1. Home
  2. Paloalto Networks
  3. Network Security Administrator
  4. PCNSA
  5. Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0) Questions and Answers

Pass the Paloalto Networks Network Security Administrator PCNSA Questions and answers with CertsForce

 Paloalto Networks Exams      Go to Exam Detail      Get Premium Access
Viewing page 10 out of 11 pages
Viewing questions 91-100 out of questions
Questions # 91:

What are three valid ways to map an IP address to a username? (Choose three.)

Options:
A.

using the XML API

B.

DHCP Relay logs

C.

a user connecting into a GlobalProtect gateway using a GlobalProtect Agent

D.

usernames inserted inside HTTP Headers

E.

WildFire verdict reports

Expert Solution
Questions # 92:

You need to allow users to access the office–suite application of their choice. How should you configure the firewall to allow access to any office-suite application?

Options:
A.

Create an Application Group and add Office 365, Evernote Google Docs and Libre Office

B.

Create an Application Group and add business-systems to it.

C.

Create an Application Filter and name it Office Programs, then filter it on the office programs subcategory.

D.

Create an Application Filter and name it Office Programs then filter on the business-systems category.

Expert Solution
Questions # 93:

Which statement is true about Panorama managed devices?

Options:
A.

Panorama automatically removes local configuration locks after a commit from Panorama

B.

Local configuration locks prohibit Security policy changes for a Panorama managed device

C.

Security policy rules configured on local firewalls always take precedence

D.

Local configuration locks can be manually unlocked from Panorama

Expert Solution
Questions # 94:

In which stage of the Cyber-Attack Lifecycle would the attacker inject a PDF file within an email?

Options:
A.

Weaponization

B.

Reconnaissance

C.

Installation

D.

Command and Control

E.

Exploitation

Expert Solution
Questions # 95:

Which object would an administrator create to block access to all high-risk applications?

Options:
A.

HIP profile

B.

application filter

C.

application group

D.

Vulnerability Protection profile

Expert Solution
Questions # 96:

Which two settings allow you to restrict access to the management interface? (Choose two )

Options:
A.

enabling the Content-ID filter

B.

administrative management services

C.

restricting HTTP and telnet using App-ID

D.

permitted IP addresses

Expert Solution
Questions # 97:

What is a recommended consideration when deploying content updates to the firewall from Panorama?

Options:
A.

Content updates for firewall A/P HA pairs can only be pushed to the active firewall.

B.

Content updates for firewall A/A HA pairs need a defined master device.

C.

Before deploying content updates, always check content release version compatibility.

D.

After deploying content updates, perform a commit and push to Panorama.

Expert Solution
Questions # 98:

Which object would an administrator create to enable access to all applications in the office-programs subcategory?

Options:
A.

HIP profile

B.

Application group

C.

URL category

D.

Application filter

Expert Solution
Questions # 99:

Which three types of Source NAT are available to users inside a NGFW? (Choose three.)

Options:
A.

Dynamic IP and Port (DIPP)

B.

Static IP

C.

Static Port

D.

Dynamic IP

E.

Static IP and Port (SIPP)

Expert Solution
Questions # 100:

Which action can be performed when grouping rules by group tags?

Options:
A.

Delete Tagged Rule(s)

B.

Edit Selected Rule(s)

C.

Apply Tag to the Selected Rule(s)

D.

Tag Selected Rule(s)

Expert Solution
Viewing page 10 out of 11 pages
Viewing questions 91-100 out of questions