100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
PCNSA Exam – Q’s And A’s (Guaranteed Pass!!) CA$21.53   Add to cart

Exam (elaborations)

PCNSA Exam – Q’s And A’s (Guaranteed Pass!!)

 5 views  0 purchase

PCNSA Exam – Q’s And A’s (Guaranteed Pass!!)

Preview 3 out of 16  pages

  • January 13, 2024
  • 16
  • 2023/2024
  • Exam (elaborations)
  • Questions & answers
All documents for this subject (653)
avatar-seller
Studyhall
PCNSA Exam – Q’s And A’s (Guaranteed Pass!!)

Which firewall plane provides configuration, logging, and reporting
functions on a separate processor? Correct Ans - Control plane

A security administrator has configured App-ID updates to be
automatically downloaded and installed. The company is currently using an
application identified byApp-ID as SuperApp_base.On a content update
notice, Palo Alto Networks is adding new app signatures labeled
SuperApp_chat and SuperApp_download, which will be deployed in 30
days.Based on the information, how is the SuperApp traffic affected after
the 30 days have passed? Correct Ans - No impact because the
firewall automatically adds the rules to the App-ID interface

How many zones can an interface be assigned with a Palo Alto Networks
firewall? Correct Ans - One

Which two configuration settings shown are not the default? Correct
Ans - Server Log Monitor Frequency (sec)
Enable Session

Which data-plane processor layer provides uniform matching for spyware
and vulnerability exploits on a Palo Alto Networks Firewall? Correct
Ans - Signature Matching

Which option shows the attributes that are selectable when setting up
application filters? Correct Ans - Category, Subcategory,
Technology, Risk, and Characteristic

Actions can be set for which two items in a URL filtering security profile?
Correct Ans - Custom URL Categories
PAN-DB URL Categories

Which two statements are correct about App-ID content updates?
Correct Ans - Existing security policy rules are not affected by
application content updates
After an application content update, new applications are automatically
identified and classified

,Which User-ID mapping method should be used for an environment with
clients that do not authenticate to Windows Active Directory? Correct
Ans - Captive Portal

An administrator needs to allow users to use their own office applications.
How should the administrator configure the firewall to allow multiple
applications in a dynamic environment? Correct Ans - Create an
Application Group and add business-systems to it

Which statement is true regarding a Best Practice Assessment? Correct
Ans - It provides a percentage of adoption for each assessment data

Complete the statement. A security profile can block or allow traffic.
Correct Ans - after it is evaluated by a security policy that allows traffic

When creating a Source NAT policy, which entry in the Translated Packet
tab will display the options Dynamic IP and Port, Dynamic, Static IP, and
None? Correct Ans - Translation Type

Which interface does not require a MAC or IP address? Correct Ans -
Virtual Wire

A company moved its old port-based firewall to a new Palo Alto Networks
NGFW 60 days ago. Which utility should the company use to identify out-
of-date or unused rules on the firewall? Correct Ans - Rule Usage
Filter > Hit Count > Unused in 90 days

What are two differences between an implicit dependency and an explicit
dependency in App-ID? Correct Ans - An implicit dependency does
not require the dependent application to be added in the security policy
An explicit dependency requires the dependent application to be added in
the security policy

Recently changes were made to the firewall to optimize the policies and the
security team wants to see if those changes are helping.What is the
quickest way to reset the hit counter to zero in all the security policy rules?
Correct Ans - Use the Reset Rule Hit Counter > All Rules option

, Which two App-ID applications will need to be allowed to use Facebook-
chat? Correct Ans - Facebook-base
Facebook-chat

Which User-ID agent would be appropriate in a network with multiple
WAN links, limited network bandwidth, and limited firewall management
plane resources? Correct Ans - Windows-based agent deployed on
the internal network

Your company requires positive username attribution of every IP address
used by wireless devices to support a new compliance requirement. You
must collect IP-to-user mappings as soon as possible with minimal
downtime and minimal configuration changes to the wireless devices
themselves. The wireless devices are from various manufactures.Given the
scenario, choose the option for sending IP-to-user mappings to the NGFW.
Correct Ans - syslog

An administrator receives a global notification for a new malware that
infects hosts. The infection will result in the infected host attempting to
contact a command- and-control (C2) server. Which two security profile
components will detect and prevent this threat after the firewall's
signature database has been updated? Correct Ans - anti-spyware
profile applied to outbound security policies
URL filtering profile applied to outbound security policies

In which stage of the Cyber-Attack Lifecycle would the attacker inject a PDF
file within an email? Correct Ans - Weaponization

Identify the correct order to configure the PAN-OS integrated USER-ID
agent.
3. add the service account to monitor the server(s)
2. define the address of the servers to be monitored on the firewall
4. commit the configuration, and verify agent connection status
1. create a service account on the Domain Controller with sufficient
permissions to execute the User- ID agent Correct Ans - 1-3-2-4

Users from the internal zone need to be allowed to Telnet into a server in
the DMZ zone.Complete the security policy to ensure only Telnet is
allowed.Security Policy: Source Zone: Internal to DMZ Zone

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Studyhall. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for CA$21.53. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

81113 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
CA$21.53
  • (0)
  Add to cart