Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Paloalto Networks PCNSA - Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)

Paloalto Networks PCNSA Premium Access     Download Demo    
Page: 5 / 11
Total 364 questions

How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?

A.

Disable automatic updates during weekdays

B.

Automatically “download and install” but with the “disable new applications” option used

C.

Automatically “download only” and then install Applications and Threats later, after the administrator approves the update

D.

Configure the option for “Threshold”

If users from the Trusted zone need to allow traffic to an SFTP server in the DMZ zone, how should a Security policy with App-ID be configured?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Which two firewall components enable you to configure SYN flood protection thresholds? (Choose two.)

A.

QoS profile

B.

DoS Protection profile

C.

Zone Protection profile

D.

DoS Protection policy

Which rule type is appropriate for matching traffic occurring within a specified zone?

A.

Interzone

B.

Universal

C.

Intrazone

D.

Shadowed

An administrator would like to determine the default deny action for the application dns-over-https

Which action would yield the information?

A.

View the application details in beacon paloaltonetworks.com

B.

Check the action for the Security policy matching that traffic

C.

Check the action for the decoder in the antivirus profile

D.

View the application details in Objects > Applications

What is a recommended consideration when deploying content updates to the firewall from Panorama?

A.

Content updates for firewall A/P HA pairs can only be pushed to the active firewall.

B.

Content updates for firewall A/A HA pairs need a defined master device.

C.

Before deploying content updates, always check content release version compatibility.

D.

After deploying content updates, perform a commit and push to Panorama.

An organization has some applications that are restricted for access by the Human Resources Department only, and other applications that are available for any known user in the organization.

What object is best suited for this configuration?

A.

Application Group

B.

Tag

C.

External Dynamic List

D.

Application Filter

Complete the statement. A security profile can block or allow traffic____________

A.

on unknown-tcp or unknown-udp traffic

B.

after it is matched by a security policy that allows traffic

C.

before it is matched by a security policy

D.

after it is matched by a security policy that allows or blocks traffic

Which statement best describes the use of Policy Optimizer?

A.

Policy Optimizer can display which Security policies have not been used in the last 90 days

B.

Policy Optimizer on a VM-50 firewall can display which Layer 7 App-ID Security policies have unused applications

C.

Policy Optimizer can add or change a Log Forwarding profile for each Secunty policy selected

D.

Policy Optimizer can be used on a schedule to automatically create a disabled Layer 7 App-ID Security policy for every Layer 4 policy that exists Admins can then manually enable policies they want to keep and delete ones they want to remove

An administrator is implementing an exception to an external dynamic list by adding an entry to the list manually. The administrator wants to save the changes, but the OK button is grayed out.

What are two possible reasons the OK button is grayed out? (Choose two.)

A.

The entry contains wildcards.

B.

The entry is duplicated.

C.

The entry doesn't match a list entry.

D.

The entry matches a list entry.