PCNSC 無料問題集「Palo Alto Networks Certified Network Security Consultant」
A customer has deployed a GlobalProtect portal and gateway as its remote-access VPN solution for its fleet of Windows 10 laptops The customer wants to use Host information Profile (HIP) data collected at the GlobalProtect gateway throughout its enterprise as an additional means of policy enforcement What additional licensing must the customer purchase?
正解:B
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)
In Panorama the web interface displays the security rules in evaluation order Organize the security rules m the order in which they will be evaluated?
正解:
Explanation:
In Panorama, security rules are evaluated in a specific order to determine which rule applies to the traffic. The correct evaluation order is as follows:
* Shared pre-rules(evaluated first)
* Device group pre-rules(evaluated second)
* Local firewall rules(evaluated third)
* Device group post-rules(evaluated fourth)
* Shared post-rules(evaluated fifth)
This order ensures that the most generic rules (shared across all devices) are evaluated first, followed by more specific rules at the device group and local firewall levels, and then the post-rules.
References:
* Palo Alto Networks - Panorama Admin Guide:
https://docs.paloaltonetworks.com/panorama/10-0/panorama-admin/policy/policy-precedence-and-evaluati
* Palo Alto Networks - Security Policy Evaluation: https://knowledgebase.paloaltonetworks.com
You are hosting a public-facing web server on your DMZ and access to that server is through a Palo Alto Networks firewall Both internal clients and internet clients access this web server using the FQDN public webserver acme com which resolves to the public address of 99.99 99.2 Which combination of NAT policies is necessary to enable access to the web server for both internal and internet clients?
正解:C
解答を投票する
解説: (JPNTest メンバーにのみ表示されます)