PCNSA Free Practice Test

Which type security policy rule would match traffic flowing between the inside zone and outside zone within the inside zone and within the outside zone?

1. A. global
2. B. universal
3. C. intrazone
4. D. interzone

Correct Answer: B

Based on the screenshot what is the purpose of the group in User labelled ''it"?

1. A. Allows users to access IT applications on all ports
2. B. Allows users in group "DMZ" lo access IT applications
3. C. Allows "any" users to access servers in the DMZ zone
4. D. Allows users in group "it" to access IT applications

Correct Answer: D

Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)

1. A. The web session was unsuccessfully decrypted.
2. B. The traffic was denied by security profile.
3. C. The traffic was denied by URL filtering.
4. D. The web session was decrypted.

Correct Answer: D

Which User-ID mapping method should be used for an environment with clients that do not authenticate to Windows Active Directory?

1. A. Windows session monitoring via a domain controller
2. B. passive server monitoring using the Windows-based agent
3. C. Captive Portal
4. D. passive server monitoring using a PAN-OS integrated User-ID agent

Correct Answer: C
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/user-id/map-ip-addresses-to-users/map-ip-addres

Starting with PAN_OS version 9.1 which new type of object is supported for use within the user field of a security policy rule?

1. A. local username
2. B. dynamic user group
3. C. remote username
4. D. static user group

Correct Answer: B