PCNSA無料問題集「Palo Alto Networks Certified Network Security Administrator」

質問 1

When HTTPS for management and GlobalProtect are enabled on the same interface, which TCP port is used for management access?

（A）8443

（B）80

（C）4443

（D）443

正解：C 解答を投票する

質問 2

An administrator wants to prevent access to media content websites that are risky Which two URL categories should be combined in a custom URL category to accomplish this goal? (Choose two)

（A）recreation-and-hobbies

（B）known-risk

（C）streaming-media

（D）high-risk

正解：A、C 解答を投票する

質問 3

When creating a custom URL category object, which is a valid type?

（A）domain match

（B）wildcard

（C）category match

（D）host names

正解：C 解答を投票する

質問 4

How do you reset the hit count on a security policy rule?

（A）Select a Security policy rule, and then select Hit Count > Reset.

（B）Reboot the data-plane.

（C）Type the CLI command reset hitcount <POLICY-NAME>.

（D）First disable and then re-enable the rule.

正解：A 解答を投票する

質問 5

What are two valid selections within an Anti-Spyware profile? (Choose two.)

（A）Deny

（B）Drop

（C）Default

（D）Random early drop

正解：B、C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

Which two addresses should be reserved to enable DNS sinkholing? (Choose two.)

（A）IPv4

（B）MAC

（C）IPv6

（D）Email

正解：A、C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

What are three characteristics of the Palo Alto Networks DNS Security service? (Choose three.)

（A）It enables users to access real-time protections using advanced predictive analytics.

（B）It requires an active subscription to a third-party DNS Security service.

（C）It requires a valid Threat Prevention license.

（D）It requires a valid URL Filtering license.

（E）It uses techniques such as DGA.DNS tunneling detection and machine learning.

正解：A、C、E 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

Place the following steps in the packet processing order of operations from first to last.

正解：

質問 9

Which table for NAT and NPTv6 (IPv6-to-IPv6 Network Prefix Translation) settings is available only on Panorama?

（A）NAT Target Tab

（B）NAT Policies General Tab

（C）NAT Translated Packet Tab

（D）NAT Active/Active HA Binding Tab

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

Which object would an administrator create to enable access to all applications in the office-programs subcategory?

（A）URL category

（B）Application filter

（C）HIP profile

（D）Application group

正解：A 解答を投票する

質問 11

Refer to the exhibit. An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and Host B (10.1.1.101) receives SSH traffic.

Which two Security policy rules will accomplish this configuration? (Choose two.)

（A）Untrust (Any) to Untrust (10.1.1.1), ssh -Allow

（B）Untrust (Any) to DMZ (1.1.1.100), web-browsing - Allow

（C）Untrust (Any)to DMZ (10.1.1.100. 10.1.1.101), ssh, web-browsing-Allow

（D）Untrust (Any) to Untrust (10.1.1.1), web-browsing -Allow

（E）Untrust (Any) to DMZ (1.1.1.100), ssh - Allow

正解：B、E 解答を投票する

質問 12

Given the topology, which zone type should interface E1/1 be configured with?

（A）Tap

（B）Tunnel

（C）Virtual Wire

（D）Layer3

正解：A 解答を投票する

質問 13

What in the minimum frequency for which you can configure the firewall too check for new wildfire antivirus signatures?

（A）every 24 hours

（B）every 5 minutes

（C）every 1 minute

（D）every 30 minutes

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 14

An organization has some applications that are restricted for access by the Human Resources Department only, and other applications that are available for any known user in the organization.
What object is best suited for this configuration?

（A）Tag

（B）External Dynamic List

（C）Application Group

（D）Application Filter

正解：C 解答を投票する

質問 15

A Security Profile can block or allow traffic at which point?

（A）on either the data plane or the management plane

（B）after it is matched to a Security policy rule that allows or blocks traffic

（C）after it is matched to a Security policy rule that allows traffic

（D）before it is matched to a Security policy rule

正解：C 解答を投票する

質問 16

Starting with PAN-OS version 9.1, application dependency information is now reported in which two locations? (Choose two.)

（A）on the Policy Optimizer's Rule Usage page

（B）on the App Dependency tab in the Commit Status window

（C）on the Application tab in the Security Policy Rule creation window

（D）on the Objects > Applications browser pages

正解：B、C 解答を投票する

質問 17

What can be achieved by selecting a policy target prior to pushing policy rules from Panorama?

（A）You can specify the firewalls m a device group to which to push policy rules

（B）You specify the location as pre can - or post-rules to push policy rules

（C）Doing so provides audit information prior to making changes for selected policy rules

（D）Doing so limits the templates that receive the policy rules

正解：A 解答を投票する

質問 18

Which administrator type utilizes predefined roles for a local administrator account?

（A）Dynamic

（B）Device administrator

（C）Superuser

（D）Role-based

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

PCNSA 無料問題集「Palo Alto Networks Certified Network Security Administrator」

弊社を連絡する

関連リンク

トップ試験