2024年最新のPCNSA問題集にはPaloalto Network Security Administrator認証済み試験問題と解答 [Q158-Q183]

2024年最新のPCNSA問題集にはPaloalto Network Security Administrator認証済み試験問題と解答

実際に出ると確認されたPCNSA試験問題集と解答でPCNSA無料更新

PCNSA認定を取得することにより、ネットワークセキュリティ管理者は、ネットワークインフラストラクチャを効果的に保護する専門知識を実証できます。この認定には、ピア、雇用主、顧客からの認識など、いくつかの利点が提供されます。また、雇用市場で競争上の優位性を提供し、キャリアの進歩の機会を開きます。さらに、PCNSA認定の専門家は、トレーニング、認定、技術サポートなど、Palo Alto Networksの排他的なリソースにアクセスできます。

Palo Alto Networks認定ネットワークセキュリティ管理者（PCNSA）認定試験は、ネットワークセキュリティのスキルと知識を証明することを目的とした試験です。PCNSA認定試験は、サイバーセキュリティソリューションの主要な提供者であるPalo Alto Networksが提供する、ベンダー固有の認定試験です。この認定試験は、個人がPalo Alto Networksの次世代ファイアウォールを構成、維持、トラブルシューティングする能力を検証することを意図しています。

PCNSA認定試験は、60問の多肢選択問題から構成され、監視された環境で実施されます。試験時間は90分で、合格スコアは70％以上である必要があります。この試験は、さまざまな業界の認定試験を提供するグローバルテスト企業であるPearson VUEを通じて利用できます。

 

質問 # 158
You receive notification about new malware that infects hosts through malicious files transferred by FTP.
Which Security profile detects and protects your internal networks from this threat after you update your firewall's threat signature database?

• A. Data Filtering profile applied to outbound Security policy rules.
• B. URL Filtering profile applied to inbound Security policy rules.
• C. Vulnerability Protection profile applied to outbound Security policy rules.
• D. Antivirus profile applied to inbound Security policy rules.

正解：D

解説：
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/security-profiles

質問 # 159
What in the minimum frequency for which you can configure the firewall too check for new wildfire antivirus signatures?

• A. every 30 minutes
• B. every 5 minutes
• C. every 24 hours
• D. every 1 minute

正解：D

解説：

質問 # 160
Which option lists the attributes that are selectable when setting up an Application filters?

• A. Category, Subcategory, Technology, Risk, and Characteristic
• B. Category, Subcategory, Risk, Standard Ports, and Technology
• C. Category, Subcategory, Technology, and Characteristic
• D. Name, Category, Technology, Risk, and Characteristic

正解：A

解説：
Reference:
https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-web-interface-help/objects/objects-application- filters

質問 # 161
Which two configuration settings shown are not the default? (Choose two.)

• A. Enable Session
• B. Enable Security Log
• C. Server Log Monitor Frequency (sec)
• D. Enable Probing

正解：A、C

解説：
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-web-interface-help/user-identification/device-user-identification-user-mapping/enable-server-monitoring

質問 # 162
Based on the screenshot what is the purpose of the included groups?

• A. They are used to map usernames to group names.
• B. They contain only the users you allow to manage the firewall.
• C. They are only groups visible based on the firewall's credentials.
• D. They are groups that are imported from RADIUS authentication servers.

正解：A

質問 # 163
Given the scenario, which two statements are correct regarding multiple static default routes? (Choose two.)

• A. Route with highest metric is actively used
• B. Path monitoring determines if route is useable
• C. Route with lowest metric is actively used
• D. Path monitoring does not determine if route is useable

正解：B、C

質問 # 164
Which plane on a Palo alto networks firewall provides configuration logging and reporting functions on a separate processor?

• A. management
• B. data
• C. network processing
• D. security processing

正解：A

質問 # 165
Given the network diagram, traffic should be permitted for both Trusted and Guest users to access general Internet and DMZ servers using SSH. web-browsing and SSL applications Which policy achieves the desired results?

• A.
• B.
• C.
• D.

正解：D

質問 # 166
Which two App-ID applications will need to be allowed to use Facebook-chat? (Choose two.)

• A. facebook
• B. facebook-base
• C. facebook-chat
• D. facebook-email

正解：B、C

質問 # 167
Which path in PAN-OS 10.0 displays the list of port-based security policy rules?

