• ホーム
  • ブログ
  • 練習できるPCNSC問題には認定ガイド問題と解答とトレーニングを提供しています [Q23-Q41]

練習できるPCNSC問題には認定ガイド問題と解答とトレーニングを提供しています [Q23-Q41]

Share

練習できるPCNSC問題には認定ガイド問題と解答とトレーニングを提供しています

無料Palo Alto Networks PCNSCテスト練習問題試験問題集

質問 23
An administrator has been asked to configure active/passive HA for a pair of Palo Alto Networks NGFWs.
The administrator assigns priority 100 to the active firewall.
Which priority is collect tot the passive firewall?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

正解: B

 

質問 24
An administrator has enabled OSPF on a virtual router on the NGFW OSPF is not adding new routes to the virtual router.
Which two options enable the administrator top troubleshoot this issue? (Choose two.)

  • A. Add a redistribution profile to forward as BGP updates.
  • B. View System logs.
  • C. View Runtime Status virtual router.
  • D. Perform a traffic pcap at the routing stage.

正解: B,C

 

質問 25
Winch three steps will reduce the CPU utilization on the management plane? (Choose three. ) Disable logging at session start in Security policies.

  • A. Disable SNMP on the management interface.
  • B. Reduce the traffic being decrypted by the firewall.
  • C. Disable predefined reports.
  • D. Application override of SSL application.

正解: A,B,C

 

質問 26
A firewall administrator has been asked to configure a Palo Alto Networks NGFW to prevent against compromised hosts trying to phone-number or bacon out to eternal command-and-control (C2) servers.
Which Security Profile type will prevent these behaviors?

  • A. Anti-Spyware
  • B. Antivirus
  • C. Wildfire
  • D. Vulnerability Protection

正解: A

 

質問 27
An administrator sees several inbound sessions identified as unknown tcp in the Traffic logs. The administrator determines that these sessions are from external users accessing the company's propriety accounting application. The administrator wants to reliability identity this as their accounting application and to scan this traffic for threats.
Which option would achieve this result?

  • A. Create an Application Override policy
  • B. Create an Application Override policy and a custom threat signature for the application.
  • C. Create a custom App-ID and use the "ordered condition cheek box.
  • D. Create a custom App-ID and enable scanning on the advanced tab.

正解: B

 

質問 28
If an administrator wants to decrypt SMTP traffic and possesses the saver's certificate, which SSL decryption mode will allow the Palo Alto Networks NGFW to inspect traffic to the server?

  • A. SSL Inbound Inspection
  • B. SMTP inbound Decryption
  • C. TLS Bidirectional Inspection
  • D. SSH Forward now proxy

正解: D

 

質問 29
The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router.
Which two options would help the administrator Troubleshoot this issue? (Choose two.)

  • A. View the System logs and look for error messages about BGP
  • B. View the ACC lab to isolate routing issues.
  • C. Perform a traffic pcap on the NGFW lo see any BGP problems
  • D. View the Runtime Stats and look for problems with BGP configuration

正解: B,D

 

質問 30
An administrator has left a firewall to used default port for all management services.
Which three function performed by the dataplane? (Choose three.)

  • A. NAT
  • B. NTP
  • C. file blocking
  • D. WildFire updates
  • E. antivirus

正解: A,B,D

 

質問 31
Which administrative authentication method supports authorization by an external service?

  • A. RADIUS
  • B. LDAP
  • C. SSH keys
  • D. Certification

正解: C

 

質問 32
An administrator has created an SSL Decryption policy rule that decrypts SSL sessions on any port. Which log entry can the administrator use to verify that sessions are being decrypted?

  • A. In the details of the Traffic log entries
  • B. In the details of the Threat log entries
  • C. Data filtering log
  • D. Decryption tag

正解: A

 

質問 33
An administrator is using Panorama and multiple Palo Alto Networks NGFWs. After upgrading all devices to the latest PAN-OS software, the administrator enables logs forwarding from the firewalls to panorama Pre-existing logs from the firewall are not appearing in Panorama.
Which action would enables the firewalls to send their preexisting logs to Panorama?

  • A. The- log database will need to be exported from the firewall and manually imported into Panorama.
  • B. A CLI command will forward the pre-existing logs to Panorama.
  • C. Use the import option to pull logs panorama.
  • D. Use the ACC to consolidate pre-existing logs.

正解: B

 

質問 34
Which DoS protection mechanism detects and prevents session exhaustion attacks?

  • A. Pocket Based Attack Protection
  • B. TCP Port Scan Protection
  • C. Flood Protection
  • D. Resource Protection

正解: D

 

質問 35
Which two action would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL forward proxy? (Choose two.)

  • A. Create a Security Policy rule with vulnerability Security Profile attached.
  • B. Create a no-decrypt Decryption Policy rule.
  • C. Configure an EDL to pull IP Addresses of known sites resolved from a CRL.
  • D. Configure a Dynamic Address Group for untrusted sites.
  • E. Enable the "Block seasons with untrusted Issuers- setting.

正解: A,E

 

質問 36
Which three authentication faction factors does PAN-OS software support for MFA? (Choose three.)

  • A. SMS
  • B. Okta Adaptive
  • C. Push
  • D. Pull
  • E. Voice

正解: C,D,E

 

質問 37
The firewall identified a popular application as a unknown-tcp. Which options are available to identify the application? (Choose two.)

  • A. Submit an App-ID request to Palo Alto Networks.
  • B. Create a custom application.
  • C. Create a Security policy to identify the customer application.
  • D. Create a customer object for the customer application server to identify the custom application.

正解: B,D

 

質問 38
An organization has Palo Alto Networks MGfWs that send logs to remote monitoring and security management platforms. The network team has report has excessive traffic on the corporate WAN. How could the Palo Alto Networks NOFW administrator reduce WAN traffic while maintaining support for all the existing monitoring/security platforms?

  • A. Any configuration on an M-500 would address the insufficient bandwidth concerns.
  • B. forward logs from firewalls only to Panorama, and have Panorama forward log* lo other external service.
  • C. Forward logs from external sources to Panorama for correlation, arid from Panorama send to the NGFW
  • D. Configure log compression and optimization features on all remote firewalls.

正解: B

 

質問 39
What will be the egress interface if the traffic's ingress interface is Ethernet 1/6 sourcing form 192.168.11.3 and to the destination 10.46.41.113.during the.

  • A. ethernet 1/5
  • B. ethernet 1/7
  • C. ethernet 1/6
  • D. ethernet 1/3

正解: D

 

質問 40
View the GlobalProtect configuration screen capture.
What is the purpose of this configuration?

  • A. It configures the tunnel address of all internal clients lo an IP address range starting at 192 168 10 1.
  • B. It enables a Client to perform a reverse DNS lookup on 192 .168. 10 .1. to delect it is an internal client.
  • C. It forces an internal client to connect to an internal gateway at IP address 192 168 10 I.
  • D. It forces the firewall to perform a dynamic DNS update, Which adds the internal gateway's hostname and IP address to the DNS server.

正解: B

 

質問 41
......

試験準備には欠かさない!トップクラスのPalo Alto Networks PCNSC試験アプリ学習ガイドで練習問題最新版:https://www.goshiken.com/Palo-Alto-Networks/PCNSC-mondaishu.html

問題集練習試験問題学習ガイドはPCNSC試験:https://drive.google.com/open?id=1raPC57ShPIluZVP7x7OKxyPMVlovCmmM

関するブログ

もっと
PCNSC無料問題集