• ホーム
  • ブログ
  • 最新版無料体験を掴み取れ!Palo Alto Networks PCNSE問題集PDFは更新されたのは2023年 [Q145-Q167]

最新版無料体験を掴み取れ!Palo Alto Networks PCNSE問題集PDFは更新されたのは2023年 [Q145-Q167]

Share

最新版無料体験を掴み取れ!Palo Alto Networks PCNSE問題集PDFは更新されたのは2023年

最新リリースのPCNSE問題集はPCNSE PAN-OS認証済みです


PCNSE認定は、Palo Alto Networks製品を扱い、ネットワークセキュリティの概念、プロトコル、およびテクノロジーに堅固な理解を持つセキュリティ専門家を対象としています。この認定は、企業、データセンター、クラウドを含むさまざまな環境で、Palo Alto Networksセキュリティソリューションを設計、実装、および管理するために必要なスキルを検証します。PCNSE認定は、Palo Alto Networks認定ネットワークセキュリティエンジニア(PCNSA)およびPalo Alto Networks認定セキュリティコンサルタント(PCNSC)を含むいくつかの高度なPalo Alto Networks認定の前提条件となります。

 

質問 # 145
A network administrator wants to deploy GlobalProtect with pre-logon for Windows 10 endpoints and follow Palo Alto Networks best practices.
To install the certificate and key for an endpoint, which three components are required? (Choose three.)

  • A. machine certificate
  • B. server certificate
  • C. local computer store
  • D. self-signed certificate
  • E. private key

正解:A、C、D

解説:
https://docs.paloaltonetworks.com/globalprotect/9-0/globalprotect-admin/globalprotect-quick-configs/remote-access-vpn-with-pre-logon.html


質問 # 146
A company has a web server behind a Palo Alto Networks next-generation firewall that it wants to make accessible to the public at 1.1.1.1. The company has decided to configure a destination NAT Policy rule.
Given the following zone information:
DMZ zone: DMZ-L3
Public zone: Untrust-L3
Guest zone: Guest-L3
Web server zone: Trust-L3
Public IP address (Untrust-L3): 1.1.1.1
Private IP address (Trust-L3): 192.168.1.50
What should be configured as the destination zone on the Original Packet tab of NAT Policy rule?

  • A. Untrust-L3
  • B. Trust-L3
  • C. DMZ-L3
  • D. Guest-L3

正解:A

解説:
Create the NAT policy.
1. Select Policies > NAT and click Add.
2. Enter a descriptive Name for the policy.
3. On the Original Packet tab, select the zone you created for your internal network in the Source Zone section (click Add and then select the zone) and the zone you created for the external network from the Destination Zone drop down.
4. On the Translated Packet tab, select Dynamic IP And Port from the Translation Type drop- down in the Source Address Translation section of the screen and then click Add. Select the address object you just created.
5. Click OK to save the NAT policy.
https://www.paloaltonetworks.com/documentation/60/pan-os/pan-os/getting-started/configure-nat- policies


質問 # 147
A customer wants to combine multiple Ethernet interfaces into a single virtual interface using link aggregation. Which two formats are correct for naming aggregate interfaces? (Choose two.)

  • A. aggregate.1
  • B. ae.8
  • C. aggregate.8
  • D. ae.1

正解:B、D

解説:
Explanation
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-web-interface-help/network/network-interfaces/aggregate


質問 # 148
Which log file can be used to identify SSL decryption failures?

  • A. Traffic
  • B. ACC
  • C. Configuration
  • D. Threats

正解:A

解説:
Explanation
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClboCAC


質問 # 149
An administrator wants multiple web servers In the DMZ to receive connections initiated from the internet. Traffic destined for 206.15.22.9 port 80/TCP needs to be forwarded to the server at 10.1.1.22.
Based on the image, which NAT rule will forward web-browsing traffic correctly?

  • A.
  • B.
  • C.
  • D.

正解:A


質問 # 150
Which statement accurately describes service routes and virtual systems?

  • A. Virtual systems that do not have specific service routes configured inherit the global service and service route settings for the firewall
  • B. The interface must be used for traffic to the required external services
  • C. Virtual systems can only use one interface for all global service and service routes of the firewall
  • D. Virtual systems cannot have dedicated service routes configured: and virtual systems always use the global service and service route settings for the firewall

正解:A

解説:
"When a firewall is enabled for multiple virtual systems, the virtual systems inherit the global service and service route settings." So you can define specific service routes if you want, but they start out as inherited from the global settings.


