C. 22

Exam Question 72

An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?

An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity.

A. branch office traffic
B. north-south traffic
C. perimeter traffic
D. east-west traffic
Correct Answer:
D. east-west traffic

Exam Question 73

To use Active Directory to authenticate administrators, which server profile is required in the authentication profile?

A. domain controller
B. TACACS+
C. LDAP
D. RADIUS
Correct Answer:
C. LDAP

Exam Question 74

Which interface type is used to monitor traffic and cannot be used to perform traffic shaping?

A. Layer 2
B. Tap
C. Layer 3
D. Virtual Wire
Correct Answer:
B. Tap

Exam Question 75

Which administrator type utilizes predefined roles for a local administrator account?

A. Superuser
B. Role-based
C. Dynamic
D. Device administrator
Correct Answer:
C. Dynamic

Exam Question 76

Which two security profile types can be attached to a security policy? (Choose two.)

A. antivirus
B. DDoS protection
C. threat
D. vulnerability
Correct Answer:
A. antivirus
D. vulnerability

Exam Question 77

Which user mapping method could be used to discover user IDs in an environment with multiple Windows domain controllers?

A. Active Directory monitoring
B. Windows session monitoring
C. Windows client probing
D. domain controller monitoring
Correct Answer:
A. Active Directory monitoring

Exam Question 78

Which three statements describe the operation of Security policy rules and Security Profiles? (Choose three.)

A. Security policy rules are attached to Security Profiles.
B. Security Profiles are attached to Security policy rules.
C. Security Profiles should be used only on allowed traffic.
D. Security policy rules inspect but do not block traffic.
E. Security policy rules can block or allow traffic.
Correct Answer:
A. Security policy rules are attached to Security Profiles.
B. Security Profiles are attached to Security policy rules.
C. Security Profiles should be used only on allowed traffic.

Exam Question 79

Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can run malicious code against a targeted machine.

Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can run malicious code against a targeted machine.

A. Exploitation
B. Installation
C. Reconnaissance
D. Act on Objective
Correct Answer:
A. Exploitation

Exam Question 80

In the example security policy shown, which two websites would be blocked? (Choose two.)

In the example security policy shown, which two websites would be blocked? (Choose two.)

A. LinkedIn
B. Facebook
C. YouTube
D. Amazon
Correct Answer:
A. LinkedIn
B. Facebook