[2022年10月最新リリース] 合格できるPSE-PrismaCloud試験にはリアル問題とアンサー
合格できるPSE-PrismaCloudレビューガイド、頼もしいPSE-PrismaCloudテストエンジン
Palo Alto Networks PSE-PrismaCloud 認定試験の出題範囲:
トピック | 出題範囲 |
---|---|
トピック 1 |
|
トピック 2 |
|
トピック 3 |
|
トピック 4 |
|
トピック 5 |
|
質問 36
Which RQL string returns a list of all Azure virtual machines that are not currently running?
- A. config where api.name = 'azure-vm-list' AND json.rule = powerState = "off'
- B. config where api.name = 'azure-vm-list' AND json.rule = powerState = "running"
- C. config where api.name = 'azure-vm-list' AND json.rule = powerState contains "running"
- D. config where api.name = 'azure-vm-list' AND json.rule = powerState does not contain "running"
正解: C
質問 37
What configuration on AWS is required in order for VM-Series to forward traffic between its network interfaces?
- A. Source Check is enabled and Destination Check is disabled
- B. Source Check is disabled and Destination Check is enabled
- C. Both Source and Destination Checks are disabled
- D. Both Source and Destination Checks are enabled
正解: C
解説:
Explanation
https://docs.paloaltonetworks.com/vm-series/9-0/vm-series-deployment/set-up-the-vm-series-firewall-on-aws/us
質問 38
Based on the diagram, how many routes will the virtual gateway advertise to the on-premises NGFW over the Amazon Web Services Direct Connect link?
- A. 0
- B. 1
- C. 2
- D. 3
正解: B
質問 39
In which two ways does Palo Alto Networks VM orchestration help service providers automatically provision security instances and policies? (Choose two.)
- A. fully instrumented API
- B. VM Orchestration Policy Editor
- C. Aperture Orchestration Engine
- D. support for Dynamic Address Groups
正解: C,D
質問 40
Which three features are not supported by VM-Series NGFWs on Azure Stack? (Choose three.)
- A. Azure Security Center
- B. ARM Template
- C. Bootstrapping
- D. Azure Application Insight
- E. Resource Group
正解: A,C,D
質問 41
A customer CSO has asked you to demonstrate how to identify all "Amazon RDS" resources deployed and the region that they are deployed in. What are two ways that Prisma Public Cloud can show the relevant information?(Choose two.)
- A. Open the Asset dashboard, filter on Amazon Web Services, and click "Amazon RDS" resources.
- B. Generate a compliance report from the Compliance dashboard
- C. Write an RQL query from the "Investigate" tab.
- D. Configure an Inventory report from the "Alerts" tab
正解: A,B
質問 42
Which two items are required when a VM-100 BYOL instance is upgraded to a VM-300 BYOL instance?
(Choose two.)
- A. UUID
- B. new Auth Code
- C. CPU ID
- D. API Key
正解: A,C
解説:
Explanation
In a public cloud deployment, if your firewall is licensed with the BYOL option, you must Deactivate VM before you change the instance type or VM type and apply the license again on the firewall after you complete the model or instance upgrade. When you change the instance type, because the firewall has a new UUID and CPU ID, the existing license will no longer be valid.
https://docs.paloaltonetworks.com/vm-series/9-0/vm-series-deployment/about-the-vm-series-firewall/upgrade-th
質問 43
Which framework in Prisma Public Cloud can be used to provide general best practices when no specific legal requirements or regulatory standards need to be met?
- A. HIPAA
- B. GDPR
- C. CIS Benchmark
- D. Payment Card Industry DSS V3
正解: C
質問 44
Which three methods can provide application-level security for a web server instance on Amazon Web Services? (Choose three.)
- A. Security Groups
- B. Prisma SaaS
- C. Traps
- D. Amazon Web Services WAF
- E. VM-Series firewalls
正解: A,B,E
質問 45
The customer has an Amazon Web Services Elastic Computing Cloud that provides a service to the internet directly and needs to secure that cloud with a VM-Series NGFW.
Which component handles address translation?
- A. The server VMs and the VM-Series NGFW have private use only (RFC 1918) IPs. Amazons cloud infrastructure translates those addresses to publicly accessible IP addresses
- B. The server VMs have private use only (RFC 1918) IPs. The VM-Series NGFW translates those addresses to publicly accessible IP addresses.
- C. The server VMs have private use only (RFC 1918) IPs. Amazon's cloud infrastructure translates those addresses to publicly accessible IP addresses. The VM-Series NGFW has publicly accessible IP addresses.
- D. The servers and VM-Series NGFW have publicly accessible IP addresses for management purposes.
正解: B
質問 46
Based on the diagram, prioritize the order in which the Virtual Gateway evaluates the best route based on the deterministic B6P Path selection process.
正解:
解説:
質問 47
How can you modify a range of dates default policy in Prisma Public Cloud?
- A. Manually create the RQL statement.
- B. Clone the existing policy and change the value.
- C. Override the value and commit the configuration.
- D. Click the Gear icon next to the policy name to open the Edit Policy dialog
正解: B
質問 48
Which RQL string monitors all traffic from the Internet and Suspicious IPs destined for your Amazon Web Services databases?
- A. network where source.publicnetwork IN ('Suspicious IPs', 'Internet IPs') and dest resource IN (resource where role IN ('AWS RDS'. 'Database'))
- B. network where dest.resource IN (resource where role = 'Database'}
- C. network where source.publicnetwork IN ('Suspicious IPs', 'Internet IPs') and dest.resource IN (resource where role IN ('LDAP'))
- D. network where source.publicnetwork IN ('Suspicious IPs') and dest.resource IN (resource where role IN ('AWS RDS', 'Database'))
正解: A
質問 49
Match the logging service with its cloud provider.
正解:
解説:
質問 50
Which RQL string returns a list of all Azure virtual machines that are not currently running?
- A. config where api.name = 'azure-vm-list' AND json.rule = powerState contains "running"
- B. config where api.name = 'azure-vm-list' AND json.rule = powerState = "off'
- C. config where api.name = 'azure-vm-list' AND json.rule = powerState = "running"
- D. config where api.name = 'azure-vm-list' AND json.rule = powerState does not contain "running"
正解: D
質問 51
When protecting against attempts to exploit client-side and server-side vulnerabilities, what is the Palo Alto Networks best practice when using NGFW Vulnerability Protection Profiles?
- A. Clone the predefined Strict Profile, with packet capture settings disabled
- B. Use the default Vulnerability Protection Profile to protect clients from all known critical, high, and medium-severity threats
- C. Clone the predefined Strict Profile, with packet capture settings enabled
- D. Use the default Vulnerability Protection Profile to protect servers from all known critical, high, and medium-severity threats
正解: B
質問 52
Which RQL string searches for all EBS volumes that do not have a "DataClassification" tag?
- A. config where api.name = 'aws-ec2-describe-volumes' AND json.rule = tags[*].key = 1
- B. config where api.name = ,aws-ec2-describe-volumes' AND json.rule = tags[*].key exists
- C. config where api.name = 'aws-ec2-describe-volumes, AND json.rule = tags[*]key contains DataClassification
- D. config where api.name = ,aws-ec2-describe-volumes' AND json.rule = tags[*]key != DataClassification
正解: A
質問 53
......
100%無料PSE-PrismaCloud日常練習試験62問題:https://www.jpntest.com/shiken/PSE-PrismaCloud-mondaishu