What is a prerequisite before enabling an administrative account which relies on a local firewall user database?
A. Configure an authentication policy
B. Configure an authentication sequence
C. Configure an authentication profile
D. Isolate the management interface on a dedicated management VLAN
In which profile should you configure the DNS Security feature?
A. URL Filtering Profile
B. Anti-Spyware Profile
C. Zone Protection Profile
D. Antivirus Profile
An administrator would like to see the traffic that matches the interzone-default rule in the traffic logs. What is the correct process to enable this logging?
A. Select the interzone-default rule and click Override; on the Actions tab, select Log at Session End and click OK.
B. Select the interzone-default rule and edit the rule; on the Actions tab, select Log at Session End and click OK.
C. Select the interzone-default rule and edit the rule; on the Actions tab, select Log at Session Start and click OK.
D. This rule has traffic logging enabled by default; no further action is required.
A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base.
On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days.
Based on the information, how is the SuperApp traffic affected after the 30 days have passed?
A. All traffic matching the SuperApp_chat, and SuperApp_download is denied because it no longer matches the SuperApp-base application
B. No impact because the apps were automatically downloaded and installed
C. No impact because the firewall automatically adds the rules to the App-ID interface
D. All traffic matching the SuperApp_base, SuperApp_chat, and SuperApp_download is denied until the security administrator approves the applications
What must be considered with regards to content updates deployed from Panorama?
A. Content update schedulers need to be configured separately per device group.
B. Panorama can only install up to five content versions of the same type for potential rollback scenarios.
C. A PAN-OS upgrade resets all scheduler configurations for content updates.
D. Panorama can only download one content update at a time for content updates of the same type.
For the firewall to use Active Directory to authenticate users, which Server Profile is required in the Authentication Profile?
A. TACACS+
B. RADIUS
C. LDAP
D. SAML
You receive notification about new malware that is being used to attack hosts The malware exploits a software bug in a common application. Which Security Profile detects and blocks access to this threat after you update the firewall's threat signature database?
A. Data Filtering Profile applied to outbound Security policy rules
B. Antivirus Profile applied to outbound Security policy rules
C. Data Filtering Profile applied to inbound Security policy rules
D. Vulnerability Profile applied to inbound Security policy rules
Which two statements are correct about App-ID content updates? (Choose two.)
A. Updated application content may change how security policy rules are enforced
B. After an application content update, new applications must be manually classified prior to use
C. Existing security policy rules are not affected by application content updates
D. After an application content update, new applications are automatically identified and classified
Which two Palo Alto Networks security management tools provide a consolidated creation of policies, centralized management and centralized threat intelligence. (Choose two.)
A. GlobalProtect
B. Panorama
C. Aperture
D. AutoFocus
A website is unexpectedly allowed due to miscategorization.
What are two ways to resolve this issue for a proper response? (Choose two.)
A. Identify the URL category being assigned to the website. Edit the active URL Filtering profile and update that category's site access settings to block.
B. Create a URL category and assign the affected URL. Update the active URL Filtering profile site access setting for the custom URL category to block.
C. Review the categorization of the website on https://urlfiltering.paloaltonetworks.com. Submit for "request change*, identifying the appropriate categorization, and wait for confirmation before testing again.
D. Create a URL category and assign the affected URL. Add a Security policy with a URL category qualifier of the custom URL category below the original policy. Set the policy action to Deny.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PCNSA exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.