Scribd
Upload
158 views

PCNSA Exam - Free Questions and Answers - ITExams - Com-15

This document contains questions from a Palo Alto Networks Certified Network Security Administrator certification exam. It addresses topics like zero-trust firewall deployments, protocols for mapping usernames to user groups with User-ID, the definition of a zero-trust architecture, configuring a security policy to allow Telnet access from an internal zone to a DMZ zone, and the profile for configuring DNS Security features. The questions are multiple choice and include references to Palo Alto Networks documentation.

Uploaded by

amrulariffi.mppuitmsa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
158 views

PCNSA Exam - Free Questions and Answers - ITExams - Com-15

This document contains questions from a Palo Alto Networks Certified Network Security Administrator certification exam. It addresses topics like zero-trust firewall deployments, protocols for mapping usernames to user groups with User-ID, the definition of a zero-trust architecture, configuring a security policy to allow Telnet access from an internal zone to a DMZ zone, and the profile for configuring DNS Security features. The questions are multiple choice and include references to Palo Alto Networks documentation.

Uploaded by

amrulariffi.mppuitmsa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Palo Alto Networks Certified Network Security Administrator v1.

0 (PCNSA)
Page: 16 / 78
Total 394 questions      10 questions per page

Question 76 ( Single Topic ) 


Which data flow direction is protected in a zero-trust firewall deployment that is not protected in a perimeter-only firewall deployment?

A. north-south
B. inbound
C. outbound
D. east-west

Answer : D

Question 77 ( Single Topic ) 


Which protocol is used to map usernames to user groups when User-ID is configured?

A. TACACS+
B. SAML
C. LDAP
D. RADIUS

Answer : C

Reference:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-users-to-groups.html

Question 78 ( Single Topic ) 


Which definition describes the guiding principle of the zero-trust architecture?

A. trust, but verify


B. always connect and verify
C. never trust, never connect
D. never trust, always verify

Answer : D

Reference:
https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture

Question 79 ( Single Topic ) 


All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone.
Complete the two empty fields in the Security policy rules that permits only this type of access.

Source Zone: Internal -


Destination Zone: DMZ Zone -
Application: _________?
Service: ____________?

Action: allow -
(Choose two.)
A. Service = ‫ג‬€application-default‫ג‬€
B. Service = ‫ג‬€service-telnet‫ג‬€
C. Application = ‫ג‬€Telnet‫ג‬€
D. Application = ‫ג‬€any‫ג‬€

Answer : AC

Question 80 ( Single Topic ) 


In which profile should you configure the DNS Security feature?

A. Anti-Spyware Profile
B. Zone Protection Profile
C. Antivirus Profile
D. URL Filtering Profile

Answer : A

Reference:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/threat-prevention/dns-security/enable-dns-security.html

Page: 16 / 78
Total 394 questions  Previous Page Next Page     10 questions per page

You might also like