Which type firewall configuration contains in-progress configuration changes?
A. backup
B. running
C. candidate
D. committed
What are the two default behaviors for the intrazone-default policy? (Choose two.)
A. Allow
B. Logging disabled
C. Log at Session End
D. Deny
Assume that traffic matches a Security policy rule but the attached Security Profiles is configured to block matching traffic. Which statement accurately describes how the firewall will apply an action to matching traffic?
A. If it is an allowed rule, then the Security Profile action is applied last
B. If it is a block rule then the Security policy rule action is applied last
C. If it is an allow rule then the Security policy rule is applied last
D. If it is a block rule then Security Profile action is applied last
An administrator needs to create a Security policy rule that matches DNS traffic within the LAN zone, and also needs to match DNS traffic within the DMZ zone The administrator does not want to allow traffic between the DMZ and LAN zones. Which Security policy rule type should they use?
A. default
B. universal
C. intrazone
D. interzone
An administrator is reviewing another administrator s Security policy log settings. Which log setting configuration is consistent with best practices tor normal traffic?
A. Log at Session Start and Log at Session End both enabled
B. Log at Session Start disabled Log at Session End enabled
C. Log at Session Start enabled Log at Session End disabled
D. Log at Session Start and Log at Session End both disabled
What is a function of application tags?
A. creation of new zones
B. application prioritization
C. automated referenced applications in a policy
D. IP address allocations in DHCP
Which three types of authentication services can be used to authenticate user traffic flowing through the firewalls data plane? (Choose three )
A. TACACS
B. SAML2
C. SAML10
D. Kerberos
E. TACACS+
An address object of type IP Wildcard Mask can be referenced in which part of the configuration?
A. Security policy rule
B. ACC global filter
C. external dynamic list
D. NAT address pool
An administrator wishes to follow best practices for logging traffic that traverses the firewall Which log setting is correct?
A. Disable all logging
B. Enable Log at Session End
C. Enable Log at Session Start
D. Enable Log at both Session Start and End
What is an advantage for using application tags?
A. They are helpful during the creation of new zones
B. They help with the design of IP address allocations in DHCP.
C. They help content updates automate policy updates
D. They help with the creation of interfaces
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PCNSA exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.