This page was exported from Braindump2go Free Exam Dumps with PDF and VCE Collection [ https://www.mcitpdump.com ] Export date:Fri May 17 19:54:53 2024 / +0000 GMT ___________________________________________________ Title: [November-2021]High Quality Braindump2go PCNSA Exam VCE and PDF PCNSA 230Q Free Share[Q173-Q200] --------------------------------------------------- November/2021 Latest Braindump2go PCNSA Exam Dumps with PDF and VCE Free Updated Today! Following are some new PCNSA Real Exam Questions!QUESTION 173Which type of administrator account cannot be used to authenticate user traffic flowing through the firewall's data plane?A. Kerberos userB. SAML userC. local database userD. local userAnswer: BQUESTION 174How frequently can WildFire updates be made available to firewalls?A. every 15 minutesB. every 30 minutesC. every 60 minutesD. every 5 minutesAnswer: DQUESTION 175Starting with PAN-OS version 9.1, which new type of object is supported for use within the User field of a Security policy rule?A. remote usernameB. dynamic user groupC. static user groupD. local usernameAnswer: BQUESTION 176Which link in the web interface enables a security administrator to view the Security policy rules that match new application signatures?A. Review App MatchesB. Review AppsC. Pre-analyzeD. Review PoliciesAnswer: DQUESTION 177How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?A. Disable automatic updates during weekdaysB. Automatically "download and install" but with the "disable new applications" option usedC. Automatically "download only" and then install Applications and Threats later, after the administratorapproves the updateD. Configure the option for "Threshold"Answer: DExplanation:https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/threat-prevention/best-practices-for-application-and-threat-content-updates#QUESTION 178Which type of firewall configuration contains in-progress configuration changes?A. backupB. candidateC. runningD. committedAnswer: BQUESTION 179Which three configuration settings are required on a Palo Alto Network firewall management interface? (Choose three.)A. hostnameB. netmaskC. default gatewayD. auto-negotiationE. IP addressAnswer: BCEExplanation:https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClN7CAKQUESTION 180What is an advantage for using application tags?A. They are helpful during the creation of new zones.B. They help content updates automate policy updates.C. They help with the creation of interfaces.D. They help with the design of IP address allocations in DHCP.Answer: BQUESTION 181At which point in the App-ID update process can you determine if an existing policy rule is affected by an App-ID update?A. after clicking Check Now in the Dynamic Update windowB. after committing the firewall configurationC. after installing the updateD. after downloading the updateAnswer: DExplanation:https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-web-interface-help/device/device-dynamic-updatesQUESTION 182You receive notification about a new malware that infects hosts. An infection results in the infected host attempting to contact a command-and-control server.Which Security Profile detects and prevents this threat from establishing a command-and-control connection?A. Vulnerability Protection Profile applied to outbound Security policy rules.B. Anti-Spyware Profile applied to outbound security policies.C. Antivirus Profile applied to outbound Security policy rulesD. Data Filtering Profile applied to outbound Security policy rules.Answer: BQUESTION 183Which statement is true regarding a Best Practice Assessment?A. It runs only on firewalls.B. It shows how current configuration compares to Palo Alto Networks recommendations.C. When guided by an authorized sales engineer, it helps determine the areas of greatest risk where you should focus prevention activities.D. It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture.Answer: BQUESTION 184The PowerBall Lottery has reached an unusually high value this week. Your company has decided to raise morale by allowing employees to access the PowerBall Lottery website (www.powerball.com) for just this week. However, the company does not want employees to access any other websites also listed in the URL filtering "gambling" category.Which method allows the employees to access the PowerBall Lottery website but without unblocking access to the "gambling" URL category?A. Add just the URL www.powerball.com to a Security policy allow rule.B. Manually remove powerball.com from the gambling URL category.C. Add *.powerball.com to the URL Filtering allow list.D. Create a custom URL category, add *.powerball.com to it and allow it in the Security Profile.Answer: CDQUESTION 185Which Palo Alto Networks service protects cloud-based applications such as Dropbox and Salesforce by monitoring permissions and shares and scanning files for sensitive information?A. Prisma SaaSB. AutoFocusC. PanoramaD. GlobalProtectAnswer: AQUESTION 186In a Security policy, what is the quickest way to reset all policy rule hit counters to zero?A. Highlight each rule and use the Reset Rule Hit Counter > Selected RulesB. Reboot the firewallC. Use the Reset Rule Hit Counter > All Rules optionD. Use the CLI enter the command reset rules allAnswer: CExplanation:https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/policies/policies-security/creating-and-managing-policiesQUESTION 187Based on the Security policy rules shown, SSH will be allowed on which port? A. the default portB. only ephemeral portsC. any portD. same port as ssl and snmpv3Answer: AQUESTION 188You receive notification about new malware that is being used to attack hosts. The malware exploits a software bug in common application.Which Security Profile detects and blocks access to this threat after you update the firewall's threat signature database?A. Data Filtering Profile applied to outbound Security policy