PCNSE試験無料問題集「Palo Alto Networks Certified Network Security Engineer 認定」

ページ: 1 / 18
トータル 330 問

サインアップ、ログインされた後に、試験全体を無料で表示できるようになります。

出題：1

A company configures its WildFire analysis profile to forward any file type to the WildFire public cloud. A company employee receives an email containing an unknown link that downloads a malicious Portable Executable (PE) file.
What does Advanced WildFire do when the link is clicked?

A. Does not perform malicious content analysis on the linked page, but performs it on the corresponding PE file.

B. Performs malicious content analysis on the linked page and the corresponding PE file.

C. Does not perform malicious content analysis on either the linked page or the corresponding PE file.

D. Performs malicious content analysis on the linked page, but not the corresponding PE file.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

A network security engineer needs to ensure that virtual systems can communicate with one another within a Palo Alto Networks firewall. Separate virtual routers (VRs) are created for each virtual system.
In addition to confirming security policies, which three configuration details should the engineer focus on to ensure communication between virtual systems? (Choose three.)

A. Add a route with next hop next-vr by using the VR configured in the virtual system.

B. Layer 3 zones for the virtual systems that need to communicate.

C. External zones with the virtual systems added.

D. Ensure the virtual systems are visible to one another.

E. Add a route with next hop set to none, and use the interface of the virtual systems that need to communicate.

正解：A,C,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

An administrator is configuring a Panorama device group. Which two objects are configurable? (Choose two.)

A. SSL/TLS profiles

B. URL Filtering profiles

C. DNS Proxy

D. address groups

正解：B,D 解答を投票する

出題：4

Which three options does Panorama offer for deploying dynamic updates to its managed devices? (Choose three.)

A. Revert content

B. Schedules

C. Check dependencies

D. Verify

E. Install

正解：A,B,E 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

An engineer is configuring a Protection profile to defend specific endpoints and resources against malicious activity.
The profile is configured to provide granular defense against targeted flood attacks for specific critical systems that are accessed by users from the internet.
Which profile is the engineer configuring?

A. DoS Protection

B. Packet Buffer Protection

C. Vulnerability Protection

D. Zone Protection

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

An engineer needs to collect User-ID mappings from the company's existing proxies. What two methods can be used to pull this data from third-party proxies? (Choose two)

A. Client Probing

B. Server Monitoring

C. Syslog

D. XFF Headers

正解：C,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Given the following snippet of a WildFire submission log did the end-user get access to the requested information and why or why not?

A. No, because the severity is high and the verdict is malicious.

B. No, because this is an example from a defeated phishing attack

C. Yes, because the action is set to allow.

D. Yes, because the action is set to alert

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

A customer requires that virtual systems with separate virtual routers can communicate with one another within a Palo Alto Networks firewall. In addition to confirming Security policies, which three configurations will accomplish this goal? (Choose three)

A. Route added with next hop next-vr by using the VR configured in the virtual system

B. Route added with next hop set to "none" and using the interface of the virtual systems that need to communicate

C. External zones with the virtual systems added

D. Layer 3 zones for the virtual systems that need to communicate

正解：A,C,D 解答を投票する

出題：9

An administrator configures a site-to-site IPsec VPN tunnel between a PA-850 and an external customer on their policy-based VPN devices.
What should an administrator configure to route interesting traffic through the VPN tunnel?

A. Proxy IDs

B. GRE Encapsulation

C. Tunnel Monitor

D. ToS Header

正解：A 解答を投票する

出題：10

An administrator needs to validate that policies that will be deployed will match the appropriate rules in the device-group hierarchy. Which tool can the administrator use to review the policy creation logic and verify that unwanted traffic is not allowed?

A. Test Policy Match

B. Preview Changes

C. Managed Devices Health

D. Policy Optimizer

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：11

A firewall engineer creates a new App-ID report under Monitor > Reports > Application Reports > New Applications to monitor new applications on the network and better assess any Security policy updates the engineer might want to make.
How does the firewall identify the New App-ID characteristic?

