Palo Alto Networks PCNSA
Palo Alto Networks Certified Network Security Ad
https://www.dumpsforsure.com/palo-alto-networks/pcnsa-dumps.html
� Question: 1
DRAG DROP
Match the Palo Alto Networks Security Operating Platform architecture to its description.
Answer:
Question: 2
Which firewall plane provides configuration, logging, and reporting functions on a separate
processor?
A. control
B. network processing
C. data
D. security processing
Answer: A
Question: 3
�A security administrator has configured App-ID updates to be automatically downloaded and
installed. The company is currently using an application identified by App-ID as SuperApp_base.
On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat
and SuperApp_download, which will be deployed in 30 days.
Based on the information, how is the SuperApp traffic affected after the 30 days have passed?
A. All traffic matching the SuperApp_chat, and SuperApp_download is denied because it no longer
matches the SuperApp-base application
B. No impact because the apps were automatically downloaded and installed
C. No impact because the firewall automatically adds the rules to the App-ID interface
D. All traffic matching the SuperApp_base, SuperApp_chat, and SuperApp_download is denied until
the security administrator approves the applications
Answer: A
Explanation:
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/manage-new-app-idsintroduced-
in-content-releases/review-new-app-id-impact-on-existing-policy-rules
Question: 4
How many zones can an interface be assigned with a Palo Alto Networks firewall?
A. two
B. three
C. four
D. one
Answer: D
Question: 5
Which two configuration settings shown are not the default? (Choose two.)
�A. Enable Security Log
B. Server Log Monitor Frequency (sec)
C. Enable Session
D. Enable Probing
Answer: B,C
Question: 6
Which data-plane processor layer of the graphic shown provides uniform matching for spyware and
vulnerability exploits on a Palo Alto Networks Firewall?
�A. Signature Matching
B. Network Processing
C. Security Processing
D. Security Matching
Answer: A
Question: 7
Which option lists the attributes that are selectable when setting up an Application filters?
A. Category, Subcategory, Technology, and Characteristic
B. Category, Subcategory, Technology, Risk, and Characteristic
C. Name, Category, Technology, Risk, and Characteristic
D. Category, Subcategory, Risk, Standard Ports, and Technology
Answer: B
Question: 8
Actions can be set for which two items in a URL filtering security profile? (Choose two.)
� A. Block List
B. Custom URL Categories
C. PAN-DB URL Categories
D. Allow List
Answer: BC
Explanation:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000boO3CAI
Question: 9
Which two statements are correct about App-ID content updates? (Choose two.)
A. Updated application content may change how security policy rules are enforced
B. After an application content update, new applications must be manually classified prior to use
C. Existing security policy rules are not affected by application content updates
D. After an application content update, new applications are automatically identified and classified
Answer: A,D
Question: 10
Which User-ID mapping method should be used for an environment with clients that do not
authenticate to Windows Active Directory?
A. Windows session monitoring via a domain controller
B. passive server monitoring using the Windows-based agent
C. Captive Portal
D. passive server monitoring using a PAN-OS integrated User-ID agent
Answer: C
Explanation:
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/user-id/map-ip-addresses-tousers/
map-ip-addresses-to-usernames-using-captive-portal.html
https://www.dumpsforsure.com/palo-alto-networks/pcnsa-dumps.html
