PCNSA Certification Practice Exam 2023

Text Material Preview

https://www.certspots.com/exam/pcnsa/
PCNSA Certification
Real Dumps
Certspots
PCNSA Certification Real Dumps
1. Which Security profile must be added to Security policies to enable 
DNS Signatures to be checked?
A. URL Filtering
B. Vulnerability Protection
C. Anti-Spyware
D. Antivirus
Answer: C
PCNSA Certification Real Dumps
2. In order to protect users against exploit kits that exploit a 
vulnerability and then automatically download malicious payloads, 
which Security profile should be configured?
A. Anti-Spyware
B. WildFire
C. Vulnerability Protection
D. Antivirus
Answer: C
PCNSA Certification Real Dumps
3. Which license is required to use the Palo Alto Networks built-in IP 
address EDLs?
A. DNS Security
B. Threat Prevention
C. WildFire
D. SD-Wan
Answer: B
PCNSA Certification Real Dumps
4. An internal host wants to connect to servers of the internet through 
using source NAT.
Which policy is required to enable source NAT on the firewall?
A. NAT policy with source zone and destination zone specified
B. post-NAT policy with external source and any destination address
C. NAT policy with no source of destination zone selected
D. pre-NAT policy with external source and any destination address
Answer: A
PCNSA Certification Real Dumps
5. What are three characteristics of the Palo Alto Networks DNS 
Security service? (Choose three.)
A. It uses techniques such as DGA/DNS tunneling detection and 
machine learning
B. It requires a valid Threat Prevention license.
C. It enables users to access real-time protections using advanced 
predictive analytics.
D. It requires a valid URL Filtering license.
E. It requires an active subscription to a third-party DNS Security 
service.
Answer: ABC
PCNSA Certification Real Dumps
6. You receive notification about a new malware that infects hosts. An 
infection results in the infected host attempting to contact a 
command-and-control server.
Which Security Profile when applied to outbound Security policy rules 
detects and prevents this threat from establishing a command-and-
control connection?
A. Antivirus Profile
B. Data Filtering Profile
C. Vulnerability Protection Profile
D. Anti-Spyware Profile
Answer: D
PCNSA Certification Real Dumps
7. In which profile should you configure the DNS Security feature?
A. Anti-Spyware Profile
B. Zone Protection Profile
C. Antivirus Profile
D. URL Filtering Profile
Answer: A
PCNSA Certification Real Dumps
8. You receive notification about a new malware that infects hosts. An 
infection results in the infected host attempting to contact a command-and-
control server.
Which Security Profile detects and prevents this threat from establishing a 
command-and-control connection?
A. Vulnerability Protection Profile applied to outbound Security policy rules.
B. Anti-Spyware Profile applied to outbound security policies.
C. Antivirus Profile applied to outbound Security policy rules
D. Data Filtering Profile applied to outbound Security policy rules.
Answer: B
PCNSA Certification Real Dumps
9. Which two settings allow you to restrict access to the management 
interface? (Choose two )
A. enabling the Content-ID filter
B. administrative management services
C. restricting HTTP and telnet using App-ID
D. permitted IP addresses
Answer: AC
PCNSA Certification Real Dumps
10. An internal host wants to connect to servers of the internet 
through using source NAT.
Which policy is required to enable source NAT on the firewall?
A. NAT policy with source zone and destination zone specified
B. post-NAT policy with external source and any destination address
C. NAT policy with no source of destination zone selected
D. pre-NAT policy with external source and any destination address
Answer: A