PCNSE無料問題集「Palo Alto Networks Certified Network Security Engineer」

質問 1

A firewall administrator wants to be able at to see all NAT sessions that are going 'through a firewall with source NAT. Which CLI command can the administrator use?

（A）show session all filter nat-rule-source

（B）show running nat-rule-ippool rule "rule_name

（C）show running nat-policy

（D）show session all filter nat source

正解：D 解答を投票する

質問 2

How should an administrator enable the Advance Routing Engine on a Palo Alto Networks firewall?

（A）Enable Advanced Routing Engine in Device > Setup > Session > Session Settings, then commit and reboot.

（B）Enable Advanced Routing in General Settings of Device > Setup > Management, then commit and reboot.

（C）Enable Advanced Routing in Network > Virtual Routers > Router Settings > General, then commit and reboot.

（D）Enable Advanced Routing in Network > Virtual Routers > Redistribution Profiles and then commit.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

A security engineer has configured a GlobalProtect portal agent with four gateways Which GlobalProtect Gateway will users connect to based on the chart provided?

（A）East

（B）West

（C）Central

（D）South

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

Which new PAN-OS 11.0 feature supports IPv6 traffic?

（A）DHCP Server

（B）IKEv1

（C）OSPF

（D）DHCPv6 Client with Prefix Delegation

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

What must be taken into consideration when preparing a log forwarding design for all of a customer's deployed Palo Alto Networks firewalls?

（A）Traffic and threat logs will not be forwarded unless the relevant Log Forwarding profile is attached to the security rules

（B）Traffic and threat logs will not be forwarded unless the relevant Log Forwarding profile is selected in
"Logging and Reporting Settings"

（C）The logs will not contain the names of the identified applications unless the "Enable enhanced application logging" option is selected

（D）App-ID engine will not identify any application traffic unless the "Enable enhanced application logging" option is selected

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

An administrator wants to configure the Palo Alto Networks Windows User-D agent to map IP addresses to u:
'The company uses four Microsoft Active 'servers and two Microsoft Exchange servers, which can provide logs for login events. All six servers have IP addresses assigned from the following subnet: 192.168.28.32/27.
The Microsoft Active Directory in 192.168.28.22/128, and the Microsoft Exchange reside in 192,168.28 48
/28. What the 0 the User

（A）network 192.188 28 32/27 with server type Microsoft

（B）the IP-address and corresponding server type (Microsoft Active Directory or Microsoft Exchange) for each of the six servers

（C）one IP address of a Microsoft Active Directory server and "Auto Discover" enabled to automatically obtain all five of the other servers

（D）network 192.168.28.32/28 with server type Microsoft Active Directory and network 192.168.28.40/28 Exchange

正解：B 解答を投票する

質問 7

Which three firewall multi-factor authentication factors are supported by PAN-OS? (Choose three.)

（A）User logon

（B）Push

（C）SSH key

（D）One-Time Password

（E）Short message service

正解：B、D、E 解答を投票する

質問 8

SSL Forward Proxy decryption is configured, but the firewall uses Untrusted-CA to sign the website
https://www.important-website.com certificate. End-users are receiving the "security certificate is not trusted" warning. Without SSL decryption, the web browser shows that the website certificate is trusted and signed by a well-known certificate chain Well-Known-Intermediate and Well-Known-Root-CA. The network security administrator who represents the customer requires the following two behaviors when SSL Forward Proxy is enabled:
* End-users must not get the warning for the https://www.very-important-website.com/ website
* End-users should get the warning for any other untrusted websiteWhich approach meets the two customer requirements?

（A）Install the Well-Known-Intermediate-CA and Well-Known-Root-CA certificates on all end-user systems in the user and local computer stores

（B）Navigate to Device > Certificate Management > Certificates > Device Certificates, import Well-Known- Intermediate-CA and Well-Known-Root-CA, select the Trusted Root CA check box, and commit the configuration

（C）Clear the Forward Untrust Certificate check box on the Untrusted-CA certificate and commit the configuration

（D）Navigate to Device > Certificate Management > Certificates > Default Trusted Certificate Authorities, import Well-Known-Intermediate-CA and Well-Known-Root-CA, select the Trusted Root CA check box, and commit the configuration

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

An administrator is troubleshooting application traffic that has a valid business use case, and observes the following decryption log message: "Received fatal alert UnknownCA from client." How should the administrator remediate this issue?

（A）Enable certificate revocation checking to deny access to sites with revoked certificates. -"

（B）Check for expired certificates and take appropriate actions to block or allow access based on business needs.

（C）Contact the site administrator with the expired certificate to request updates or renewal.

（D）Add the server's hostname to the SSL Decryption Exclusion List to allow traffic without decryption.

正解：D 解答を投票する

質問 10

Refer to the exhibit.

Which will be the egress interface if the traffic's ingress interface is ethernet1/7 sourcing from 192.168.111.3 and to the destination 10.46.41.113?

（A）ethernet1/5

（B）ethernet1/6

（C）ethernet1/3

（D）ethernet1/7

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

What are three prerequisites to enable Credential Phishing Prevention over SSL? (Choose three

（A）Enable User-ID.

（B）Create a URL filtering profile

（C）Create a decryption policy rule.

（D）Create an anti-virus profile.

（E）Configure a URL profile to block the phishing category.

正解：A、B、C 解答を投票する

質問 12

An engineer troubleshoots a Panorama-managed firewall that is unable to reach the DNS servers configured via a global template. As a troubleshooting step, the engineer needs to configure a local DNS server in place of the template value.
Which two actions can be taken to ensure that only the specific firewall is affected during this process?
(Choose two )

（A）Change the DNS server on the global template.

（B）Override the DNS server on the template stack.

（C）Configure a service route for DNS on a different interface.

（D）Configure the DNS server locally on the firewall.

正解：B、D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 13

Which three authentication types can be used to authenticate users? (Choose three.)

（A）Kerberos single sign-on

（B）GlobalProtect client

（C）Local database authentication

（D）PingID

（E）Cloud authentication service

正解：A、C、E 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 14

A firewall engineer creates a new App-ID report under Monitor > Reports > Application Reports > New Applications to monitor new applications on the network and better assess any Security policy updates the engineer might want to make.
How does the firewall identify the New App-ID characteristic?

（A）It matches to the New App-IDs in the most recently installed content releases.

（B）It matches to the New App-IDs installed since the last time the firewall was rebooted.

（C）It matches to the New App-IDs downloaded in the last 90 days.

（D）It matches to the New App-IDs downloaded in the last 30 days.

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 15

A company has configured GlobalProtect to allow their users to work from home. A decrease in performance for remote workers has been reported during peak-use hours.
Which two steps are likely to mitigate the issue? (Choose TWO)

（A）Exclude video traffic

（B）Enable decryption

（C）Block traffic that is not work-related

（D）Create a Tunnel Inspection policy

正解：A、C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

PCNSE 無料問題集「Palo Alto Networks Certified Network Security Engineer」

弊社を連絡する

関連リンク

トップ試験