質問 # 151
An administrator has created an SSL Decryption policy rule that decrypts SSL sessions on any port.
Which log entry can the administrator use to verify that sessions are being decrypted?

  • A. Decryption log
  • B. Data Filtering log
  • C. In the details of the Threat log entries
  • D. In the details of the Traffic log entries

正解:D


質問 # 152
Which feature must you configure to prevent users form accidentally submitting their corporate credentials to a phishing website?

  • A. Zone Protection profile
  • B. Vulnerability Protection profile
  • C. Anti-Spyware profile
  • D. URL Filtering profile

正解:D


質問 # 153
In a virtual router, which object contains all potential routes?

  • A. FIB
  • B. SIP
  • C. MIB
  • D. RIB

正解:D

解説:
Reference: https://www.google.com/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=10&ved=0ahUKEwiOkbfYzPzXAhVnEJoKHcwVCg4QFghiMAk&
2Flive.paloaltonetworks.com%2Ftwzvq79624%2Fattachments%2Ftwzvq79624%2Fdocumentation_tkb%2F487%
2520Redistribution%2520and%2520Filtering%2520TechNote%2520-%2520Rev%
2520B.pdf&usg=AOvVaw0H9qgaJK0oI2xjIJBNo1Km


質問 # 154
Which Security Policy Rule configuration option disables antivirus and anti-spyware scanning of server-to-client flows only?

  • A. Add server IP Security Policy exception
  • B. Disable HIP Profile
  • C. Disable Server Response Inspection
  • D. Apply an Application Override

正解:C


質問 # 155
A users traffic traversing a Palo Alto networks NGFW sometimes can reach http //www company com At other times the session times out. At other times the session times out The NGFW has been configured with a PBF rule that the user traffic matches when it goes to http://www.company.com
goes to http://www company com
How can the firewall be configured to automatically disable the PBF rule if the next hop goes down?

  • A. Configure path monitoring for the next hop gateway on the default route in the virtual router
  • B. Create and add a monitor profile with an action of fail over in the PBF rule in question
  • C. Enable and configure a link monitoring profile for the external interface of the firewall
  • D. Create and add a monitor profile with an action of wait recover in the PBF rule in question

正解:B


質問 # 156
How are IPV6 DNS queries configured to user interface ethernet1/3?

  • A. Network > Interface Mgrnt
  • B. Objects > CustomerObjects > DNS
  • C. Network > Virtual Router > DNS Interface
  • D. Device > Setup > Services

正解:D


質問 # 157
To ensure that a Security policy has the highest priority, how should an administrator configure a Security policy in the device group hierarchy?

  • A. Reference the targeted device's templates in the target device group
  • B. Clone the security policy and add it to the other device groups
  • C. Add the policy to the target device group and apply a master device to the device group
  • D. Add the policy in the shared device group as a pre-rule

正解:D

解説:
https://docs.paloaltonetworks.com/panorama/9-0/panorama-admin/panorama-overview/centralized-firewall-configuration-and-update-management/device-groups/device-group-hierarchy.html


質問 # 158
Which three split tunnel methods are supported by a GlobalProtect Gateway? (Choose three.)

  • A. URL Category
  • B. Client Application Process
  • C. Source Domain
  • D. Destination Domain
  • E. Destination user/group
  • F. video streaming application

正解:B、D、F

解説:
Explanation/Reference: https://www.paloaltonetworks.com/documentation/81/pan-os/newfeaturesguide/globalprotect- features/split-tunnel-for-public-applications


質問 # 159
Place the steps in the WildFire process workflow in their correct order.

正解:

解説:


質問 # 160
Match each GlobalProtect component to the purpose of that component

正解:

解説:

Explanation
The GlobalProtect portal provides the management functions for your GlobalProtect infrastructure The GlobalProtect gateways provide security enforcement for traffic from GlobalProtect apps The GlobalProtect app software runs on endpoints and enables access to your network resources


質問 # 161
Refer to the exhibit.


Review the screenshots and consider the following information:
* FW-1 is assigned to the FW-1_DG device group, and FW-2 is assigned to OFFICE_FW_DG.
* There are no objects configured in REGIONAL_DG and OFFICE_FW_DG device groups.
Which IP address will be pushed to the firewalls inside Address Object Server-1?