A. It matches to the New App-IDs downloaded in the last 90 days.

B. It matches to the New App-IDs downloaded in the last 30 days.

C. It matches to the New App-IDs in the most recently installed content releases.

D. It matches to the New App-IDs installed since the last time the firewall was rebooted.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：12

A company wants to implement threat prevention to take action without redesigning the network routing.
What are two best practice deployment modes for the firewall? (Choose two.)

A. Virtual Wire

B. TAP

C. Layer 3

D. Layer 2

正解：A,D 解答を投票する

出題：13

Users have reported an issue when they are trying to access a server on your network. The requests aren't taking the expected route. You discover that there are two different static routes on the firewall for the server.
What is used to determine which route has priority?

A. The route with the highest administrative distance

B. Bidirectional Forwarding Detection

C. The first route installed

D. The route with the lowest administrative distance

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：14

A network security administrator has an environment with multiple forms of authentication. There is a network access control system in place that authenticates and restricts access for wireless users, multiple Windows domain controllers, and an MDM solution for company-provided smartphones. All of these devices have their authentication events logged.
Given the information, what is the best choice for deploying User-ID to ensure maximum coverage?

A. Syslog listener

B. Captive portal

C. Agentless User-ID with redistribution

D. Standalone User-ID agent

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：15

Which three items must be configured to implement application override? (Choose three )

A. Application override policy rule

B. Application filter

C. Security policy rule

D. Decryption policy rule

E. Custom app

正解：A,C,E 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：16

What type of NAT is required to configure transparent proxy?

A. Source translation with Dynamic IP and Port

B. Source translation with Static IP

C. Destination translation with Dynamic IP

D. Destination translation with Static IP

正解：C 解答を投票する

出題：17

Which sessions does Packet Buffer Protection apply to when used on ingress zones to protect against single- session DoS attacks?

A. New sessions and is global

B. Existing sessions and is global

C. Existing sessions and is not global

D. New sessions and is not global

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：18

Which Panorama feature protects logs against data loss if a Panorama server fails?

A. Panorama HA with Log Redundancy ensures that no logs are lost if a server fails inside the HA Cluster.

B. Panorama Collector Group automatically ensures that no logs are lost if a server fails inside the Collector Group

C. Panorama Collector Group with Log Redundancy ensures that no logs are lost if a server fails inside the Collector Group.

D. Panorama HA automatically ensures that no logs are lost if a server fails inside the HA Cluster.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：19

Which DoS Protection Profile detects and prevents session exhaustion attacks against specific destinations?

A. Resource Protection

B. Packet Buffer Protection

C. Packet Based Attack Protection

D. TCP Port Scan Protection

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

ページ: 1 / 18
トータル 330 問

PCNSE の機能をすべて解除する

キャプチャ不要
365日無料更新サービス
希望する合格率を設定できる
時間の割り当てられる（時間：分）
PCNSE に2つの練習用モード
サポートサービス対応

完全版を入手する

弊社のサイトにはあなたの試験合格を助けるために研究された効果的な知能問題集を提供しています。材料はすべてのユーザーによって称賛されています。弊社のサイトは、最短時間で多くの証明書を取得するのに役立つ学習プラットフォームになります。

掲示板

試験Identity-and-Access-Management-Architect-JPN トピック5 問題49 スレッド
試験SK0-005J トピック1 問題103 スレッド
試験MuleSoft-Integration-Architect-I トピック9 問題15 スレッド
試験NCP-MCI-6.10 トピック3 問題32 スレッド
試験Identity-and-Access-Management-Designer-JPN トピック4 問題187 スレッド
試験Identity-and-Access-Management-Architect-JPN トピック2 問題155 スレッド
試験SK0-005J トピック4 問題297 スレッド

弊社を連絡する

我々の働いている時間：( UTC+9 ) 9:00-24:00

月曜日から土曜日まで

サポート：現在連絡

我々は１２時間以内ですべてのお問い合わせを答えます。