PCNSA Free Practice Test

Refer to the exhibit. A web server in the DMZ is being mapped to a public address through DNAT.

Which Security policy rule will allow traffic to flow to the web server?

1. A. Untrust (any) to DMZ (10.1.1.100), web browsing -Allow
2. B. Untrust (any) to Untrust (1.1.1.100), web browsing - Allow
3. C. Untrust (any) to Untrust (10.1.1.100), web browsing -Allow
4. D. Untrust (any) to DMZ (1.1.1.100), web browsing - Allow

Correct Answer: D

Which statements is true regarding a Heatmap report?

1. A. When guided by authorized sales engineer, it helps determine te areas of greatest security risk.
2. B. It provides a percentage of adoption for each assessment area.
3. C. It runs only on firewall.
4. D. It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture.

Correct Answer: B

Which object would an administrator create to block access to all high-risk applications?

1. A. HIP profile
2. B. application filter
3. C. application group
4. D. Vulnerability Protection profile

Correct Answer: B

A network administrator is required to use a dynamic routing protocol for network connectivity.
Which three dynamic routing protocols are supported by the NGFW Virtual Router for this purpose? (Choose three.)

1. A. RIP
2. B. OSPF
3. C. IS-IS
4. D. EIGRP
5. E. BGP

Correct Answer: ABE

An administrator wants to create a No-NAT rule to exempt a flow from the default NAT rule. What is the best way to do this?

1. A. Create a Security policy rule to allow the traffic.
2. B. Create a new NAT rule with the correct parameters and leave the translation type as None
3. C. Create a static NAT rule with an application override.
4. D. Create a static NAT rule translating to the destination interface.

Correct Answer: B