[2023年11月11日] 合格させるPCNSEレビューガイド、信頼され続けるPCNSEテストエンジン [Q22-Q45]

[2023年11月11日] 合格させるPCNSEレビューガイド、信頼され続けるPCNSEテストエンジン

PCNSEテストエンジン練習テスト問題、試験問題集

質問 # 22
An administrator has a PA-820 firewall with an active Threat Prevention subscription.
The administrator is considering adding a WildFire subscription.
How does adding the WildFire subscription improve the security posture of the organization1?

• A. WildFire and Threat Prevention combine to provide the utmost security posture for the firewall
• B. Protection against unknown malware can be provided in near real-time
• C. WildFire and Threat Prevention combine to minimize the attack surface
• D. After 24 hours WildFire signatures are included in the antivirus update

正解：B

質問 # 23
Which two are valid ACC GlobalProtect Activity tab widgets? (Choose two)

• A. Successful GlobalProtect Deployed Activity
• B. GlobalProtect Deployment Activity
• C. GlobalProtect Quarantine Activity
• D. Successful GlobalProtect Connection Activity

正解：C、D

質問 # 24
Which tool provides an administrator the ability to see trends in traffic over periods of time, such as threats
detected in the last 30 days?

• A. Packet Capture
• B. Session Browser
• C. Application Command Center
• D. TCP Dump

正解：C

解説：
Explanation/Reference:
Reference: https://live.paloaltonetworks.com/t5/Management-Articles/Tips-amp-Tricks-How-to-Use-the-
Application-Command-Center-ACC/ta-p/67342

質問 # 25
Refer to the exhibit.

An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and HOST B (10.1.1.101) receives SSH traffic.) Which two security policy rules will accomplish this configuration? (Choose two.)

• A. Untrust (Any) to Untrust (10.1.1.100), web-browsing -Allow
• B. Untrust (Any) to Untrust (10.1.1.101), ssh -Allow
• C. Untrust (Any) to DMZ (10.1.1.100.10.1.1.101), ssh, web-browsing -Allow
• D. Untrust (Any) to DMZ (10.1.1.100), web-browsing -Allow
• E. Untrust (Any) to DMZ (10.1.1.100), ssh -Allow

正解：D、E

質問 # 26
Which statement is true regarding a Best Practice Assessment?

• A. It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture
• B. It runs only on firewalls
• C. It shows how your current configuration compares to Palo Alto Networks recommendations
• D. When guided by an authorized sales engineer, it helps determine the areas of greatest risk where you should focus prevention activities.

正解：D

質問 # 27
A company wants to install a PA-3060 firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and to assign untagged (native) traffic to its own zone which options differentiates multiple VLAN into separate zones?

• A. Create V-Wire objects with two V-Wire interfaces and define a range of "0-4096 in the "Tag Allowed" field of the V-Wire object.
• B. Create VLAN objects for each VLAN and assign VLAN interfaces matching each VLAN ID. Repeat for every additional VLAN and use a VLAN ID of 0 for untagged traffic. Assign each interface/sub interface to a unique zone.
• C. Create V-Wire objects with two V-Wire subinterfaces and assign only a single VLAN ID to the Tag Allowed" field of the V-Wire object. Repeat for every additional VLAN and use a VLAN ID of 0 for untagged traffic. Assign each iinterface/sub interface to a unique zone.
• D. Create Layer 3 subinterfaces that are each assigned tA. single VLAN ID and a common virtual router.
  The physical Layer 3 interface would handle untagged traffic. Assign each interface/subinterface tA.
  unique zone. Do not assign any interface an IP address.

正解：C

解説：
Explanation
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/networking/configure-interfaces/virtual-wire-interfaces/vlan-tagged-traffic
Virtual wire interfaces by default allow all untagged traffic. You can, however, use a virtual wire to connect two interfaces and configure either interface to block or allow traffic based on the virtual LAN (VLAN) tags. VLAN tag 0 indicates untagged traffic.You can also create multiple subinterfaces, add them into different zones, and then classify traffic according to a VLAN tag or a combination of a VLA N tag with IP classifiers (address, range, or subnet) to apply granular policy control for specific VLAN tags or for VLAN tags from a specific source IP address, range, or subnet.

質問 # 28
Which three authentication factors does PAN-OS® software support for MFA (Choose three.)

• A. Pull
• B. Voice
• C. Push
• D. SMS
• E. Okta Adaptive

正解：B、C、D

質問 # 29
Where can an administrator see both the management plane and data plane CPU utilization in the WebUI?

• A. Resources widget
• B. System Utilization log
• C. System log
• D. CPU Utilization widget

正解：A

解説：
Explanation
System Resources (widget)Displays the Management CPU usage, Data Plane usage, and the Session Count (the number of sessions established through the firewall or Panorama).
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-web-interface-help/dashboard/dashboard-widgets#

質問 # 30
Refer to the diagram.

An administrator needs to create an address object that will be useable by the NYC. MA, CA and WA device groups Where will the object need to be created within the device-group hierarchy?

• A. East
• B. US
• C. Americas
• D. West

正解：C

質問 # 31
Which option describes the operation of the automatic commit recovery feature?

• A. It enables a firewall to revert to the previous configuration if a commit causes HA partner connectivity failure.
• B. It enables a firewall to revert to the previous configuration if application dependency errors are found.
• C. It enables a firewall to revert to the previous configuration if a commit causes Panorama connectivity failure.
• D. It enables a firewall to revert to the previous configuration if rule shadowing is detected.

正解：C

質問 # 32
An administrator device-group commit push is tailing due to a new URL category How should the administrator correct this issue?

