New 2023 PCNSA exam questions Welcome to download the newest ITPassLeader PCNSA PDF dumps (284 Q&As)
P.S. Free 2023 Paloalto Network Security Administrator PCNSA dumps are available on Google Drive shared by ITPassLeader
NEW QUESTION # 158
Order the steps needed to create a new security zone with a Palo Alto Networks firewall.
Answer:
Explanation:
NEW QUESTION # 159
What two authentication methods on the Palo Alto Networks firewalls support authentication and authorization for role-based access control? (Choose two.)
- A. SAML
- B. Kerberos
- C. TACACS+
- D. LDAP
Answer: A,C
NEW QUESTION # 160
Given the image, which two options are true about the Security policy rules. (Choose two.)
- A. In the Allow Social Networking rule, allows all of Facebook's functions
- B. In the Allow FTP to web server rule, FTP is allowed using App-ID
- C. The Allow Office Programs rule is using an Application Group
- D. The Allow Office Programs rule is using an Application Filter
Answer: B,C
NEW QUESTION # 161
Which statement is true regarding a Best Practice Assessment?
- A. The assessment, guided by an experienced sales engineer, helps determine the areas of greatest risk where you should focus prevention activities
- B. It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture
- C. The BPA tool can be run only on firewalls
- D. It provides a percentage of adoption for each assessment data
Answer: B
NEW QUESTION # 162
In which profile should you configure the DNS Security feature?
- A. Zone Protection Profile
- B. URL Filtering Profile
- C. Anti-Spyware Profile
- D. Antivirus Profile
Answer: C
Explanation:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/threat-prevention/dns-security/enable-dns-security.html
NEW QUESTION # 163
When HTTPS for management and GlobalProtect are enabled on the same interface, which TCP port is used for management access?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: A
NEW QUESTION # 164
Given the image, which two options are true about the Security policy rules. (Choose two.)
- A. In the Allow Social Networking rule, allows all of Facebook's functions
- B. In the Allow FTP to web server rule, FTP is allowed using App-ID
- C. The Allow Office Programs rule is using an Application Group
- D. The Allow Office Programs rule is using an Application Filter
Answer: B,C
Explanation:
Explanation
NEW QUESTION # 165
Which feature would be useful for preventing traffic from hosting providers that place few restrictions on content, whose services are frequently used by attackers to distribute illegal or unethical material?
- A. Palo Alto Networks Known Malicious IP Addresses
- B. Palo Alto Networks Bulletproof IP Addresses
- C. Palo Alto Networks C&C IP Addresses
- D. Palo Alto Networks High-Risk IP Addresses
Answer: B
Explanation:
To block hosts that use bulletproof hosts to provide malicious, illegal, and/or unethical content, use the bulletproof IP address list in policy.
NEW QUESTION # 166
Which User-ID mapping method should be used for an environment with clients that do not authenticate to Windows Active Directory?
- A. passive server monitoring using a PAN-OS integrated User-ID agent
- B. Captive Portal
- C. Windows session monitoring via a domain controller
- D. passive server monitoring using the Windows-based agent
Answer: B
NEW QUESTION # 167
What must be configured for the firewall to access multiple authentication profiles for external services to authenticate a non-local account?
- A. authentication list profile
- B. authentication sequence
- C. authentication server list
- D. LDAP server profile
Answer: B
NEW QUESTION # 168
Which type of security policy rule will match traffic that flows between the Outside zone and inside zone, but would not match traffic that flows within the zones?
- A. interzone
- B. universal
- C. global
- D. intrazone
Answer: D
NEW QUESTION # 169
Which statement is true regarding a Best Practice Assessment?
- A. It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture.
- B. When guided by an authorized sales engineer, it helps determine the areas of greatest risk where you should focus prevention activities.
- C. It runs only on firewalls.
- D. It shows how current configuration compares to Palo Alto Networks recommendations.
Answer: D
Explanation:
Explanation/Reference:
NEW QUESTION # 170
Which two configuration settings shown are not the default? (Choose two.)
- A. Server Log Monitor Frequency (sec)
- B. Enable Security Log
- C. Enable Session
- D. Enable Probing
Answer: A,C
NEW QUESTION # 171
Actions can be set for which two items in a URL filtering security profile? (Choose two.)
- A. Block List
- B. Allow List
- C. Custom URL Categories
- D. PAN-DB URL Categories
Answer: A,B
NEW QUESTION # 172
Which type of administrative role must you assign to a firewall administrator account, if the account must include a custom set of firewall permissions?
- A. Multi-Factor Authentication
- B. Dynamic
- C. Role-based
- D. SAML
Answer: C
Explanation:
Role Based - Custom roles you can configure for more granular access control over the functional areas of the web interface, CLI, and XML API.
NEW QUESTION # 173
Given the scenario, which two statements are correct regarding multiple static default routes? (Choose two.)
- A. Path monitoring does not determine if route is useable
- B. Path monitoring determines if route is useable
- C. Route with lowest metric is actively used
- D. Route with highest metric is actively used
Answer: B,C
NEW QUESTION # 174
......
PCNSA exam questions from ITPassLeader dumps: https://certlibrary.itpassleader.com/Palo-Alto-Networks/PCNSA-dumps-pass-exam.html (284 Q&As)