rulesB. Antivirus Profile applied to outbound Security policy rulesC. Data Filtering Profile applied to inbound Security policy rulesD. Vulnerability Protection Profile applied to inbound Security policy rules Answer: BAnswer: QUESTION 189Palo Alto Networks firewall architecture accelerates content inspection performance while minimizing latency using which two components? (Choose two.)A. Network Processing EngineB. Policy EngineC. Parallel Processing HardwareD. Single Stream-based EngineAnswer: CDQUESTION 190An administrator is reviewing another administrator's Security policy log settings.Which log setting configuration is consistent with best practices for normal traffic?A. Log at Session Start and Log at Session End both enabledB. Log at Session Start enabled, Log at Session End disabledC. Log at Session Start disabled, Log at Session End enabledD. Log at Session Start and Log at Session End both disabledAnswer: CExplanation:https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clt5CACQUESTION 191Which Security profile would you apply to identify infected hosts on the protected network using DNS traffic?A. URL trafficB. vulnerability protectionC. anti-spywareD. antivirusAnswer: CExplanation:https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/security-profilesQUESTION 192Given the topology, which zone type should zone A and zone B to be configured with? A. Layer3B. EthernetC. Layer2D. Virtual WireAnswer: AQUESTION 193Assume a custom URL Category Object of "NO-FILES" has been created to identify a specific website?How can file uploading/downloading be restricted for the website while permitting general browsing access to that website?A. Create a Security policy with a URL Filtering profile that references the site access setting of block to NO-FILES.B. Create a Security policy that references NO-FILES as a URL Category qualifier with an appropriate File Blocking profile.C. Create a Security policy with a URL Filtering profile that references the site access setting of continue to NO-FILES.D. Create a Security policy that references NO-FILES as a URL Category qualifier with an appropriate Data Filtering profile.Answer: AExplanation:https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/threat-prevention/set-up-file-blockingQUESTION 194Which URL Filtering profile action would you set to allow users the option to access a site only if they provide a URL admin password?A. authorizationB. continueC. authenticationD. overrideAnswer: DExplanation:https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/url-filtering-concepts/ url-filtering-profile-actions.htmlQUESTION 195How are Application Filters or Application Groups used in firewall policy?A. An Application Group is a static way of grouping applications and cannot be configured as a nested member of Application Group.B. An Application Group is a dynamic way of grouping applications and can be configured as a nested member of an Application Group.C. An Application Filter is a dynamic way to group applications and can be configured as a nested member of an Application Group.D. An Application Filter is a static way of grouping applications and can be configured as a nested member of an Application Group.Answer: CQUESTION 196Which tab would an administrator click to create an address object?A. ObjectsB. MonitorC. DeviceD. PoliciesAnswer: AExplanation:https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/objects/objects-addressesQUESTION 197An administrator wishes to follow best practices for logging traffic that traverses the firewall.Which log setting is correct?A. Enable Log at Session StartB. Disable all loggingC. Enable Log at both Session Start and EndD. Enable Log at Session EndAnswer: DExplanation:https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clt5CACQUESTION 198Which two firewall components enable you to configure SYN flood protection thresholds? (Choose two.)A. QoS profileB. DoS Protection profileC. Zone Protection profileD. DoS Protection policyAnswer: BCQUESTION 199An administrator would like to see the traffic that matches the interzone-default rule in the traffic logs.What is the correct process to enable this logging?A. Select the interzone-default rule and click Override; on the Actions tab, select Log at Session End and click OK.B. Select the interzone-default rule and edit the rule; on the Actions tab, select Log at Session End and click OK.C. Select the interzone-default rule and edit the rule; on the Actions tab, select Log at Session Start and click OK.D. This rule has traffic logging enabled by default; no further action is required.Answer: BQUESTION 200The Palo Alto Networks NGFW was configured with a single virtual router named VR-1.What changes are required on VR-1 to route traffic between two interfaces on the NGFW?A. Add static routes to route between the two interfacesB. Add interfaces to the virtual routerC. Add zones attached to interfaces to the virtual routerD. Enable the redistribution profile to redistribute connected routesAnswer: BExplanation:https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/networking/virtual-routers.htmlResources From:1.2021 Latest Braindump2go PCNSA Exam Dumps (PDF & VCE) Free Share:https://www.braindump2go.com/pcnsa.html2.2021 Latest Braindump2go PCNSA PDF and PCNSA VCE Dumps Free Share:https://drive.google.com/drive/folders/1_IuXSO289LtQJX5BZt3iARfEaVckaP-x?usp=sharing3.2021 Free Braindump2go PCNSA Exam Questions Download:https://www.braindump2go.com/free-online-pdf/PCNSA-PDF-Dumps(173-195).pdfhttps://www.braindump2go.com/free-online-pdf/PCNSA-VCE-Dumps(196-219).pdfFree Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams! --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2021-11-04 09:11:16 Post date GMT: 2021-11-04 09:11:16 Post modified date: 2021-11-04 09:11:16 Post modified date GMT: 2021-11-04 09:11:16 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com