PCNSA Exam Dumps - Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)

Go to page:

<< First
Prev
5
6
7
8
9
10
11
12
13
14
Next
Last >>

Question # 81

An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?

branch office traffic

north-south traffic

perimeter traffic

east-west traffic

Full Access

Question # 82

Which Security profile must be added to Security policies to enable DNS Signatures to be checked?

Anti-Spyware

Antivirus

Vulnerability Protection

URL Filtering

Full Access

Question # 83

Which type firewall configuration contains in-progress configuration changes?

backup

running

candidate

committed

Full Access

Question # 84

Selecting the option to revert firewall changes will replace what settings?

The running configuration with settings from the candidate configuration

The candidate configuration with settings from the running configuration

The device state with settings from another configuration

Dynamic update scheduler settings

Full Access

Question # 85

After making multiple changes to the candidate configuration of a firewall, the administrator would like to start over with a candidate configuration that matches the running configuration.

Which command in Device > Setup > Operations would provide the most operationally efficient way to accomplish this?

Import named config snapshot

Load named configuration snapshot

Revert to running configuration

Revert to last saved configuration

Full Access

Question # 86

What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)

Service

User

Application

Address

Zone ab

Full Access

Answer:

Explanation:

Three valid source or destination conditions available as Security policy qualifiers are User, Application, and Zone. These qualifiers allow you to define the match criteria for a Security policy rule based on the identity of the user, the application used, and the zone where the traffic originates or terminates.Â You can use these qualifiers to enforce granular security policies that control access to network resources and prevent threats1. Some of the characteristics of these qualifiers are:

User: The User qualifier allows you to specify the source or destination user or user group for a Security policy rule. The firewall can identify users based on various methods, such as User-ID, Captive Portal, or GlobalProtect.Â You can use the User qualifier to apply different security policies for different users or user groups, such as allowing access to certain applications or resources based on user roles or privileges2.

Application: The Application qualifier allows you to specify the application or application group for a Security policy rule. The firewall can identify applications based on App-ID, which is a technology that classifies applications based on multiple attributes, such as signatures, protocol decoders, heuristics, and SSL decryption.Â You can use the Application qualifier to allow or deny access to specific applications or application groups, such as enabling web browsing but blocking social networking or file sharing3.

Zone: The Zone qualifier allows you to specify the source or destination zone for a Security policy rule. A zone is a logical grouping of one or more interfaces that have similar functions or security requirements. The firewall can apply security policies based on the zones where the traffic originates or terminates, such as intrazone, interzone, or universal.Â You can use the Zone qualifier to segment your network and isolate traffic based on different trust levels or network functions4.

References:Â Security Policy,Â Zones,Â User-ID,Â App-ID,Â Certifications - Palo Alto Networks, [Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)] or [Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)].

Question # 87

Which path in PAN-OS 10.2 is used to schedule a content update to managed devices using Panorama?

Panorama > Device Deployment > Dynamic Updates > Schedules > Add

Panorama > Device Deployment > Content Updates > Schedules > Add

Panorama > Dynamic Updates > Device Deployment > Schedules > Add

Panorama > Content Updates > Device Deployment > Schedules > Add

Full Access