Palo Alto Networks PCNSA Exam Practice Test Instant Access

Question 1

Based on the graphic which statement accurately describes the output shown in the server monitoring panel?

AThe User-ID agent is connected to a domain controller labeled lab-client.

BThe host lab-client has been found by the User-ID agent.

CThe host lab-client has been found by a domain controller.

DThe User-ID agent is connected to the firewall labeled lab-client.

Answer : A

Question 2

Given the screenshot what two types of route is the administrator configuring? (Choose two )

Adefault route

BOSPF

CBGP

Dstatic route

Answer : A

Question 3

If using group mapping with Active Directory Universal Groups, what must you do when configuring the User-ID?

ACreate an LDAP Server profile to connect to the root domain of the Global Catalog server on port 3268 or 3269 for SSL

BConfigure a frequency schedule to clear group mapping cache

CConfigure a Primary Employee ID number for user-based Security policies

DCreate a RADIUS Server profile to connect to the domain controllers using LDAPS on port 636 or 389

Answer : B

If you have Universal Groups, create an LDAP server profile to connect to the root domain of the Global Catalog server on port 3268 or 3269 for SSL, then create another LDAP server profile to connect to the root domain controllers on port 389. This helps ensure that users and group information is available for all domains and subdomains.

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-users-to-groups

Question 4

What do you configure if you want to set up a group of objects based on their ports alone?

AApplication groups

BService groups

CAddress groups

DCustom objects

Answer : B

Question 5

What is a function of application tags?

Acreation of new zones

Bapplication prioritization

Cautomated referenced applications in a policy

DIP address allocations in DHCP

Answer : C

Question 6

What must be configured before setting up Credential Phishing Prevention?

AAnti Phishing Block Page

BThreat Prevention

CAnti Phishing profiles

DUser-ID

Answer : B

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/threat-prevention/prevent-credential-phishing/set-up-credential-phishing-prevention

Question 7

You receive notification about new malware that infects hosts through malicious files transferred by FTP.

Which Security profile detects and protects your internal networks from this threat after you update your firewall's threat signature database?

AURL Filtering profile applied to inbound Security policy rules.

BData Filtering profile applied to outbound Security policy rules.

CAntivirus profile applied to inbound Security policy rules.

DVulnerability Prote
ction profile applied to outbound Security policy rules.

Answer : C

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/security-profiles

Palo Alto Networks PCNSA Palo Alto Networks Certified Network Security Administrator Exam Practice Test