Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Palo Alto Networks PCNSA

Palo Alto Networks PCNSA Exam Practice Questions (P. 4)

  • Full Access (420 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #31
An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?

  1. A
    branch office traffic
  2. B
    north-south traffic
  3. C
    perimeter traffic
  4. D
    east-west traffic

Correct Answer:
D

Question #32
Given the topology, which zone type should zone A and zone B to be configured with?

  1. A
    Layer3
  2. B
    Tap
  3. C
    Layer2
  4. D
    Virtual Wire

Correct Answer:
A

Question #33
To use Active Directory to authenticate administrators, which server profile is required in the authentication profile?
  1. A
    domain controller
  2. B
    TACACS+
  3. C
    LDAP
  4. D
    RADIUS

Correct Answer:
C
chatbot-img GPT-4o - Answer
Alright, here’s the deal: LDAP (Lightweight Directory Access Protocol) is the way to go when we’re setting up authentication for administrators via Active Directory. This isn’t just because it’s in the options list; it’s because LDAP is directly supported by Active Directory for authentication purposes. Kerberos is another protocol supported by Active Directory, but since it’s not an available option in your question, LDAP stands out as the straightforward choice. This ensures a seamless integration emphasizing security and administrative ease.

Question #34
Which interface type is used to monitor traffic and cannot be used to perform traffic shaping?
  1. A
    Layer 2
  2. B
    Tap
  3. C
    Layer 3
  4. D
    Virtual Wire

Correct Answer:
B
chatbot-img GPT-4o - Answer
The most accurate choice for monitoring traffic without having the capability to perform traffic shaping is the Tap interface. Specifically designed in the context of network security and administration in Palo Alto Networks platforms, Tap interfaces strictly facilitate traffic monitoring by passively listening to network traffic; they do not participate in traffic flow, hence cannot shape or modify traffic. This distinction is crucial for network admins especially when deploying network monitoring tools while ensuring existing traffic flows remain unaffected.

Question #35
Which administrator type provides more granular options to determine what the administrator can view and modify when creating an administrator account?
  1. A
    Root
  2. B
    Dynamic
  3. C
    Role-based
  4. D
    Superuser

Correct Answer:
C

Question #36
Which administrator type utilizes predefined roles for a local administrator account?
  1. A
    Superuser
  2. B
    Role-based
  3. C
    Dynamic
  4. D
    Device administrator

Correct Answer:
C
Reference:
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-cli-quick-start/get-started-with-the-cli/give-administrators-access-to-the-cli/administrative- privileges?PageSpeed=noscript

Question #37
Which two security profile types can be attached to a security policy? (Choose two.)
  1. A
    antivirus
  2. B
    DDoS protection
  3. C
    threat
  4. D
    vulnerability

Correct Answer:
AD
Reference:
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/policy/security-profiles

Question #38
The CFO found a USB drive in the parking lot and decide to plug it into their corporate laptop. The USB drive had malware on it that loaded onto their computer and then contacted a known command and control (CnC) server, which ordered the infected machine to begin Exfiltrating data from the laptop.
Which security profile feature could have been used to prevent the communication with the CnC server?
  1. A
    Create an anti-spyware profile and enable DNS Sinkhole
  2. B
    Create an antivirus profile and enable DNS Sinkhole
  3. C
    Create a URL filtering profile and block the DNS Sinkhole category
  4. D
    Create a security policy and enable DNS Sinkhole

Correct Answer:
A
Reference:
https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-web-interface-help/objects/objects-security-profiles-anti-spyware-profile

Question #39
Which user mapping method could be used to discover user IDs in an environment with multiple Windows domain controllers?
  1. A
    Active Directory monitoring
  2. B
    Windows session monitoring
  3. C
    Windows client probing
  4. D
    domain controller monitoring

Correct Answer:
A

Question #40
Which three statements describe the operation of Security policy rules and Security Profiles? (Choose three.)
  1. A
    Security policy rules are attached to Security Profiles.
  2. B
    Security Profiles are attached to Security policy rules.
  3. C
    Security Profiles should be used only on allowed traffic.
  4. D
    Security policy rules inspect but do not block traffic.
  5. E
    Security policy rules can block or allow traffic.

Correct Answer:
ABC

Previous Questions Next Questions

All Pages