Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

PCNSAFree trial

By palo-alto-networks

Verified

25Q per page

Question 76

Refer to the exhibit. An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and Host B (10.1.1.101) receives SSH traffic.

Which two Security policy rules will accomplish this configuration? (Choose two.)

A: Untrust (Any) to DMZ (1.1.1.100), ssh - Allow
B: Untrust (Any) to Untrust (10.1.1.1), web-browsing - Allow
C: Untrust (Any) to Untrust (10.1.1.1), ssh - Allow
D: Untrust (Any) to DMZ (10.1.1.100, 10.1.1.101), ssh, web-browsing - Allow
E: Untrust (Any) to DMZ (1.1.1.100), web-browsing - Allow

—

Question 77

Which type of profile must be applied to the Security policy rule to protect against buffer overflows, illegal code execution, and other attempts to exploit system flaws?

A: URL filtering
B: vulnerability protection
C: file blocking
D: anti-spyware

—

Question 78

Which interface does not require a MAC or IP address?

A: Virtual Wire
B: Layer3
C: Layer2
D: Loopback

—

Question 79

Starting with PAN-OS version 9.1, application dependency information is now reported in which two locations? (Choose two.)

A: on the App Dependency tab in the Commit Status window
B: on the Policy Optimizer's Rule Usage page
C: on the Application tab in the Security Policy Rule creation window
D: on the Objects > Applications browser pages

—

Question 80

What action will inform end users when their access to Internet content is being restricted?

A: Create a custom ג€URL Categoryג€ object with notifications enabled.
B: Publish monitoring data for Security policy deny logs.
C: Ensure that the ג€site accessג€ setting for all URL sites is set to ג€alertג€.
D: Enable ג€Response Pagesג€ on the interface providing Internet access.

—

Question 81

What is a recommended consideration when deploying content updates to the firewall from Panorama?

A: Before deploying content updates, always check content release version compatibility.
B: Content updates for firewall A/P HA pairs can only be pushed to the active firewall.
C: Content updates for firewall A/A HA pairs need a defined master device.
D: After deploying content updates, perform a commit and push to Panorama.

—

Question 82

Which information is included in device state other than the local configuration?

A: uncommitted changes
B: audit logs to provide information of administrative account changes
C: system logs to provide information of PAN-OS changes
D: device group and template settings pushed from Panorama

—

Question 83

Based on the graphic, what is the purpose of the SSL/TLS Service profile configuration option?

A: It defines the SSL/TLS encryption strength used to protect the management interface.
B: It defines the CA certificate used to verify the client's browser.
C: It defines the certificate to send to the client's browser from the management interface.
D: It defines the firewall's global SSL/TLS timeout values.

—

That’s the end of your free questions

You’ve reached the preview limit for PCNSA

Consider upgrading to gain full access!

Page 4 of 17 • Questions 76-100 of 414

←

2 3 4 5 6

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!