Download Palo Alto Networks Certified Network Security Administrator.train4sure.PCNSA.2019-12-04.1e.44q.vcex

Which firewall plane provides configuration, logging, and reporting functions on a separate processor?

• A: control
• B: network processing
• C: data
• D: security processing

Correct Answer: A

A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_base.  
On a content update notice, Palo Alto Networks is adding new app signatures labeled SuperApp_chat and SuperApp_download, which will be deployed in 30 days.  
Based on the information, how is the SuperApp traffic affected after the 30 days have passed?

• A: All traffic matching the SuperApp_chat, and SuperApp_download is denied because it no longer matches the SuperApp-base application
• B: No impact because the apps were automatically downloaded and installed
• C: No impact because the firewall automatically adds the rules to the App-ID interface
• D: All traffic matching the SuperApp_base, SuperApp_chat, and SuperApp_download is denied until the security administrator approves the applications

Correct Answer: C

How many zones can an interface be assigned with a Palo Alto Networks firewall?

• A: two
• B: three
• C: four
• D: one

Correct Answer: D

Which data-plane processor layer of the graphic shown provides uniform matching for spyware and vulnerability exploits on a Palo Alto Networks Firewall?  

• A: Signature Matching
• B: Network Processing
• C: Security Processing
• D: Security Matching

Correct Answer: A

Which two statements are correct about App-ID content updates? (Choose two.)

• A: Updated application content may change how security policy rules are enforced
• B: After an application content update, new applications must be manually classified prior to use
• C: Existing security policy rules are not affected by application content updates
• D: After an application content update, new applications are automatically identified and classified

Correct Answer: CD

An administrator needs to allow users to use their own office applications. How should the administrator configure the firewall to allow multiple applications in a dynamic environment?

• A: Create an Application Filter and name it Office Programs, then filter it on the business-systems category, office-programs subcategory
• B: Create an Application Group and add business-systems to it
• C: Create an Application Filter and name it Office Programs, then filter it on the business-systems category
• D: Create an Application Group and add Office 365, Evernote, Google Docs, and Libre Office

Correct Answer: B

Employees are shown an application block page when they try to access YouTube. Which security policy is blocking the YouTube application? 

• A: intrazone-default
• B: Deny Google
• C: allowed-security services
• D: interzone-default

Correct Answer: D

Which interface does not require a MAC or IP address?

• A: Virtual Wire
• B: Layer3
• C: Layer2
• D: Loopback

Correct Answer: A

What are two differences between an implicit dependency and an explicit dependency in App-ID? (Choose two.)

• A: An implicit dependency does not require the dependent application to be added in the security policy
• B: An implicit dependency requires the dependent application to be added in the security policy
• C: An explicit dependency does not require the dependent application to be added in the security policy
• D: An explicit dependency requires the dependent application to be added in the security policy

Correct Answer: AD

Which User-ID agent would be appropriate in a network with multiple WAN links, limited network bandwidth, and limited firewall management plane resources?

• A: Windows-based agent deployed on the internal network
• B: PAN-OS integrated agent deployed on the internal network
• C: Citrix terminal server deployed on the internal network
• D: Windows-based agent deployed on each of the WAN Links

Correct Answer: A