Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

PCNSA Study Guide Exam 47 Questions with Verified Answers,100% CORRECT, Exams of Business Fundamentals

PCNSA Study Guide Exam 47 Questions with Verified Answers

Typology: Exams

2023/2024

Available from 08/16/2024

paul-kamau-2
paul-kamau-2 🇺🇸

2.7

(3)

3.2K documents

1 / 6

Toggle sidebar

Related documents


Partial preview of the text

Download PCNSA Study Guide Exam 47 Questions with Verified Answers,100% CORRECT and more Exams Business Fundamentals in PDF only on Docsity! PCNSA Study Guide Exam 47 Questions with Verified Answers Which steps of the cyberattack lifecycle is used by an attacker to carefully plan their atacks? - CORRECT ANSWER Reconissance Which typical application use can be a gray area on whether the application should be enabled or blocked? - CORRECT ANSWER Tolerated What is the application database that Palo Alto Networks uses along with App-ID to identify applications? - CORRECT ANSWER applipedia.com Which tool provides a simple workflow to migrate your legacy or port-based Security policy rulebase to an App-ID-based rulebase? - CORRECT ANSWER Policy Optimizer Which tool enables you to migrate existing rules from a legacy firewall to a Palo Alto Networks Next-Generation Firewall? - CORRECT ANSWER Expedition Which phase of the migration process would you use to add application-base rules above the corresponding port-based rules? - CORRECT ANSWER Phase 2 Which VM-Series firewall does *NOT* currently support Device-ID? - CORRECT ANSWER VM-50 T/F. The IoT Security app approach starts by identifying and classifying the devices in your network? - CORRECT ANSWER True Which Level of Device Classification classifies the device based on the vendor and model? - CORRECT ANSWER Third level Which Policy Configuration example did the administrator enable policies to allow Cisco VoIP devices to access only the required applications? - CORRECT ANSWER Allow access based on device identity Which Level of Device Classification identifies the industry in which the device operates? - CORRECT ANSWER First level Organizations that have not enabled User-ID for visibility create Security policies based on which of the following? - CORRECT ANSWER IP address T/F. User-ID enables security teams to define policy rules on firewalls to safely enable applications and control access based on users or groups of users - CORRECT ANSWER True At which step of the User-ID roadmap would you employ a IP-to-user mapping strategy? - CORRECT ANSWER Implement user visibility What could a SOC analyst use to trigger selective actions on the firewall that will be enforced immediately? - CORRECT ANSWER Dynamic user groups What is the maximum number of agents that you can add for data redistribution? - CORRECT ANSWER 100 What percentage of malware campaigns are expected to use some type of encryption? - CORRECT ANSWER 70 percent T/F. Data Loss and Compliance checks stop the loss of sensitive data such as personally identifiable information (PII) and intellectual property (IP). - CORRECT ANSWER True Which of the following identifies and prevents corporate computer and internet usage policy violations? - CORRECT ANSWER Phishing and Credential Attacks Which time frame within the decryption rollout is considered the most critical and is the time when you eliminate most problems and move to your user base? - CORRECT ANSWER days 0-30 Which protocol offers improved security, performance, and privacy benefits over the previous versions? - CORRECT ANSWER TLS 1.3 To authenticate users, what do Google, Azure and Okta need configured in the Cloud Identity Engine? - CORRECT ANSWER a SAML 2.0 based identity provide (IdP) When you configure to activate Cloud Identity Engine, what required information do you need to provide? - CORRECT ANSWER -Region -Company account -Name To collect attributes from your Active Directory and synchronize them with the Cloud Identity Engine, which three versions of TLS encryption is supported? - CORRECT ANSWER -TLS 1.1 -TLS 1.2 -TLS 1.3 T/F. You do not need to install or configure a Cloud Identity agent to collect attributes from a cloud-based direcdtory? - CORRECT ANSWER True To set up the Cloud Identity Engine, which two required tasks will you need to perform? - CORRECT ANSWER -Log in to the Cloud Identity Engine app on the hub to generate a certificate to authenticate the agent and the Cloud Identity Engine -Associate the Cloud Identity Engine with Palo alto Networks apps to select which apps can use your directory information The cloud Identity Engine allows you to write security policy based on which two of the following? - CORRECT ANSWER -Groups -Users The components of the Cloud Identity Engine deployment vary based on which two of the following factors? - CORRECT ANSWER -Whether the Cloud Identity Engine is accessing an on-premises directory (Active Directory) -Whether the Cloud Identity Engine is accessing a cloud-based directory (Azure Active Directory) Which two actions do you need to perform to use the Cloud Identity Engine with an on-premises Active Directory? - CORRECT ANSWER -Access the Cloud Identity Engine app on the hub so you can manage your Cloud Identity Engine instances and Cloud Identity agents -Install the cloud Identity agent on a Windows server (the agent host) and configure it to connect to your Active Directory and the cloud Identity Engine Which two planes are found in the Palo Alto Networks single-pass platform architecture? - CORRECT ANSWER -Control -Data Which object cannot be segmented using virtual systems on a firewall? - CORRECT ANSWER MGT interface What are the two attributes of the dedicated out-of-band network management port in Palo Alto Networks Firewalls? - CORRECT ANSWER -Labeled MGT by default -Cannot be configured as a standard traffic port T/F. To register a hardware firewall, you will need the firewall's serial number? - CORRECT ANSWER True In the web interface, what is signified when a text box is highlighted in red? - CORRECT ANSWER The value in the text box is required T/F. Service routes can be used to configure an in-band port to access external services. - CORRECT ANSWER True