Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. PCNSA

Free Palo Alto Networks PCNSA Exam Braindumps (page: 15)

Page 15 of 98
PDF with 420 Questions

An administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact and command-and-control (C2) server.
Which security profile components will detect and prevent this threat after the firewall's signature database has been updated?

  1. antivirus profile applied to outbound security policies
  2. data filtering profile applied to inbound security policies
  3. data filtering profile applied to outbound security policies
  4. vulnerability profile applied to inbound security policies

Answer(s): A



Which update option is not available to administrators?

  1. New Spyware Notifications
  2. New URLs
  3. New Application Signatures
  4. New Malicious Domains
  5. New Antivirus Signatures

Answer(s): B



A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone. What configuration-changes should the Firewall-admin make?

  1. Create a custom-service-object called SERVICE-SSH for destination-port-TCP-22. Create a security-rule between zone USERS and OUTSIDE to allow traffic from any source IP-address to any destination IP-address for SERVICE-SSH
  2. Create a security-rule that allows traffic from zone USERS to OUTSIDE to allow traffic from any source IP-address to any destination IP-address for application SSH
  3. In addition to option a, a custom-service-object called SERVICE-SSH-RETURN that contains source-port-TCP-22 should be created. A second security-rule is required that allows traffic from zone OUTSIDE to USERS for SERVICE-SSH-RETURN for any source-IP-address to any destination-Ip-address
  4. In addition to option c, an additional rule from zone OUTSIDE to USERS for application SSH from any source-IP-address to any destination-IP-address is required to allow the return-traffic from the SSH-servers to reach the server-admin

Answer(s): B



How often does WildFire release dynamic updates?

  1. every 5 minutes
  2. every 15 minutes
  3. every 60 minutes
  4. every 30 minutes

Answer(s): A


Reference:

https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-new-features/wildfire-features/five-minute-wildfire-updates



Viewing page 15 of 98
Viewing questions 57 - 60 out of 420 questions



Post your Comments and Discuss Palo Alto Networks PCNSA exam prep with other Community members:

PCNSA Exam Discussions & Posts