• Home
  • Articles
  • PCNSA Pre-Exam Practice Tests (Updated 164 Questions) [Q80-Q102]

PCNSA Pre-Exam Practice Tests (Updated 164 Questions) [Q80-Q102]

Share

PCNSA Pre-Exam Practice Tests | (Updated 164 Questions)

Valid PCNSA Exam Q&A PDF - One Year Free Update

NEW QUESTION 80
The PowerBall Lottery has reached an unusually high value this week. Your company has decided to raise morale by allowing employees to access the PowerBall Lottery website (www.powerball.com) for just this week. However, the company does not want employees to access any other websites also listed in the URL filtering "gambling" category.
Which method allows the employees to access the PowerBall Lottery website but without unblocking access to the "gambling" URL category?

  • A. Add *.powerball.com to the URL Filtering allow list.
  • B. Add just the URL www.powerball.com to a Security policy allow rule.
  • C. Create a custom URL category, add *.powerball.com to it and allow it in the Security Profile.
  • D. Manually remove powerball.com from the gambling URL category.

Answer: A,C

 

NEW QUESTION 81
Which definition describes the guiding principle of the zero-trust architecture?

  • A. always connect and verify
  • B. never trust, never connect
  • C. trust, but verify
  • D. never trust, always verify

Answer: D

Explanation:
Explanation/Reference: https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture

 

NEW QUESTION 82
Match the network device with the correct User-ID technology.

Answer:

Explanation:

Explanation
Microsoft Exchange - Server monitoring
Linux authentication - syslog monitoring
Windows Client - client probing
Citrix client - Terminal Services agent

 

NEW QUESTION 83
Which action results in the firewall blocking network traffic with out notifying the sender?

  • A. Reset Client
  • B. Drop
  • C. Deny
  • D. Reset Server

Answer: C

 

NEW QUESTION 84
How many zones can an interface be assigned with a Palo Alto Networks firewall?

  • A. one
  • B. two
  • C. three
  • D. four

Answer: A

 

NEW QUESTION 85
Which administrator type provides more granular options to determine what the administrator can view and modify when creating an administrator account?

  • A. Root
  • B. Superuser
  • C. Dynamic
  • D. Role-based

Answer: D

 

NEW QUESTION 86
Based on the screenshot what is the purpose of the group in User labelled ''it"?

  • A. Allows users to access IT applications on all ports
  • B. Allows users in group "DMZ" lo access IT applications
  • C. Allows users in group "it" to access IT applications
  • D. Allows "any" users to access servers in the DMZ zone

Answer: C

 

NEW QUESTION 87
Which User-ID agent would be appropriate in a network with multiple WAN links, limited network bandwidth, and limited firewall management plane resources?

  • A. Windows-based agent deployed on the internal network
  • B. Citrix terminal server deployed on the internal network
  • C. Windows-based agent deployed on each of the WAN Links
  • D. PAN-OS integrated agent deployed on the internal network

Answer: A

Explanation:
Another reason to choose the Windows agent over the integrated PAN-OS agent is to save processing cycles on the firewall's management plane.

 

NEW QUESTION 88
Actions can be set for which two items in a URL filtering security profile? (Choose two.)

  • A. PAN-DB URL Categories
  • B. Custom URL Categories
  • C. Block List
  • D. Allow List

Answer: A,B

Explanation:
Explanation
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000boO3CAI

 

NEW QUESTION 89
An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?

  • A. perimeter traffic
  • B. branch office traffic
  • C. north-south traffic
  • D. east-west traffic

Answer: D

 

NEW QUESTION 90
An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact a command-and-control (C2) server. Which two security profile components will detect and prevent this threat after the firewall's signature database has been updated? (Choose two.)

  • A. vulnerability protection profile applied to outbound security policies
  • B. URL filtering profile applied to outbound security policies
  • C. anti-spyware profile applied to outbound security policies
  • D. antivirus profile applied to outbound security policies

Answer: B,C

Explanation:
References:

 

NEW QUESTION 91
You receive notification about a new malware that infects hosts. An infection results in the infected host attempting to contact a command-and-control server.
Which Security Profile detects and prevents this threat from establishing a command-and-control connection?

  • A. Antivirus Profile applied to outbound Security policy rules
  • B. Data Filtering Profile applied to outbound Security policy rules.
  • C. Vulnerability Protection Profile applied to outbound Security policy rules.
  • D. Anti-Spyware Profile applied to outbound security policies.

Answer: D

 

NEW QUESTION 92
Complete the statement. A security profile can block or allow traffic.

  • A. before it is evaluated by a security policy
  • B. after it is evaluated by a security policy that allows traffic
  • C. on unknown-tcp or unknown-udp traffic
  • D. after it is evaluated by a security policy that allows or blocks traffic

Answer: B

Explanation:
Security profiles are not used in the match criteria of a traffic flow. The security profile is applied to scan traffic after the application or category is allowed by the security policy.

 

NEW QUESTION 93
Based on the security policy rules shown, ssh will be allowed on which port?

  • A. the default port
  • B. only ephemeral ports
  • C. same port as ssl and snmpv3
  • D. any port

Answer: A

 

NEW QUESTION 94
Based on the graphic which statement accurately describes the output shown in the server monitoring panel?

  • A. The host lab-client has been found by a domain controller.
  • B. The host lab-client has been by the User-ID agent.
  • C. The User-ID agent is connected to a domain controller labeled lab client.

Answer: C

 

NEW QUESTION 95
An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?

  • A. Create an Application Filter and name it Office Programs, then filter it on the business-systems category, office-programs subcategory
  • B. Create an Application Group and add Office 365, Evernote, Google Docs, and Libre Office
  • C. Create an Application Filter and name it Office Programs, then filter it on the business-systems category
  • D. Create an Application Group and add business-systems to it

Answer: D

 

NEW QUESTION 96
Which statement is true regarding a Best Practice Assessment?

  • A. The BPA tool can be run only on firewalls
  • B. It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture
  • C. It provides a percentage of adoption for each assessment data
  • D. The assessment, guided by an experienced sales engineer, helps determine the areas of greatest risk where you should focus prevention activities

Answer: B

 

NEW QUESTION 97
Which path in PAN-OS 10.0 displays the list of port-based security policy rules?

  • A. Policies> Security> Rule Usage> Unused Apps
  • B. Policies> Security> Rule Usage> Port only specified
  • C. Policies> Security> Rule Usage> No App Specified
  • D. Policies> Security> Rule Usage> Port-based Rules

Answer: C

Explanation:
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/security-policy-rule-optimization/migrate-port-based-to-app-id-based-security-policy-rules.html

 

NEW QUESTION 98
Which two App-ID applications will you need to allow in your Security policy to use facebook-chat? (Choose two.)

  • A. facebook-base
  • B. facebook-chat
  • C. facebook-email
  • D. facebook

Answer: A,B

Explanation:
Explanation/Reference: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClV0CAK

 

NEW QUESTION 99
The firewall sends employees an application block page when they try to access Youtube.
Which Security policy rule is blocking the youtube application?

  • A. intrazone-default
  • B. allowed-security services
  • C. Deny Google
  • D. interzone-default

Answer: D

 

NEW QUESTION 100
Which operations are allowed when working with App-ID application tags?

  • A. Predefined tags may be augmented by custom tags.
  • B. Predefined tags may be deleted.
  • C. Predefined tags may be modified.
  • D. Predefined tags may be updated by WildFire dynamic updates.

Answer: A

 

NEW QUESTION 101
Based on the screenshot presented, which column contains the link that when clicked, opens a window to display all applications matched to the policy rule?

  • A. Name
  • B. Apps Allowed
  • C. Apps Seen
  • D. Service

Answer: A

 

NEW QUESTION 102
......

Palo Alto Networks Certified Network Security Administrator Free Update Certification Sample Questions: https://www.dumpexam.com/PCNSA-valid-torrent.html

Trend for Palo Alto Networks PCNSA pdf dumps before actual exam: https://drive.google.com/open?id=1Ltm_Kj3YHYkZlBSjP1iiAfph3ao25WUA

Related Articles

more
Palo Alto Networks PCNSA Certification Practice Exam

DumpExam exam dump materials and dumps PDF will assist you pass certificate exams certainly. We guarantee your money safety and provide you worry-free shopping. Best exam dump, valid dumps PDF, accurate exam materials is here waiting for you.

Latest Exam Dump

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 DumpExam NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy