[2023年11月最新リリース]PCNSE問題集でPCNSE PAN-OS認証 [Q29-Q46]

[2023年11月最新リリース]PCNSE問題集でPCNSE PAN-OS認証

最新の完璧なPCNSE問題集問題と解答で100%パスさせます

PCNSE認定は、セキュリティの専門家、ネットワークエンジニア、システム管理者、およびPalo Alto Networksの次世代ファイアウォールを管理または展開する人を対象としています。この認定は、ITセキュリティ業界でのキャリアを促進しようとしている専門家にとって貴重な資産です。 PCNSE認定試験は困難であり、候補者はPalo Alto Networksファイアウォールとの詳細な知識と実践的な経験を持つ必要があります。ただし、認定は、新しいキャリアの機会を開き、ネットワークセキュリティに関する候補者の専門知識を検証するため、努力と時間の投資に値します。

Palo Alto NetworksのPCNSE認定は、サイバーセキュリティ業界において雇用主に高く評価されています。それは候補者が必要なスキルと知識を持ち、Palo Alto Networksの製品に取り組んで組織のネットワークをサイバー脅威から守る能力を持つことを証明します。その認定は、候補者のキャリアを推進し、収入を増やすのに役立ちます。

 

質問 # 29
An administrator creates an SSL decryption rule decrypting traffic on all ports. The administrator also
creates a Security policy rule allowing only the applications DNS, SSL, and web-browsing.
The administrator generates three encrypted BitTorrent connections and checks the Traffic logs. There are
three entries. The first entry shows traffic dropped as application Unknown. The next two entries show
traffic allowed as application SSL.
Which action will stop the second and subsequent encrypted BitTorrent connections from being allowed as
SSL?

• A. Disable the exclude cache option for the firewall.
• B. Create a Security policy rule that matches application "encrypted BitTorrent" and place the rule at the
  top of the Security policy.
• C. Create a Decryption Profile to block traffic using unsupported cyphers, and attach the profile to the
  decryption rule.
• D. Create a decryption rule matching the encrypted BitTorrent traffic with action "No-Decrypt," and place
  the rule at the top of the Decryption policy.

正解：B

質問 # 30
When configuring a GlobalProtect Portal, what is the purpose of specifying an Authentication Profile?

• A. To enable user authentication to the Portal
• B. To enable Gateway authentication to the Portal
• C. To enable client machine authentication to the Portal
• D. To enable Portal authentication to the Gateway

正解：A

解説：
The additional options of Browser and Satellite enable you to specify the authentication profile to use for specific scenarios. Select Browser to specify the authentication profile to use to authenticate a user accessing the portal from a web browser with the intent of downloading the GlobalProtect agent (Windows and Mac). Select Satellite to specify the authentication profile to use to authenticate the satellite.
Reference
https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/globalprotect/network-globalprotect-portals

質問 # 31
On the NGFW. how can you generate and block a private key from export and thus harden your security posture and prevent rogue administrators or other bad actors from misusing keys?

• A. 1.Select Device > Certificate Management > Certificates >Devace > Certificates
  2. Import the certificate.
  3 Select Import Private Key
  4 Click Generate to generate the new certificate
• B. 1 Select Device > Certificate Management > Certificates > Device > Certificates
  2 Generate the certificate
  3 Select Block Private Key Export
  4 Click Genet ale to generate the new certificate.
• C. 1 Select Device > Certificates
  2 Select Certificate Profile
  3 Generate the certificate
  4 Select Block Private Key Export.
• D. 1 Select Device > Certificates
  2 Select Certificate Profile.
  3 Generate the certificate
  4 Select Block Private Key Export

正解：B

解説：
Explanation
1 -
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-new-features/decryption-features/block-export-of-private-
2 - https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/block-private-key-export

質問 # 32
You need to allow users to access the office-suite applications of their choice.
How should you configure the firewall to allow access to any office-suite application?

• A. Create an Application Filter and name it Office Programs then filter on the business-systems category.
• B. Create an Application Group and add Office 365, Evernote Google Docs and Libre Office
• C. Create an Application Group and add business-systems to it.
• D. Create an Application Filter and name it Office Programs, then filter it on the office programs subcategory.

正解：D

質問 # 33
A session in the Traffic log is reporting the application as "incomplete." What does "incomplete" mean?

• A. The traffic is coming across UDP, and the application could not be identified.
• B. The three-way TCP handshake was observed, but the application could not be identified.
• C. Data was received but was instantly discarded because of a Deny policy was applied before App-ID could be applied.
• D. The three-way TCP handshake did not complete.

正解：D

解説：
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClibCAC

質問 # 34
A users traffic traversing a Palo Alto networks NGFW sometimes can reach http //www company com At other times the session times out. At other times the session times out The NGFW has been configured with a PBF rule that the user traffic matches when it goes to http://www.company.com
goes to http://www company com
How can the firewall be configured to automatically disable the PBF rule if the next hop goes down?

• A. Enable and configure a link monitoring profile for the external interface of the firewall
• B. Create and add a monitor profile with an action of fail over in the PBF rule in question
• C. Configure path monitoring for the next hop gateway on the default route in the virtual router
• D. Create and add a monitor profile with an action of wait recover in the PBF rule in question

正解：B

質問 # 35
Which Security policy rule will allow an admin to block facebook chat but allow Facebook in general?

• A. Deny application facebook on top
• B. Deny application facebook-chat before allowing application facebook
• C. Allow application facebook before denying application facebook-chat
• D. Allow application facebook on top

正解：B

解説：
Reference:
https://live.paloaltonetworks.com/t5/Configuration-Articles/Failed-to-Block-Facebook-Chat-Consistently/ta-p/115673

質問 # 36
Refer to exhibit.

An organization has Palo Alto Networks NGFWs that send logs to remote monitoring and security management platforms. The network team has reported excessive traffic on the corporate WAN.
How could the Palo Alto Networks NGFW administrator reduce WAN traffic while maintaining support for all existing monitoring platforms?

• A. Configure log compression and optimization features on all remote firewalls.
• B. Any configuration on an M-500 would address the insufficient bandwidth concerns.
• C. Forward logs from external sources to Panorama for correlation, and from Panorama send them to the NGFW.
• D. Forward logs from firewalls only to Panorama and have Panorama forward logs to other external services.

正解：A

質問 # 37
A network security administrator has an environment with multiple forms of authentication. There is a network access control system in place that authenticates and restricts access for wireless users, multiple Windows domain controllers, and an MDM solution for company-provided smartphones. All of these devices have their authentication events logged.
Given the information, what is the best choice for deploying User-ID to ensure maximum coverage?

• A. agentless User-ID with redistribution
• B. standalone User-ID agent
• C. Syslog listener
• D. captive portal

正解：B

質問 # 38
Which feature prevents the submission of corporate login information into website forms?

• A. File blocking
• B. Credential phishing prevention
• C. Data filtering
• D. User-ID

正解：B

質問 # 39
What are two best practices for incorporating new and modified App-IDs? (Choose two.)

• A. Study the release notes and install new App-IDs if they are determined to have low impact
• B. Perform a Best Practice Assessment to evaluate the impact of the new or modified App-IDs
• C. Configure a security policy rule to allow new App-IDs that might have network-wide impact
• D. Run the latest PAN-OS version in a supported release tree to have the best performance for the new App-IDs

正解：A、B

解説：
Explanation
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/app-id/manage-new-app-ids-introduced-in-content-r

質問 # 40
How can an administrator configure the NGFW to automatically quarantine a device using GlobalProtect?

• A. by adding the devices Host ID to a quarantine list and configure GlobalProtect to prevent users from connecting to the GlobalProtect gateway from a quarantined device
• B. by exporting the list of quarantined devices to a pdf or csv file by selecting PDF/CSV at the bottom of the Device Quarantine page and leveraging the appropriate XSOAR playbook
• C. there is no native auto-quarantine feature so a custom script would need to be leveraged
• D. by using security policies, log forwarding profiles, and log settings

正解：D

解説：

https://docs.paloaltonetworks.com/globalprotect/10-0/globalprotect-admin/host- information/quarantine-devices-using-host-information/automatically-quarantine-a-device

質問 # 41
What is the purpose of the firewall decryption broker?

• A. inspect traffic within IPsec tunnels
• B. decrypt SSL traffic and then send it as cleartext to a security chain of inspection tools.
• C. force decryption of previously unknown cipher suites
• D. reduce SSL traffic to a weaker cipher before sending it to a security chain of inspection tools.

正解：B

解説：

https://www.paloaltonetworks.com/documentation/81/pan-os/newfeaturesguide/decryption- features/decryption-broker

質問 # 42
Which feature must you configure to prevent users from accidentally submitting their corporate credentials to a phishing website?

• A. Anti-Spyware profile
• B. URL Filtering profile
• C. Zone Protection profile
• D. Vulnerability Protection profile

正解：B

解説：
Explanation/Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/threat-prevention/prevent- credential-phishing

質問 # 43
View the GlobalProtect configuration screen capture.
What is the purpose of this configuration?

• A. It configures the tunnel address of all internal clients to an IP address range starting at 192.168.10.1.
• B. It forces an internal client to connect to an internal gateway at IP address 192.168.10.1.
• C. It enables a client to perform a reverse DNS lookup on 192.168.10.1 to detect that it is an internal client.
• D. It forces the firewall to perform a dynamic DNS update, which adds the internal gateway's hostname and IP address to the DNS server.

正解：C

質問 # 44
What is the best description of the HA4 Keep-Alive Threshold (ms)?

• A. The time that a passive or active-secondary firewall will wait before taking over as the active or active-primary firewall
• B. the maximum interval between hello packets that are sent to verify that the HA functionality on the other firewall is operational.
• C. the timeframe within which the firewall must receive keepalives from a cluster member to know that the cluster member is functional.
• D. The timeframe that the local firewall wait before going to Active state when another cluster member is preventing the cluster from fully synchronizing.

正解：C

質問 # 45
A spike in dangerous traffic is observed. Which of the following PanOS tabs would an administrator utilize to identify culpable users.

• A. Device
• B. Network
• C. Policies
• D. ACC
• E. Monitor
• F. Objects

正解：D

質問 # 46
......

最新のPCNSE試験問題集でPalo Alto Networks試験トレーニング：https://www.goshiken.com/Palo-Alto-Networks/PCNSE-mondaishu.html

2023年最新のの問題PCNSE問題集で最新のPalo Alto Networks試験を使おう：https://drive.google.com/open?id=1ce7TdI6ASs9iAHlLOOL5tpYv3XvfcHjw