Winter Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

  1. Home
  2. Paloalto Networks
  3. Network Security Administrator
  4. PCNSA - Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)

PCNSA Exam Dumps - Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)

Go to page:
Question # 49

Which type of administrative role must you assign to a firewall administrator account, if the account must include a custom set of firewall permissions?

A.

SAML

B.

Multi-Factor Authentication

C.

Role-based

D.

Dynamic

Full Access
Question # 50

Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks Firewall? (Choose two.)

A.

Layer-ID

B.

User-ID

C.

QoS-ID

D.

App-ID

Full Access
Question # 51

What is a default setting for NAT Translated Packets when the destination NAT translation is selected as Dynamic IP (with session distribution)?

A.

IP Hash

B.

Source IP Hash

C.

Round Robin

D.

Least Sessions

Full Access
Question # 52

What are the two main reasons a custom application is created? (Choose two.)

A.

To correctly identify an internal application in the traffic log

B.

To change the default categorization of an application

C.

To visually group similar applications

D.

To reduce unidentified traffic on a network

Full Access
Question # 53

A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone. What configuration-changes should the Firewall-admin make?

A.

Create a custom-service-object called SERVICE-SSH for destination-port-TCP-22. Create a security-rule between zone USERS and OUTSIDE to allow traffic from any source IP-address to any destination IP-address for SERVICE-SSH

B.

Create a security-rule that allows traffic from zone USERS to OUTSIDE to allow traffic from any source IP-address to any destination IP-address for application SSH

C.

In addition to option a, a custom-service-object called SERVICE-SSH-RETURN that contains source-port-TCP-22 should be created. A second security-rule is required that allows traffic from zone OUTSIDE to USERS for SERVICE-SSH-RETURN for any source-IP-address to any destination-Ip-address

D.

In addition to option c, an additional rule from zone OUTSIDE to USERS for application SSH from any source-IP-address to any destination-IP-address is required to allow the return-traffic from the SSH-servers to reach the server-admin

Full Access
Question # 54

The CFO found a malware infected USB drive in the parking lot, which when inserted infected their corporate laptop the malware contacted a known command-and-control server which exfiltrating corporate data.

Which Security profile feature could have been used to prevent the communications with the command-and-control server?

A.

Create a Data Filtering Profile and enable its DNS sinkhole feature.

B.

Create an Antivirus Profile and enable its DNS sinkhole feature.

C.

Create an Anti-Spyware Profile and enable its DNS sinkhole feature.

D.

Create a URL Filtering Profile and block the DNS sinkhole URL category.

Full Access
Question # 55

Access to which feature requires the PAN-OS Filtering license?

A.

PAN-DB database

B.

DNS Security

C.

Custom URL categories

D.

URL external dynamic lists

Full Access
Question # 56

During the packet flow process, which two processes are performed in application identification? (Choose two.)

A.

pattern based application identification

B.

application override policy match

C.

session application identified

D.

application changed from content inspection

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps