有効なPSE-PrismaCloudテスト解答Palo Alto Networks PSE-PrismaCloud試験PDF問題を試そう
Palo Alto Networks PSE-PrismaCloud認定リアル2021年最新の模擬試験合格させます
質問 35
Match the query type with its corresponding search
正解:
解説:
質問 36
Which Amazon Web Services security service can provide host vulnerability information to Prisma Public Cloud?
- A. Shield
- B. GuardDuty
- C. Amazon Web Services WAF
- D. Inspector
正解: D
質問 37
What is Prisma Public Cloud licensing based on?
- A. number of accounts onboarded
- B. volume of flow logs consumed
- C. number of alerts generated
- D. number of monitored workloads
正解: D
質問 38
Which Google Cloud Platform project shares its VPC networks with other projects?
- A. Admin project
- B. Host project
- C. Service project
- D. Subscribing project
正解: B
解説:
Explanation
Create a shared VPC using the Trust VPC created when you deployed the firewall template.
Set up a shared VPC for the host (firewall) project:
gcloud compute shared-vpc enable HOST_PROJECT_ID
https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/set-up-the-vm-series-firewall-on-google
質問 39
Which three requirements are needed to register a PAYG VM-Series NGFW at the Palo Alto Networks Customer Support website? (Choose three.)
- A. License Key
- B. UUID
- C. Auth Code
- D. Serial Number
- E. CPU ID
正解: B,D,E
質問 40
How can you use Prisma Public Cloud to identify Amazon EC2 instances that have been tagged as "Private?
- A. Create an RQL config query to identify resources with the tag "Private."
- B. Create an RQL network query to identify traffic from resources tagged "Private."
- C. Open the Asset Dashboard, filter on tags: and choose "Private."
- D. Generate a CIS compliance report and review the "Asset Summary."
正解: B
質問 41
Which two items are required when a VM-100 BYOL instance is upgraded to a VM-300 BYOL instance?
(Choose two.)
- A. UUID
- B. new Auth Code
- C. API Key
- D. CPU ID
正解: A,D
解説:
Explanation
In a public cloud deployment, if your firewall is licensed with the BYOL option, you must Deactivate VM before you change the instance type or VM type and apply the license again on the firewall after you complete the model or instance upgrade. When you change the instance type, because the firewall has a new UUID and CPU ID, the existing license will no longer be valid.
https://docs.paloaltonetworks.com/vm-series/9-0/vm-series-deployment/about-the-vm-series-firewall/upgrade-th
質問 42
What configuration on AWS is required in order for VM-Series to forward traffic between its network interfaces?
- A. Both Source and Destination Checks are enabled
- B. Source Check is enabled and Destination Check is disabled
- C. Both Source and Destination Checks are disabled
- D. Source Check is disabled and Destination Check is enabled
正解: C
解説:
Explanation
https://docs.paloaltonetworks.com/vm-series/9-0/vm-series-deployment/set-up-the-vm-series-firewall-on-aws/us
質問 43
Which three methods can provide application-level security for a web server instance on Amazon Web Services? (Choose three.)
- A. Security Groups
- B. VM-Series firewalls
- C. Traps
- D. Prisma SaaS
- E. Amazon Web Services WAF
正解: B,C,E
質問 44
When an on-premises NGFW (customer gateway) is used to connect to the Virtual Gateway, which two IKE profiles cannot be used? (Choose two.)
- A. Group14 / SHA-256 / AES-256-CBC / IKE-V1
- B. Group2 / SHA-1 / AES-128-CBC
- C. Group2 / SHA-1 / AES-128-CBC / IKE-V1
- D. Group2 / SHA-1 / AES-128-GCM / IKE-V1
- E. Group14 / SHA-256 / AES-256-GCM / IKE-V1
正解: A,E
質問 45
Which two cloud providers support Load Balancers as next hop configurations for outbound connections?
(Choose two.)
- A. Amazon Web Services
- B. Oracle Cloud
- C. Microsoft Azure
- D. Google Cloud Platform
正解: B,D
質問 46
Which three anomaly policies are predefined in Prisma Public Cloud? (Choose three.)
- A. Unusual user activity
- B. Suspicious file activity
- C. Denial-of-service activity
- D. Account hijacking attempts
- E. Excessive login failures
正解: A,D,E
解説:
Explanation
Account hijacking attempts
-Detect potential account hijacking attempts discovered by identifying unusual login activities. These can happen if there are concurrent login attempts made in short duration from two different geographic locations, which is impossible time travel
, or login from a previously unknown browser, operating system, or location.
Excessive login failures
-Detect potential account hijacking attempts discovered by identifying brute force login attempts. Excessive login failure attempts are evaluated dynamically based on the models observed with continuous learning.
Unusual user activity
-Discover insider threat and an account compromise using advanced data science. The Prisma Cloud machine learning algorithm profiles a user's activities on the console, as well as the usage of access keys based on the location and the type of cloud resources.
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/anomaly-poli
質問 47
How is license utilization displayed within the Prisma Public Cloud interface?
- A. navigate to General > Licensing
- B. navigate to Dashboard > Asset Inventory
- C. navigate to the CLI and run show license command
- D. navigate to Settings (via the gear icon) > Licensing
正解: D
質問 48
Which RQL string using network query attributes returns all traffic destined for Internet or for Suspicious IPs that also exceeds 1GB?
- A. network where dest.publicnetwork IN ('Internet IPs', 'Suspicious IPs') AND bytes > 1000000000
- B. network where bytes > 1GB and destination = 'Internet IPs' OR 'Suspicious IPs'
- C. show traffic where destination.network = ('Internet IPs', 'Suspicious IPs') AND bytes > 1000000000
- D. network where publicnetwork = ('Internet IPs', 'Suspicious IPs') AND bytes > 1000000000
正解: A
解説:
Explanation
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/rql-examples All network traffic that is greater than 1GB and destined to Internet or Suspicious IPs (allows you to identify data exfiltration attempt on any cloud environment).
network where dest.publicnetwork IN ( 'Internet IPs', 'Suspicious IPs' ) AND bytes > 1000000000
質問 49
How does a customer that has deployed a VM-Series NGFW on Microsoft Azure using a BYOL license change to a PAYG license structure?
- A. purchase a new PAYG license from a reseller
- B. purchase a new PAYG license for Microsoft Azure from Palo Alto Networks
- C. go to Palo Alto Networks Support website to change the BYOL license to a PAYG license
- D. launch a new VM using the PAYG image
正解: C
質問 50
......
Palo Alto Networks PSE-PrismaCloud 認定試験の出題範囲:
トピック | 出題範囲 |
---|---|
トピック 1 |
|
トピック 2 |
|
トピック 3 |
|
トピック 4 |
|
トピック 5 |
|
トピック 6 |
|
トピック 7 |
|
トピック 8 |
|
トピック 9 |
|
PSE-PrismaCloud試験問題と有効なPSE-PrismaCloud問題集PDF:https://www.jpntest.com/shiken/PSE-PrismaCloud-mondaishu