This page was exported from Free valid test braindumps [ http://free.validbraindumps.com ] Export date:Thu Apr 17 8:51:44 2025 / +0000 GMT ___________________________________________________ Title: [Jun 08, 2023] Get Latest and 100% Accurate PCNSA Exam Questions [Q165-Q187] --------------------------------------------------- [Jun 08, 2023] Get Latest and 100% Accurate PCNSA Exam Questions Maximum Grades By Making ready With PCNSA Dumps NEW QUESTION 165The firewall sends employees an application block page when they try to access Youtube.Which Security policy rule is blocking the youtube application?  intrazone-default  Deny Google  allowed-security services  interzone-default NEW QUESTION 166An administrator configured a Security policy rule with an Antivirus Security profile. The administrator did not change the action (or the profile. If a virus gets detected, how wilt the firewall handle the traffic?  It allows the traffic because the profile was not set to explicitly deny the traffic.  It drops the traffic because the profile was not set to explicitly allow the traffic.  It uses the default action assigned to the virus signature.  It allows the traffic but generates an entry in the Threat logs. NEW QUESTION 167Drag and Drop QuestionArrange the correct order that the URL classifications are processed within the system.Select and Place: NEW QUESTION 168Match the network device with the correct User-ID technology. ExplanationMicrosoft Exchange – Server monitoringLinux authentication – syslog monitoringWindows Client – client probingCitrix client – Terminal Services agentNEW QUESTION 169Match the network device with the correct User-ID technology. NEW QUESTION 170Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can initiate malicious code against a targeted machine.  Exploitation  Installation  Reconnaissance  Act on Objective NEW QUESTION 171Which two App-ID applications will you need to allow in your Security policy to use facebook-chat? (Choose two.)  facebook  facebook-chat  facebook-base  facebook-email Explanation/Reference: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV0CAKNEW QUESTION 172An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?  branch office traffic  north-south traffic  perimeter traffic  east-west traffic NEW QUESTION 173An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?  Create an Application Filter and name it Office Programs, the filter it on the business-systems category, office-programs subcategory  Create an Application Group and add business-systems to it  Create an Application Filter and name it Office Programs, then filter it on the business-systems category  Create an Application Group and add Office 365, Evernote, Google Docs, and Libre Office ExplanationAn application filter is an object that dynamically groups applications based on application attributes that you define, including category, subcategory, technology, risk factor, and characteristic. This is useful when you want to safely enable access to applications that you do not explicitly sanction, but that you want users to be able to access. For example, you may want to enable employees to choose their own office programs (such as Evernote, Google Docs, or Microsoft Office 365) for business use. To safely enable these types of applications, you could create an application filter that matches on the Category business-systems and the Subcategory office-programs. As new applications office programs emerge and new App-IDs get created, these new applications will automatically match the filter you defined; you will not have to make any additional changes to your policy rulebase to safely enable any application that matches the attributes yhttps://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/use-application-objects-in-policy/create-an-application-filter.htmlNEW QUESTION 174An administrator would like to override the default deny action for a given application and instead would like to block the traffic and send the ICMP code “communication with the destination is administratively prohibited” Which security policy action causes this?  Drop  Drop, send ICMP Unreachable  Reset both  Reset server NEW QUESTION 175Which two features can be used to tag a user name so that it is included in a dynamic user group? (Choose two)  XML API  log forwarding auto-tagging  GlobalProtect agent  User-ID Windows-based agent Explanationhttps://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/url-filtering-concepts/url-filtering-profilNEW QUESTION 176You receive notification about new malware that is being used to attack hosts The malware exploits a software bug in a common application Which Security Profile detects and blocks access to this threat after you update the firewall’s threat signature database?  Data Filtering Profile applied to outbound Security policy rules  Antivirus Profile applied to outbound Security policy rules  Data Filtering Profile applied to inbound Security policy rules  Vulnerability Profile applied to inbound Security policy rules NEW QUESTION 177What are two differences between an implicit dependency and an explicit dependency in App-ID? (Choose two.)  An implicit dependency does not require the dependent application to be added in the security policy  An implicit dependency requires the dependent application to be added in the security policy  An explicit dependency does not require the dependent application to be added in the security policy  An explicit dependency requires the dependent application to be added in the security policy NEW QUESTION 178An administrator is updating Security policy to align with best practices.Which Policy Optimizer feature is shown in the screenshot below?  Rules without App Controls  New App Viewer  Rule Usage  Unused Unused Apps NEW QUESTION 179At which stage of the cyber-attack lifecycle would the attacker attach an infected PDF file to an email?  delivery  command and control  explotation  reinsurance  installation NEW QUESTION 180An administrator would like to override the default deny action for a given application and instead would like to block the traffic and send the ICMP code “communication with the destination is administratively prohibited” Which security policy action causes this?  Drop  Drop, send ICMP Unreachable  Reset both  Reset server NEW QUESTION 181A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone. What configuration-changes should the Firewall-admin make?  Create a custom-service-object called SERVICE-SSH for destination-port-TCP-22. Create a security-rule between zone USERS and OUTSIDE to allow traffic from any source IP-address to any destination IP-address for SERVICE-SSH  Create a security-rule that allows traffic from zone USERS to OUTSIDE to allow traffic from any source IP-address to any destination IP-address for application SSH  In addition to option a, a custom-service-object called SERVICE-SSH-RETURN that contains source-port-TCP-22 should be created. A second security-rule is required that allows traffic from zone OUTSIDE to USERS for SERVICE-SSH-RETURN for any source-IP-address to any destination-Ip-address  In addition to option c, an additional rule from zone OUTSIDE to USERS for application SSH from any source-IP-address to any destination-IP-address is required to allow the return-traffic from the SSH-servers to reach the server-admin NEW QUESTION 182Based on the security policy rules shown, ssh will be allowed on which port?  80  53  22  23 NEW QUESTION 183Which Security profile can you apply to protect against malware such as worms and Trojans?  data filtering  antivirus  vulnerability protection  anti-spyware NEW QUESTION 184Based on the show security policy rule would match all FTP traffic from the inside zone to the outside zone?  internal-inside-dmz  engress outside  inside-portal  intercone-default NEW QUESTION 185You have been tasked to configure access to a new web server located in the DMZ Based on the diagram what configuration changes are required in the NGFW virtual router to route traffic from the 10 1 1 0/24 network to 192 168 1 0/24?  Add a route with the destination of 192 168 1 0/24 using interface Eth 1/3 with a next-hop of 192.168 1.10  Add a route with the destination of 192 168 1 0/24 using interface Eth 1/2 with a next-hop of 172.16.1.2  Add a route with the destination of 192 168 1 0/24 using interface Eth 1/3 with a next-hop of 172.16.1.2  Add a route with the destination of 192 168 1 0/24 using interface Eth 1/3 with a next-hop of 192.168.1.254 NEW QUESTION 186Actions can be set for which two items in a URL filtering security profile? (Choose two.)  Block List  Custom URL Categories  PAN-DB URL Categories  Allow Listhttps://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/url-filtering-concepts/url-filtering-profile-actions NEW QUESTION 187Which type of firewall configuration contains in-progress configuration changes?  backup  candidate  running  committed  Loading … Give push to your success with PCNSA exam questions: https://www.validbraindumps.com/PCNSA-exam-prep.html --------------------------------------------------- Images: https://free.validbraindumps.com/wp-content/plugins/watu/loading.gif https://free.validbraindumps.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2023-06-08 16:23:24 Post date GMT: 2023-06-08 16:23:24 Post modified date: 2023-06-08 16:23:24 Post modified date GMT: 2023-06-08 16:23:24