• A. Policies> Security> Rule Usage> Port only specified
• B. Policies> Security> Rule Usage> No App Specified
• C. Policies> Security> Rule Usage> Port-based Rules
• D. Policies> Security> Rule Usage> Unused Apps

正解：B

解説：
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/app-id/security-policy-rule- optimization/migrate-port-based-to-app-id-based-security-policy-rules

質問 # 168
Which statement best describes the use of Policy Optimizer?

• A. Policy Optimizer on a VM-50 firewall can display which Layer 7 App-ID Security policies have unused applications
• B. Policy Optimizer can be used on a schedule to automatically create a disabled Layer 7 App-ID Security policy for every Layer 4 policy that exists Admins can then manually enable policies they want to keep and delete ones they want to remove
• C. Policy Optimizer can add or change a Log Forwarding profile for each Secunty policy selected
• D. Policy Optimizer can display which Security policies have not been used in the last 90 days

正解：D

質問 # 169
Based on the graphic, what is the purpose of the SSL/TLS Service profile configuration option?

• A. It defines the firewall's global SSL/TLS timeout values.
• B. It defines the CA certificate used to verify the client's browser.
• C. It defines the certificate to send to the client's browser from the management interface.
• D. It defines the SSUTLS encryption strength used to protect the management interface.

正解：C

質問 # 170
Where does a user assign a tag group to a policy rule in the policy creation window?

• A. Application tab
• B. Actions tab
• C. General tab
• D. Usage tab

正解：C

解説：
A user can assign a tag group to a policy rule in the policy creation window by selecting the General tab. A tag group is a collection of tags that can be used to identify and filter policy rules based on different criteria, such as function, location, or priority. A user can create a tag group on Panorama and assign it to a policy rule to apply the same set of tags to multiple firewalls or device groups1. To assign a tag group to a policy rule, the user needs to:
Select the General tab in the policy creation window.
Click the Tag Group drop-down menu and select the tag group that the user wants to assign to the policy rule.
Click OK to save the changes. The policy rule will inherit the tags from the tag group and display them in the Tag column.

質問 # 171
An administrator wants to enable access to www.paloaltonetworks.com while denying access to all other sites in the same category.
Which object should the administrator create to use as a match condition for the security policy rule that allows access to www.paloaltonetworks.com?

• A. Address ab
• B. Service
• C. Application group
• D. URL category

正解：D

解説：
A URL category object is the object that the administrator should create to use as a match condition for the security policy rule that allows access to www.paloaltonetworks.com while denying access to all other sites in the same category. A URL category object allows the administrator to define a custom list of URLs that belong to a specific category, such as Business and Economy. The administrator can then use this object in a security policy rule to allow or deny access to the URLs based on the category1. For example, the administrator can create a URL category object that contains www.paloaltonetworks.com and assign it to the Business and Economy category. Then, the administrator can create a security policy rule that allows access to this URL category object and denies access to the predefined Business and Economy category2. Reference: Create a Custom URL Category, Create a Security Policy Rule to Allow or Deny Access to a Custom URL Category, Certifications - Palo Alto Networks, Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0) or [Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)].

質問 # 172
What action will inform end users when their access to Internet content is being restricted?

• A. Publish monitoring data for Security policy deny logs.
• B. Enable "Response Pages" on the interface providing Internet access.
• C. Create a custom "URL Category" object with notifications enabled.
• D. Ensure that the "site access" setting for all URL sites is set to "alert".

正解：B

解説：
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/device/device-response-pages.html

質問 # 173
Given the Cyber-Attack Lifecycle diagram, identify the stage in which the attacker can run malicious code against a targeted machine.

• A. Reconnaissance
• B. Exploitation
• C. Installation
• D. Act on Objective

正解：B

質問 # 174
Which profile should be used to obtain a verdict regarding analyzed files?

