Practice Exams:

Free PCNSA Exam Braindumps

Pass your Palo Alto Networks Certified Network Security Administrator exam with these free Questions and Answers

Page 4 of 58
PDF with 287 Questions
QUESTION 11

An administrator has an IP address range in the external dynamic list and wants to create an exception for one specific IP address in this address range.
Which steps should the administrator take?

  1. A. Add the address range to the Manual Exceptions list and exclude the IP address by selecting the entry.
  2. B. Add each IP address in the range as a list entry and then exclude the IP address by adding it to the Manual Exceptions list.
  3. C. Select the address range in the List Entries lis
  4. D. A column will open with the IP addresse
  5. E. Select the entry to exclude.
  6. F. Add the specific IP address from the address range to the Manual Exceptions list by using regular expressions to define the entry.

Correct Answer: D

QUESTION 12

What is the main function of Policy Optimizer?

  1. A. reduce load on the management plane by highlighting combinable security rules
  2. B. migrate other firewall vendors’ security rules to Palo Alto Networks configuration
  3. C. eliminate “Log at Session Start” security rules
  4. D. convert port-based security rules to application-based security rules

Correct Answer: D

QUESTION 13

How many zones can an interface be assigned with a Palo Alto Networks firewall?

  1. A. two
  2. B. three
  3. C. four
  4. D. one

Correct Answer: D

QUESTION 14

If using group mapping with Active Directory Universal Groups, what must you do when configuring the User-ID?

  1. A. Create an LDAP Server profile to connect to the root domain of the Global Catalog server on port 3268 or 3269 for SSL
  2. B. Configure a frequency schedule to clear group mapping cache
  3. C. Configure a Primary Employee ID number for user-based Security policies
  4. D. Create a RADIUS Server profile to connect to the domain controllers using LDAPS on port 636 or 389

Correct Answer: B
PCNSA dumps exhibit If you have Universal Groups, create an LDAP server profile to connect to the root domain of the Global Catalog server on port 3268 or 3269 for SSL, then create another LDAP server profile to connect to the root domain controllers on port 389. This helps ensure that users and group information is available for all domains and subdomains.
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-users-to-groups

QUESTION 15

Which information is included in device state other than the local configuration?

  1. A. uncommitted changes
  2. B. audit logs to provide information of administrative account changes
  3. C. system logs to provide information of PAN-OS changes
  4. D. device group and template settings pushed from Panorama

Correct Answer: D

Page 4 of 58
PDF with 287 Questions

Post your Comments and Discuss Paloalto-Networks PCNSA exam with other Community members: