Palo Alto Networks PCNSA Palo Alto Networks Certified Network Security Administrator Online Training
Palo Alto Networks PCNSA Online Training
The questions for PCNSA were last updated at Nov 23,2024.
- Exam Code: PCNSA
- Exam Name: Palo Alto Networks Certified Network Security Administrator
- Certification Provider: Palo Alto Networks
- Latest update: Nov 23,2024
How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?
- A . Disable automatic updates during weekdays
- B . Automatically "download and install" but with the "disable new applications" option used
- C . Automatically "download only" and then install Applications and Threats later, after the administrator approves the update
- D . Configure the option for "Threshold"
D
Explanation:
Schedule content updates so that they download-and-install automatically. Then, set a Threshold that determines the amount of time the firewall waits before installing the latest content. In a mission-critical network, schedule up to a 48 hour threshold. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/software-and-content-updates/best-practices-for-app-and-threat-content-updates/best-practices-mission-critical#id184AH00L078
How would a Security policy need to be written to allow outbound traffic using Secure Shell (SSH) to destination ports tcp/22 and tcp/4422?
- A . The admin creates a custom service object named "tcp-4422" with port tcp/4422.
The admin then creates a Security policy allowing application "ssh" and service "tcp-4422". - B . The admin creates a custom service object named "tcp-4422" with port tcp/4422.
The admin then creates a Security policy allowing application "ssh", service "tcp-4422", and service "application-default". - C . The admin creates a custom service object named "tcp-4422" with port tcp/4422. The admin also creates a custom service object named "tcp-22" with port tcp/22.
The admin then creates a Security policy allowing application "ssh", service "tcp-4422", and service "tcp-22". - D . The admin creates a Security policy allowing application "ssh" and service "application-default".
C
Explanation:
If you select application default, you will not add other service.
In which threat profile object would you configure the DNS Security service?
- A . Antivirus
- B . Anti-Spyware
- C . WildFire
- D . URL Filtering
B
Explanation:
https://docs.paloaltonetworks.com/dns-security/administration/configure-dns-security/enable-dns-security#:~:text=To%20enable%20DNS%20Security%2C%20you,to%20a%20security%20policy%20rule.
In which threat profile object would you configure the DNS Security service?
- A . Antivirus
- B . Anti-Spyware
- C . WildFire
- D . URL Filtering
B
Explanation:
https://docs.paloaltonetworks.com/dns-security/administration/configure-dns-security/enable-dns-security#:~:text=To%20enable%20DNS%20Security%2C%20you,to%20a%20security%20policy%20rule.
An administrator receives a notification about new malware that is being used to attack hosts.
The malware exploits a software bug in a common application.
Which Security Profile will detect and block access to this threat after the administrator updates the firewall’s threat signature database?
- A . Vulnerability Profile applied to inbound Security policy rules
- B . Antivirus Profile applied to outbound Security policy rules
- C . Data Filtering Profile applied to outbound Security policy rules
- D . Data Filtering Profile applied to inbound Security policy rules
What are two differences between an application group and an application filter? (Choose two.)
- A . Application groups enable access to sanctioned applications explicitly, while application filters enable access to sanctioned applications implicitly.
- B . Application groups are static, while application filters are dynamic.
- C . Application groups dynamically group applications based on attributes, while application filters contain applications that are statically grouped.
- D . Application groups can be added to application filters, while application filters cannot be added to application groups.
Which firewall feature do you need to configure to query Palo Alto Networks service updates over a data-plane interface instead of the management interface?
- A . service route
- B . dynamic updates
- C . SNMP setup
- D . data redistribution
Which firewall feature do you need to configure to query Palo Alto Networks service updates over a data-plane interface instead of the management interface?
- A . service route
- B . dynamic updates
- C . SNMP setup
- D . data redistribution
What are three characteristics of the Palo Alto Networks DNS Security service? (Choose three.)
- A . It uses techniques such as DGA/DNS tunneling detection and machine learning
- B . It requires a valid Threat Prevention license.
- C . It enables users to access real-time protections using advanced predictive analytics.
- D . It requires a valid URL Filtering license.
- E . It requires an active subscription to a third-party DNS Security service.
ABC
Explanation:
DNS Security subscription enables users to access real-time protections using advanced predictive analytics. When techniques such as DGA/DNS tunneling detection and machine learning are used, threats hidden within DNS traffic can be proactively identified and shared through an infinitely scalable cloud service. Because the DNS signatures and protections are stored in a cloud-based architecture, you can access the full database of ever-expanding signatures that have been generated using a multitude of data sources. This list of signatures allows you to defend against an array of threats using DNS in real-time against newly generated malicious domains. To combat future threats, updates to the analysis, detection, and prevention capabilities of the DNS Security service will be available through content releases. To access the DNS Security service, you must have a Threat Prevention license and DNS Security license.
An administrator would like to silently drop traffic from the internet to a ftp server.
Which Security policy action should the administrator select?
- A . Reset-server
- B . Deny
- C . Drop
- D . Block
C
Explanation:
Drop silently drops the packet, while deny gives an update.
Latest PCNSA Dumps Valid Version with 115 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