  • A. Server-1 on FW-1 will have IP 4.4.4.4. Server-1 on FW-2 will have IP 1.1.1.1.
  • B. Server-1 on FW-1 will have IP 3.3.3.3. Server-1 will not be pushed to FW-2.
  • C. Server-1 on FW-1 will have IP 2.2.2.2. Server-1 will not be pushed to FW-2.
  • D. Server-1 on FW-1 will have IP 1.1.1.1. Server-1 will not be pushed to FW-2.

正解:C


質問 # 162
When is the content inspection performed in the packet flow process?

  • A. after the SSL Proxy re-encrypts the packet
  • B. after the application has been identified
  • C. before the packet forwarding process
  • D. before session lookup

正解:B

解説:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVHCA0


質問 # 163
A customer has an application that is being identified as unknown-tcp for one of their custom PostgreSQL database connections.
Which two configuration options can be used to correctly categorize their custom database application?
(Choose two.)

  • A. Security policy to identify the custom application.
  • B. Custom application.
  • C. Custom Service object.
  • D. Application Override policy.

正解:A、B


質問 # 164
What happens when an A/P firewall cluster synchronizes IPsec tunnel security associations (SAs)?

  • A. Phase 1 and Phase 2 SAs are synchronized over HA3 links.
  • B. Phase 1 and Phase 2 SAs are synchronized over HA2 links.
  • C. Phase 2 SAs are synchronized over HA2 links.
  • D. Phase 1 SAs are synchronized over HA1 links.

正解:C

解説:
Reference:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HAuZCAW&lang
=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCS ArticleDetail


質問 # 165
A Security policy rule is configured with a Vulnerability Protection Profile and an action of
'Deny".
Which action will this cause configuration on the matched traffic?

  • A. The configuration is valid. It will cause the firewall to deny the matched sessions. Any configured Security Profiles have no effect if the Security policy rule action is set to "Deny."
  • B. The configuration will allow the matched session unless a vulnerability is detected. The
    "Deny" action will supersede the per-severity defined actions defined in the associated Vulnerability Protection Profile.
  • C. The configuration is invalid. It will cause the firewall to skip this Security policy rule. A warning will be displayed during a commit.
  • D. The configuration is invalid. The Profile Settings section will be grayed out when the Action is set to "Deny".

正解:B


質問 # 166
To connect the Palo Alto Networks firewall to AutoFocus, which setting must be enabled?

  • A. Device>Setup> Management> Logging and Reporting Settings
  • B. Device> Setup>Management >AutoFocus
  • C. Device>Setup>WildFire>AutoFocus
  • D. AutoFocus is enabled by default on the Palo Alto Networks NGFW
  • E. Device>Setup>Services>AutoFocus

正解:B


質問 # 167
......


Palo Alto NetworksのPCNSE(Palo Alto Networks Certified Security Engineer)認定試験は、ITセキュリティ専門家にとって非常に求められる認定資格です。この認定資格は、リアルワールド環境でのPalo Alto Networksの次世代ファイアウォールの展開、管理、トラブルシューティングに必要なスキルと知識を検証するために設計されています。この認定資格は、セキュリティ管理者、ネットワークエンジニア、サポートスタッフを含む、Palo Alto Networksのファイアウォールの展開と管理を担当する個人を対象としています。


Palo Alto Networks PCNSE認定試験は、Palo Alto Networksテクノロジーの専門知識を証明したいセキュリティプロフェッショナルにとって、価値のある資格です。認定試験は、複雑なネットワーク環境においてPalo Alto Networks次世代ファイアウォールとPanorama管理サーバーを実装および管理するために必要なスキルと知識を検証します。認定試験は、候補者のサイバーセキュリティの様々な領域における知識とスキルを厳密に評価し、ネットワークセキュリティにおける2年以上の経験が必要です。

 

最新のPCNSE試験問題集でPalo Alto Networks試験問題にトレーニング:https://www.goshiken.com/Palo-Alto-Networks/PCNSE-mondaishu.html

更新された検証済みのPCNSE問題集と解答で100%合格させる:https://drive.google.com/open?id=1ce7TdI6ASs9iAHlLOOL5tpYv3XvfcHjw

関するブログ

もっと
PCNSE無料問題集