PCNSA

An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command-and-control (C2) server. Which two security profile components will detect and prevent this threat after the firewall’s signature database has been updated? (Choose two.)A ....

Users from the internal zone need to be allowed to Telnet into a server in the DMZ zone. Complete the security policy to ensure only Telnet is allowed. Security Policy: Source Zone: Internal to DMZ Zone __________services “Application defaults”, and action = AllowA . Destination IP: 192.168.1.123/24B . Application =...

Which statement is true regarding a Best Practice Assessment?A . The BPA tool can be run only on firewallsB . It provides a percentage of adoption for each assessment areaC . The assessment, guided by an experienced sales engineer, helps determine the areas of greatest risk where you should focus...

Your company requires positive username attribution of every IP address used by wireless devices to support a new compliance requirement. You must collect IP Cto-user mappings as soon as possible with minimal downtime and minimal configuration changes to the wireless devices themselves. The wireless devices are from various manufactures. Given...

Which User-ID agent would be appropriate in a network with multiple WAN links, limited network bandwidth, and limited firewall management plane resources?A . Windows-based agent deployed on the internal networkB . PAN-OS integrated agent deployed on the internal networkC . Citrix terminal server deployed on the internal networkD . Windows-based...

A company moved its old port-based firewall to a new Palo Alto Networks NGFW 60 days ago. Which utility should the company use to identify out-of-date or unused rules on the firewall?A . Rule Usage Filter > No App SpecifiedB . Rule Usage Filter >Hit Count > Unused in 30...

Choose the option that correctly completes this statement. A Security Profile can block or allow traffic ____________.A . on either the data place or the management plane.B . after it is matched by a security policy rule that allows traffic.C . before it is matched to a Security policy rule.D...

How many zones can an interface be assigned with a Palo Alto Networks firewall?A . twoB . threeC . fourD . oneView AnswerAnswer: D Explanation: Reference: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/network/network­zones/security-zone-overview

Which dataplane layer of the graphic shown provides pattern protection for spyware and vulnerability exploits on a Palo Alto Networks Firewall? A . Signature MatchingB . Network ProcessingC . Security ProcessingD . Data InterfacesView AnswerAnswer: A

Which User-ID mapping method should be used for an environment with clients that do not authenticate to Windows Active Directory?A . Windows session monitoring via a domain controllerB . passive server monitoring using the Windows-based agentC . Captive PortalD . passive server monitoring using a PAN-OS integrated User-ID agentView AnswerAnswer:...