Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Paloalto Networks PCNSA - Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)

Paloalto Networks PCNSA Premium Access     Download Demo    
Page: 11 / 11
Total 364 questions

Which three types of authentication services can be used to authenticate user traffic flowing through the firewalls data plane? (Choose three )

A.

TACACS

B.

SAML2

C.

SAML10

D.

Kerberos

E.

TACACS+

A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone. What configuration-changes should the Firewall-admin make?

A.

Create a custom-service-object called SERVICE-SSH for destination-port-TCP-22. Create a security-rule between zone USERS and OUTSIDE to allow traffic from any source IP-address to any destination IP-address for SERVICE-SSH

B.

Create a security-rule that allows traffic from zone USERS to OUTSIDE to allow traffic from any source IP-address to any destination IP-address for application SSH

C.

In addition to option a, a custom-service-object called SERVICE-SSH-RETURN that contains source-port-TCP-22 should be created. A second security-rule is required that allows traffic from zone OUTSIDE to USERS for SERVICE-SSH-RETURN for any source-IP-address to any destination-Ip-address

D.

In addition to option c, an additional rule from zone OUTSIDE to USERS for application SSH from any source-IP-address to any destination-IP-address is required to allow the return-traffic from the SSH-servers to reach the server-admin

Which firewall plane provides configuration, logging, and reporting functions on a separate processor?

A.

control

B.

network processing

C.

data

D.

security processing

Given the topology, which zone type should you configure for firewall interface E1/1?

A.

Tap

B.

Tunnel

C.

Virtual Wire

D.

Layer3

An internal host wants to connect to servers of the internet through using source NAT.

Which policy is required to enable source NAT on the firewall?

A.

NAT policy with source zone and destination zone specified

B.

post-NAT policy with external source and any destination address

C.

NAT policy with no source of destination zone selected

D.

pre-NAT policy with external source and any destination address

Which type of profile must be applied to the Security policy rule to protect against buffer overflows illegal code execution and other attempts to exploit system flaws?

A.

anti-spyware

B.

URL filtering

C.

vulnerability protection

D.

file blocking

An administrator would like to block access to a web server, while also preserving resources and minimizing half-open sockets. What are two security policy actions the administrator can select? (Choose two.)

A.

Reset server

B.

Reset both

C.

Drop

D.

Deny

What is the best-practice approach to logging traffic that traverses the firewall?

A.

Enable both log at session start and log at session end.

B.

Enable log at session start only.

C.

Enable log at session end only.

D.

Disable all logging options.

Place the following steps in the packet processing order of operations from first to last.