• A. Advanced threat prevention
• B. Content-ID
• C. WildFire analysis
• D. Vulnerability profile

正解：C

解説：
A profile is a set of rules or settings that defines how the firewall performs a specific function, such as detecting and preventing threats, filtering URLs, or decrypting traffic1.
There are different types of profiles that can be applied to different types of traffic or scenarios, such as Antivirus, Anti-Spyware, Vulnerability Protection, URL Filtering, File Blocking, Data Filtering, Decryption, or WildFire Analysis1.
The WildFire Analysis profile is a profile that enables the firewall to submit unknown files or email links to the cloud-based WildFire service for analysis and verdict determination2. WildFire is the industry's most advanced analysis and prevention engine for highly evasive zero-day exploits and malware3. WildFire uses a variety of malware detection techniques, such as static analysis, dynamic analysis, machine learning, and intelligent run-time memory analysis, to identify and protect against unknown threats34.
The Vulnerability Protection profile is a profile that protects the network from exploits that target known software vulnerabilities. It allows the administrator to configure the actions and log settings for each vulnerability severity level, such as critical, high, medium, low, or informational5.
Content-ID is not a profile, but a feature of the firewall that performs multiple functions to identify and control applications, users, content, and threats on the network. Content-ID consists of four components: App-ID, User-ID, Content Inspection, and Threat Prevention.
Advanced Threat Prevention is not a profile, but a term that refers to the comprehensive approach of Palo Alto Networks to prevent sophisticated and unknown threats. Advanced Threat Prevention includes WildFire, but also other products and services, such as DNS Security, Cortex XDR, Cortex XSOAR, and AutoFocus.
Therefore, the profile that should be used to obtain a verdict regarding analyzed files is the WildFire Analysis profile.
References:
1: Security Profiles - Palo Alto Networks 2: WildFire Analysis Profile - Palo Alto Networks 3: WildFire - Palo Alto Networks 4: Advanced Wildfire as an ICAP Alternative | Palo Alto Networks 5: Vulnerability Protection Profile - Palo Alto Networks : [Content-ID - Palo Alto Networks] : [Advanced Threat Prevention - Palo Alto Networks]

質問 # 175
Choose the option that correctly completes this statement. A Security Profile can block or allow traffic ____________.

• A. after it is matched by a security policy rule that allows traffic.
• B. on either the data place or the management plane.
• C. after it is matched by a security policy rule that allows or blocks traffic.
• D. before it is matched to a Security policy rule.

正解：A

解説：
Reference:
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/security-policy.html

質問 # 176
An administrator has configured a Security policy where the matching condition includes a single application and the action is deny.
If the application s default deny action is reset-both what action does the firewall take*?

• A. It sends a TCP reset to the client-side and server-side devices
• B. It sends a TCP reset to the server-side device
• C. It silently drops the traffic and sends an ICMP unreachable code
• D. It silently drops the traffic

正解：A

質問 # 177
Match the cyber-attack lifecycle stage to its correct description.

正解：

解説：

質問 # 178
Review the screenshot below. Based on the information it contains, which protocol decoder will detect a machine-learning match, create a Threat log entry, and permit the traffic?

• A. ftp
• B. http2
• C. smb
• D. imap

正解：D

解説：
According to the screenshot, only imap, pop3 and smtp have a default (alert) action, which generates an alert for each application traffic flow. The alert is saved in the threat log.
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/security-profiles

質問 # 179
Match the Palo Alto Networks Security Operating Platform architecture to its description.

正解：

解説：

質問 # 180
In which section of the PAN-OS GUI does an administrator configure URL Filtering profiles?

• A. Device
• B. Objects
• C. Policies
• D. Network ab

正解：B

解説：
URL Filtering profiles are configured in the Objects section of the PAN-OS GUI. A URL Filtering profile defines the actions that the firewall takes for different URL categories, such as allow, block, alert, continue, or override. You can also configure settings for credential phishing prevention, URL filtering inline machine learning, and safe search enforcement in a URL Filtering profile1. To create or modify a URL Filtering profile, you need to go to Objects > Security Profiles > URL Filtering2. Reference: URL Filtering Profile, Create a URL Filtering Profile, Updated Certifications for PAN-OS 10.1, Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0) or [Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)].

質問 # 181
Drag and Drop Question
Match each feature to the DoS Protection Policy or the DoS Protection Profile.

正解：

解説：

質問 # 182
An administrator wishes to follow best practices for logging traffic that traverses the firewall Which log setting is correct?

• A. Enable Log at Session End
• B. Enable Log at both Session Start and End
• C. Enable Log at Session Start
• D. Disable all logging

正解：A

解説：
Explanation
Explanation/Reference:
Reference:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clt5CAC

質問 # 183
......

実際問題を使ってPCNSA問題集で100%無料PCNSA試験問題集：https://www.jpntest.com/shiken/PCNSA-mondaishu

PCNSA試験問題集、テストエンジン練習テスト問題：https://drive.google.com/open?id=1LEe5YyRLGI2dok_9tsigICYcYuaK56Zg