What can be used as match criteria for creating a dynamic address group?
A. Usernames B. IP addresses C. Tags D. MAC addresses
C. Tags
Question 152:
You receive notification about new malware that infects hosts through malicious files transferred by FTP.
Which Security profile detects and protects your internal networks from this threat after you update your firewall's threat signature database?
A. URL Filtering profile applied to inbound Security policy rules. B. Data Filtering profile applied to outbound Security policy rules. C. Antivirus profile applied to inbound Security policy rules. D. Vulnerability Prote ction profile applied to outbound Security policy rules.
C. Antivirus profile applied to inbound Security policy rules.
Which object would an administrator create to enable access to all applications in the office-programs subcategory?
A. HIP profile B. Application group C. URL category D. Application filter
B. Application group
Explanation/Reference:
An application filter is an object that dynamically groups applications based on application attributes that you define, including category, subcategory, technology, risk factor, and characteristic. For example, you may want to enable employees to choose their own office programs (such as Evernote, Google Docs, or Microsoft Office 365) for business use. To safely enable these types of applications, you could create an application filter that matches on the Category business-systems and the Subcategory office-programs.
Question 154:
The NetSec Manager asked to create a new firewall Local Administrator profile with customized privileges named NewAdmin. This new administrator has to authenticate without inserting any username or password to access the WebUI. What steps should the administrator follow to create the New_Admin Administrator profile?
A. 1. Select the "Use only client certificate authentication" check box. 2. Set Role to Role Based. 3. Issue to the Client a Certificate with Common Name = NewAdmin B. 1. Select the "Use only client certificate authentication" check box. 2. Set Role to Dynamic. 3. Issue to the Client a Certificate with Certificate Name = NewAdmin C. 1. Set the Authentication profile to Local. 2. Select the "Use only client certificate authentication" check box. 3. Set Role to Role Based. D. 1. Select the "Use only client certificate authentication" check box. 2. Set Role to Dynamic. 3. Issue to the Client a Certificate with Common Name = New Admin
B. 1. Select the "Use only client certificate authentication" check box. 2. Set Role to Dynamic. 3. Issue to the Client a Certificate with Certificate Name = NewAdmin
Question 155:
Which administrator type provides more granular options to determine what the administrator can view and modify when creating an administrator account?
A. Root B. Dynamic C. Role-based D. Superuser
C. Role-based
Question 156:
What are three advantages of user-to-group mapping? (Choose three.)
A. It does not require additional objects to be configured. B. It does not require a Server profile. C. It simplifies user administration. D. It automatically adds new users to the appropriate group. E. It allows an administrator to write more granular policies.
C. It simplifies user administration. D. It automatically adds new users to the appropriate group. E. It allows an administrator to write more granular policies.
Explanation/Reference:
Question 157:
You receive notification about new malware that is being used to attack hosts The malware exploits a software bug in a common application. Which Security Profile detects and blocks access to this threat after you update the firewall's threat signature database?
A. Data Filtering Profile applied to outbound Security policy rules B. Antivirus Profile applied to outbound Security policy rules C. Data Filtering Profile applied to inbound Security policy rules D. Vulnerability Profile applied to inbound Security policy rules
D. Vulnerability Profile applied to inbound Security policy rules
Explanation/Reference:
Question 158:
Which tab would an administrator click to create an address object?
A. Device B. Policies C. Monitor D. Objects
D. Objects
Question 159:
What do application filters help provide access to?
A. Applications that are explicitly sanctioned for use within a company B. Applications that are not explicitly sanctioned and that a company wants users to be able to access C. Applications that are explicitly unsanctioned for use within a company D. Applications that are not explicitly unsanctioned and that a company wants users to be able to access
B. Applications that are not explicitly sanctioned and that a company wants users to be able to access
Question 160:
Which two statements are correct about App-ID content updates? (Choose two.)
A. Updated application content may change how security policy rules are enforced B. After an application content update, new applications must be manually classified prior to use C. Existing security policy rules are not affected by application content updates D. After an application content update, new applications are automatically identified and classified
A. Updated application content may change how security policy rules are enforced D. After an application content update, new applications are automatically identified and classified
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Palo Alto Networks exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your PCNSA exam preparations
and Palo Alto Networks certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.