[May-2022]New Braindump2go PCNSA PDF Dumps(Q254-Q266)

QUESTION 254

Which DNS Query action is recommended for traffic that is allowed by Security policy and matches Palo Alto Networks Content DNS Signatures?


A.block

B.sinkhole

C.alert

D.allow


Answer: B


QUESTION 255

Which stage of the cyber-attack lifecycle makes it important to provide ongoing education to users on spear phishing links, unknown emails, and risky websites?


A.reconnaissance

B.delivery

C.exploitation

D.installation


Answer: B


QUESTION 256

What are three factors that can be used in domain generation algorithms? (Choose three.)


A.cryptographic keys

B.time of day

C.other unique values

D.URL custom categories

E.IP address


Answer: ABC


QUESTION 257

Which action would an administrator take to ensure that a service object will be available only to the selected device group?


A.create the service object in the specific template

B.uncheck the shared option

C.ensure that disable override is selected

D.ensure that disable override is cleared


Answer: D


QUESTION 258

If using group mapping with Active Directory Universal Groups, what must you do when configuring the User-ID?


A.Create an LDAP Server profile to connect to the root domain of the Global Catalog server on port 3268 or 3269 for SSL

B.Configure a frequency schedule to clear group mapping cache

C.Configure a Primary Employee ID number for user-based Security policies

D.Create a RADIUS Server profile to connect to the domain controllers using LDAPS on port 636 or


Answer: A


QUESTION 259

Which administrative management services can be configured to access a management interface?


A.HTTP, CLI, SNMP, HTTPS

B.HTTPS, SSH telnet SNMP

C.SSH: telnet HTTP, HTTPS

D.HTTPS, HTTP. CLI, API


Answer: D


QUESTION 260

Which feature would be useful for preventing traffic from hosting providers that place few restrictions on content, whose services are frequently used by attackers to distribute illegal or unethical material?


A.Palo Alto Networks Bulletproof IP Addresses

B.Palo Alto Networks C&C IP Addresses

C.Palo Alto Networks Known Malicious IP Addresses

D.Palo Alto Networks High-Risk IP Addresses


Answer: A


QUESTION 261

Which attribute can a dynamic address group use as a filtering condition to determine its membership?


A.tag

B.wildcard mask

C.IP address

D.subnet mask


Answer: A


QUESTION 262

View the diagram. What is the most restrictive yet fully functional rule to allow general Internet and SSH traffic into both the DMZ and Untrust/lnternet zones from each of the lOT/Guest and Trust Zones?


A.

B.

C.

D.


Answer: C


QUESTION 263

An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains.

Which type of single unified engine will get this result?


A.User-ID

B.App-ID

C.Security Processing Engine

D.Content-ID


Answer: A


QUESTION 264

Which solution is a viable option to capture user identification when Active Directory is not in use?


A.Cloud Identity Engine

B.group mapping

C.Directory Sync Service

D.Authentication Portal


Answer: D


QUESTION 265

You receive notification about a new malware that infects hosts. An infection results in the infected host attempting to contact a command-and-control server. Which Security Profile when applied to outbound Security policy rules detects and prevents this threat from establishing a command-and-control connection?


A.Antivirus Profile

B.Data Filtering Profile

C.Vulnerability Protection Profile

D.Anti-Spyware Profile


Answer: D

Explanation:

Anti-Spyware Security Profiles block spyware on compromised hosts from trying to communicate with external command-and-control (C2) servers, thus enabling you to detect malicious traffic leaving the network from infected clients.


QUESTION 266

Which built-in IP address EDL would be useful for preventing traffic from IP addresses that are verified as unsafe based on WildFire analysis Unit 42 research and data gathered from telemetry?


A.Palo Alto Networks C&C IP Addresses

B.Palo Alto Networks Bulletproof IP Addresses

C.Palo Alto Networks High-Risk IP Addresses

D.Palo Alto Networks Known Malicious IP Addresses


Answer: D

2022 Latest Braindump2go PCNSA PDF and PCNSA VCE Dumps Free Share:

https://drive.google.com/drive/folders/1_IuXSO289LtQJX5BZt3iARfEaVckaP-x?usp=sharing

4.7 Star App Store Review!
Cpl.dev***uke
The Communities are great you rarely see anyone get in to an argument :)
king***ing
Love Love LOVE
Download

Select Collections