合格させるPalo Alto Networks PCNSAにはJPNTest提供の試験問題集で2024年11月更新
完全版最新のPCNSA問題集、100%カバー率問題と解答があなたをリアル試験で合格させる
Palo Alto Networks PCNSA 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
質問 # 77
An administrator is updating Security policy to align with best practices.
Which Policy Optimizer feature is shown in the screenshot below?
- A. Rules without App Controls
- B. Rule Usage - Unused
- C. New App Viewer
- D. Unused Apps
正解:A
解説:
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/app-id/security-policy-rule- optimization/migrate-port-based-to-app-id-based-security-policy-rules
質問 # 78
Which update option is not available to administrators?
- A. New Antivirus Signatures
- B. New Application Signatures
- C. New Spyware Notifications
- D. New URLs
- E. New Malicious Domains
正解:D
解説:
Explanation/Reference:
質問 # 79
The CFO found a USB drive in the parking lot and decide to plug it into their corporate laptop. The USB drive had malware on it that loaded onto their computer and then contacted a known command and control (CnC) server, which ordered the infected machine to begin Exfiltrating data from the laptop.
Which security profile feature could have been used to prevent the communication with the CnC server?
- A. Create an antivirus profile and enable DNS Sinkhole
- B. Create an anti-spyware profile and enable DNS Sinkhole
- C. Create a security policy and enable DNS Sinkhole
- D. Create a URL filtering profile and block the DNS Sinkhole category
正解:B
解説:
Explanation/Reference: https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-web-interface-help/objects/objects-security- profiles-anti-spyware-profile
質問 # 80
Given the screenshot what two types of route is the administrator configuring? (Choose two )
- A. static route
- B. default route
- C. BGP
- D. OSPF
正解:B
質問 # 81
An administrator would like to block access to a web server, while also preserving resources and minimizing half-open sockets. What are two security policy actions the administrator can select?
(Choose two.)
- A. Reset both
- B. Deny
- C. Reset server
- D. Drop
正解:A、C
解説:
Palo Alto Networks firewall protection is based on application intelligence, so in the case of TCP, a TCP session must be established before the application can be discovered. However, after a TCP session has been established, silent dropping of packets without sending a TCP reset can be dangerous. The "drop" action could break the application and cause it to misbehave. An application might hang, continue to send packets, or unnecessarily hold system resources open.
Therefore, the default "deny" action defined for more than half of the applications recognized by the firewall is to send a TCP reset.
質問 # 82
After making multiple changes to the candidate configuration of a firewall, the administrator would like to start over with a candidate configuration that matches the running configuration.
Which command in Device > Setup > Operations would provide the most operationally efficient way to accomplish this?
- A. Import named config snapshot
- B. Revert to last saved configuration
- C. Load named configuration snapshot
- D. Revert to running configuration
正解:D
質問 # 83
Given the topology, which zone type should zone A and zone B to be configured with?
- A. Virtual Wire
- B. Tap
- C. Layer3
- D. Layer2
正解:C
質問 # 84
Order the steps needed to create a new security zone with a Palo Alto Networks firewall.
正解:
解説:
質問 # 85
Arrange the correct order that the URL classifications are processed within the system.
正解:
解説:
Explanation:
First - Block List
Second - Allow List
Third - Custom URL Categories
Fourth - External Dynamic Lists
Fifth - Downloaded PAN-DB Files
Sixth - PAN-DB Cloud
質問 # 86
An administrator is reviewing the Security policy rules shown in the screenshot below. Which statement is correct about the information displayed?
- A. There are seven Security policy rules on this firewall.
- B. The view Rulebase as Groups is checked.
- C. Eleven rules use the "Infrastructure* tag.
- D. Highlight Unused Rules is checked.
正解:B
質問 # 87
Match each feature to the DoS Protection Policy or the DoS Protection Profile.
正解:
解説:
質問 # 88
Which component is a building block in a Security policy rule?
- A. decryption profile
- B. application
- C. timeout (min)
- D. destination interface
正解:B
解説:
Explanation/Reference:
Reference:
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-web-interface-help/policies/policies- security/buildingblocks-in-a-security-policy-rule.html
質問 # 89
Given the detailed log information above, what was the result of the firewall traffic inspection?
- A. It was blocked by the Anti-Spyware Profile action.
- B. It was blocked by the Security policy action.
- C. It was blocked by the Anti-Virus Security profile action.
- D. It was blocked by the Vulnerability Protection profile action.
正解:A
質問 # 90
Based on the security policy rules shown, ssh will be allowed on which port?
- A. 0
- B. 1
- C. 2
- D. 3
正解:C
質問 # 91
An administrator would like to see the traffic that matches the interzone-default rule in the traffic logs.
What is the correct process to enable this logging1?
- A. Select the interzone-default rule and edit the rule on the Actions tab select Log at Session End and click OK
- B. Select the interzone-default rule and edit the rule on the Actions tab select Log at Session Start and click OK
- C. This rule has traffic logging enabled by default no further action is required
- D. Select the interzone-default rule and click Override on the Actions tab select Log at Session End and click OK
正解:D
質問 # 92
Which operations are allowed when working with App-ID application tags?
- A. Predefined tags may be deleted.
- B. Predefined tags may be modified.
- C. Predefined tags may be augmented by custom tags.
- D. Predefined tags may be updated by WildFire dynamic updates.
正解:C
解説:
You can add additional custom tags to an application that already has predefined tags to
"augment" filtering abilities in application filters.
質問 # 93
Based on the graphic which statement accurately describes the output shown in the server monitoring panel?
- A. The host lab-client has been found by the User-ID agent.
- B. The User-ID agent is connected to a domain controller labeled lab-client.
- C. The host lab-client has been found by a domain controller.
- D. The User-ID agent is connected to the firewall labeled lab-client.
正解:B
質問 # 94
An administrator would like to create a URL Filtering log entry when users browse to any gambling website. What combination of Security policy and Security profile actions is correct?
- A. Security policy = deny. Gambling category in URL profile = block
- B. Security policy = allow. Gambling category in URL profile = allow
- C. Security policy = drop, Gambling category in URL profile = allow
- D. Security policy = allow, Gambling category in URL profile = alert
正解:D
解説:
A log entry is generated in the URL filtering log.
https://docs.paloaltonetworks.com/advanced-url-filtering/administration/url-filtering-basics/url- filtering-profiles
質問 # 95
Given the image, which two options are true about the Security policy rules. (Choose two.)
- A. In the Allow FTP to web server rule, FTP is allowed using App-ID
- B. In the Allow Social Networking rule, allows all of Facebook's functions
- C. The Allow Office Programs rule is using an Application Group
- D. The Allow Office Programs rule is using an Application Filter
正解:A、C
質問 # 96
You receive notification about a new malware that infects hosts. An infection results in the infected host attempting to contact a command-and-control server.
Which Security Profile detects and prevents this threat from establishing a command-and-control connection?
- A. Data Filtering Profile applied to outbound Security policy rules.
- B. Vulnerability Protection Profile applied to outbound Security policy rules.
- C. Antivirus Profile applied to outbound Security policy rules
- D. Anti-Spyware Profile applied to outbound security policies.
正解:D
質問 # 97
According to the best practices for mission critical devices, what is the recommended interval for antivirus updates?
- A. daily
- B. hourly
- C. weekly
- D. by minute
正解:A
解説:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/threat-prevention/best-practices-for-content-and-threat-content-updates/best-practices-mission- critical.html
質問 # 98
By default, which action is assigned to the interzone-default rule?
- A. Reset-server
- B. Deny
- C. Reset-client
- D. Allow
正解:B
質問 # 99
Which interface does not require a MAC or IP address?
- A. Layer3
- B. Loopback
- C. Virtual Wire
- D. Layer2
正解:C
解説:
No IP or MAC addresses are assigned to Virtual Wire interfaces. No routing or switching is done on a Virtual Wire interface.
質問 # 100
Given the image, which two options are true about the Security policy rules. (Choose two.)
- A. In the Allow Social Networking rule, allows all of Facebook's functions In the Allow FTP to web server rule, FTP is allowed using port based rule and not APP-ID.
- B. The Allow Office Programs rule is using an Application Group
- C. The Allow Office Programs rule is using an Application Filter
- D. In the Allow FTP to web server rule, FTP is allowed using App-ID
正解:A、C
質問 # 101
Which statement is true about Panorama managed devices?
- A. Local configuration locks prohibit Security policy changes for a Panorama managed device.
- B. Panorama automatically removes local configuration locks after a commit from Panorama.
- C. Local configuration locks can be manually unlocked from Panorama.
- D. Security policy rules configured on local firewalls always take precedence.
正解:A
解説:
When a user has a configuration lock, it is not possible to perform a commit or push a policy from Panorama. If the administrator is not available to remove the lock, a device WebGUI or CLI command can be used by a superuser to force the removal of the configuration lock.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CltACAS
質問 # 102
......
最新PCNSA試験問題集有効で最新の問題集:https://www.jpntest.com/shiken/PCNSA-mondaishu
検証済みPCNSA試験解答合格確定させる:https://drive.google.com/open?id=1Ec53R3RrQK_TmlUTrX4S_sfiSvIjlTHB