• A. update the Firewall Apps and Threat version to match the version of Panorama
• B. ensure that the firewall can communicate with the URL cloud
• C. change the new category action to alert" and push the configuration again
• D. verify that the URL seed Tile has been downloaded and activated on the firewall

正解：A

質問 # 33
Where is information about packet buffer protection logged?

• A. Alert entries are in the System log Entries for dropped traffic, discarded sessions and blocked IP addresses are in the Threat log
• B. Alert entries are in the Alarms log Entries for dropped traffic, discarded sessions, and blocked IP address are in the Threat log
• C. All entries are in the Alarms log
• D. All entries are in the System log

正解：A

解説：
Explanation
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNGFCA4

質問 # 34
Which CLI command displays the physical media that are connected to ethernetl/8?

• A. > show system state filter-pretty sys.si.p8.med
• B. > show system state filter-pretty sys.sl.p8.phy
• C. > show interface ethernetl/8
• D. > show system state filter-pretty sys.si.p8.stats

正解：B

解説：
Example output:
> show system state filter-pretty sys.s1.p1.phy
sys.s1.p1.phy: {
link-partner: { },
media: CAT5,
type: Ethernet,
}
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cld3CAC

質問 # 35
Which feature must you configure to prevent users from accidentally submitting their corporate credentials to a phishing website?

• A. Vulnerability Protection profile
• B. URL Filtering profile
• C. Zone Protection profile
• D. Anti-Spyware profile

正解：B

解説：
Explanation/Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/threat-prevention/prevent- credential-phishing

質問 # 36
What are five benefits of Palo Alto Networks NGFWs (Next Generation Firewalls)? (Select the five correct answers.)

• A. Identical security subscriptions on all models
• B. Predictable throughput
• C. Convenient configuration Wizard
• D. Seemless integration with the Threat Intelligence Cloud
• E. Comprehensive security platform designed to scale functionality over time
• F. Easy-to-use GUI which is the same on all models

正解：A、B、D、E、F

質問 # 37
An administrator needs to troubleshoot a User-ID deployment The administrator believes that there is an issue related to LDAP authentication The administrator wants to create a packet capture on the management plane Which CLI command should the administrator use to obtain the packet capture for validating the configuration^

• A. > scp export pcap-mgmt from pcap.mgmt to (username@host:path)
• B. > scp export pcap from pcap to (usernameQhost:path)
• C. > scp export mgmt-pcap from mgmt.pcap to {usernameQhost:path>
• D. > ftp export mgmt-pcap from mgmt.pcap to <FTP host>

正解：A

解説：
Additionally, you can manually export the PCAP via SCP or TFTP, i.e.: > scp export mgmt-pcap from mgmt.pcap to <value> Destination (username@host:path) Ref: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CleECAS

質問 # 38
A company has configured a URL Filtering profile with override action on their firewall. Which two profiles are needed to complete the configuration? (Choose two)

• A. SSL/TLS Service
• B. Decryption
• C. Interface Management
• D. HTTP Server

正解：A、C

解説：
Explanation
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRdCAK
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/url-filtering/configure-url-filtering
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/url-filtering/allow-password-access-to-certain-sites

質問 # 39
Which CLI command enables an administrator to view details about the firewall including uptime, PAN- OS® version, and serial number?

• A. show session info
• B. show system details
• C. debug system details
• D. show system info

正解：D

解説：
Explanation/Reference:
Reference: https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/technical- documentation/pan-os-60/PAN-OS-6.0-CLI-ref.pdf

質問 # 40
Refer to the exhibit.

An administrator cannot see any if the Traffic logs from the Palo Alto Networks NGFW on Panorama. The configuration problem seems to be on the firewall side. Where is the best place on the Palo Alto Networks NGFW to check whether the configuration is correct?
A:

B:

C:

D:

• A. Option C
• B. Option D
• C. Option B
• D. Option A

正解：B

質問 # 41
An administrator deploys PA-500 NGFWs as an active/passive high availability pair. The devices are not participating in dynamic routing, and preemption is disabled.
What must be verified to upgrade the firewalls to the most recent version of PAN-OS software?

• A. WildFire update package.
• B. Antivirus update package.
• C. User-ID agent.
• D. Applications and Threats update package.

正解：D

解説：
Explanation/Reference: https://www.paloaltonetworks.com/documentation/80/pan-os/newfeaturesguide/upgrade-to-pan-os-
80/upgrade-the-firewall-to-pan-os-80/upgrade-an-ha-firewall-pair-to-pan-os-80

質問 # 42
A customer has an application that is being identified as unknown-top for one of their custom PostgreSQL database connections. Which two configuration options can be used to correctly categorize their custom database application? (Choose two.)

• A. Custom application.
• B. Application Override policy.
• C. Security policy to identify the custom application.
• D. Custom Service object.

正解：A、B

質問 # 43
Refer to the exhibit.

Which certificate can be used as the Forward Trust certificate?

• A. Certificate from Default Trusted Certificate Authorities
• B. Domain-Root-Cert
• C. Domain Sub-CA
• D. Forward-Trust

正解：D

質問 # 44
Which three file types can be forwarded to WildFire for analysis as a part of the basic WildFire service?
(Choose three.)

• A. .apk
• B. .exe
• C. .dll
• D. .pdf
• E. .jar
• F. .src

正解：B、C、F

解説：
Explanation
https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/getting-started/enable-basic-wildfire-forwarding

質問 # 45
......

100%無料PCNSE日常練習試験には91問があります：https://www.goshiken.com/Palo-Alto-Networks/PCNSE-mondaishu.html

PCNSE試験資料Palo Alto Networks学習ガイド：https://drive.google.com/open?id=1ce7TdI6ASs9iAHlLOOL5tpYv3XvfcHjw