PCNSA無料問題集「Palo Alto Networks Certified Network Security Administrator」

質問 1

Which Security policy set should be used to ensure that a policy is applied first?

（A）Local firewall policy

（B）Shared pre-rulebase

（C）Parent device-group pre-rulebase

（D）Child device-group pre-rulebase

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

Which statement is true regarding NAT rules?

（A）Static NAT rules have precedence over other forms of NAT.

（B）NAT rules are processed in order from top to bottom.

（C）Translation of the IP address and port occurs before security processing.

（D）Firewall supports NAT on Layer 3 interfaces only.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

What allows a security administrator to preview the Security policy rules that match new application signatures?

（A）Dynamic Updates-Review App

（B）Dynamic Updates-Review Policies

（C）Review Release Notes

（D）Policy Optimizer-New App Viewer

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

What two actions can be taken when implementing an exception to an External Dynamic List? (Choose two.)

（A）Exclude a URL entry by making use of regular expressions.

（B）Exclude a URL entry by making use of wildcards.

（C）Exclude an IP address by making use of wildcards.

（D）Exclude an IP address by making use of regular expressions.

正解：A、C 解答を投票する

質問 5

Which type security policy rule would match traffic flowing between the inside zone and outside zone within the inside zone and within the outside zone?

（A）global

（B）intrazone

（C）interzone

（D）universal

正解：D 解答を投票する

質問 6

Which two options does the firewall use to dynamically populate address group members? (Choose two.)

（A）MAC Addresses

（B）Tags

（C）Tag-based filters

（D）IP Addresses

正解：B、C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

Which two DNS policy actions in the anti-spyware security profile can prevent hacking attacks through DNS queries to malicious domains? (Choose two.)

（A）Block

（B）Deny

（C）Override

（D）Sinkhole

正解：A、D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

Based on the graphic which statement accurately describes the output shown in the server monitoring panel?

（A）The User-ID agent is connected to a domain controller labeled lab-client.

（B）The host lab-client has been found by a domain controller.

（C）The host lab-client has been found by the User-ID agent.

（D）The User-ID agent is connected to the firewall labeled lab-client.

正解：A 解答を投票する

質問 9

An administrator would like to see the traffic that matches the interzone-default rule in the traffic logs.
What is the correct process to enable this logging1?

（A）Select the interzone-default rule and edit the rule on the Actions tab select Log at Session Start and click OK

（B）Select the interzone-default rule and edit the rule on the Actions tab select Log at Session End and click OK

（C）Select the interzone-default rule and click Override on the Actions tab select Log at Session End and click OK

（D）This rule has traffic logging enabled by default no further action is required

正解：C 解答を投票する

質問 10

An administrator would like to override the default deny action for a given application and instead would like to block the traffic and send the ICMP code "communication with the destination is administratively prohibited" Which security policy action causes this?

（A）Reset both

（B）Reset server

（C）Drop, send ICMP Unreachable

（D）Drop

正解：C 解答を投票する

質問 11

How often does WildFire release dynamic updates?

（A）every 60 minutes

（B）every 5 minutes

（C）every 15 minutes

（D）every 30 minutes

正解：B 解答を投票する

質問 12

Based on the graphic, what is the purpose of the SSL/TLS Service profile configuration option?

（A）It defines the certificate to send to the client's browser from the management interface.

（B）It defines the SSUTLS encryption strength used to protect the management interface.

（C）It defines the CA certificate used to verify the client's browser.

（D）It defines the firewall's global SSL/TLS timeout values.

正解：A 解答を投票する

質問 13

You receive notification about new malware that is being used to attack hosts The malware exploits a software bug in a common application Which Security Profile detects and blocks access to this threat after you update the firewall's threat signature database?

（A）Data Filtering Profile applied to outbound Security policy rules

（B）Data Filtering Profile applied to inbound Security policy rules

（C）Antivirus Profile applied to outbound Security policy rules

（D）Vulnerability Profile applied to inbound Security policy rules

正解：C 解答を投票する

質問 14

What are the two main reasons a custom application is created? (Choose two.)

（A）To correctly identify an internal application in the traffic log

（B）To visually group similar applications

（C）To reduce unidentified traffic on a network

（D）To change the default categorization of an application

正解：A、C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 15

Which two types of profiles are needed to create an authentication sequence? (Choose two.)

（A）Authentication profile

（B）Security profile

（C）Interface Management profile

（D）Server profile

正解：A、D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 16

Which administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact and command-and-control (C2) server.
Which security profile components will detect and prevent this threat after the firewall`s signature database has been updated?

（A）antivirus profile applied to outbound security policies

（B）data filtering profile applied to outbound security policies

（C）data filtering profile applied to inbound security policies

（D）vulnerability profile applied to inbound security policies

正解：B 解答を投票する

質問 17

What is a prerequisite before enabling an administrative account which relies on a local firewall user database?

（A）Configure an authentication policy

（B）Isolate the management interface on a dedicated management VLAN

（C）Configure an authentication sequence

（D）Configure an authentication profile

正解：D 解答を投票する

質問 18

Which component is a building block in a Security policy rule?

（A）timeout (min)

（B）application

（C）decryption profile

（D）destination interface

正解：B 解答を投票する

質問 19

In which two Security Profiles can an action equal to the block IP feature be configured? (Choose two.)

（A）Antivirus

（B）URL Filtering

（C）Vulnerability Protection

（D）Anti-spyware

正解：C、D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 20

A Security Profile can block or allow traffic at which point?

（A）on either the data plane or the management plane

（B）after it is matched to a Security policy rule that allows or blocks traffic

（C）after it is matched to a Security policy rule that allows traffic

（D）before it is matched to a Security policy rule

正解：C 解答を投票する

PCNSA 無料問題集「Palo Alto Networks Certified Network Security Administrator」

弊社を連絡する

関連リンク

トップ試験