Palo Alto Networks PCNSC日常練習試験は2025年最新のに更新された62問あります [Q18-Q43]

Palo Alto Networks PCNSC日常練習試験は2025年最新のに更新された62問あります

有効問題を試そう！PCNSC試験で実際の試験問題と解答

PCNSC認定試験は、ネットワークセキュリティ設計の原則、ファイアウォールの構成と管理、脅威防止と検出、VPN構成と管理、パノラマ管理など、幅広いトピックをカバーしています。この試験は、これらの分野での候補者の知識とスキルをテストし、パロアルトネットワークベースのネットワークセキュリティソリューションを効果的に実装および管理できるようにするように設計されています。 PCNSC認定試験は、ネットワークセキュリティのスキルと知識を高め、雇用主とクライアントに専門知識を実証しようとしているネットワークセキュリティの専門家に最適です。

 

質問 # 18
An organization has Palo Alto Networks MGfWs that send logs to remote monitoring and security management platforms. The network team has report has excessive traffic on the corporate WAN. How could the Palo Alto Networks NOFW administrator reduce WAN traffic while maintaining support for all the existing monitoring/security platforms?

• A. Forward logs from external sources to Panorama for correlation, arid from Panorama send to the NGFW
• B. forward logs from firewalls only to Panorama, and have Panorama forward log* lo other external service.
• C. Configure log compression and optimization features on all remote firewalls.
• D. Any configuration on an M-500 would address the insufficient bandwidth concerns.

正解：B

質問 # 19
Examine the configured Security policy rule Which day one/Iron Skillet Security Profile Group is used to secure the traffic that is permitted through this rule?

• A. Outbound
• B. Internal
• C. Inbound
• D. Detautl

正解：B

解説：
The security policy rule shown in the image is configured to permit traffic from a source zoneLAN-User-Zoneto a destination zoneServer-Zone. The applications allowed includetftp,ssl, andweb-browsing, and the action isallow. According to Iron Skillet day one configurations, which provide best practice security profiles for immediate deployment, the relevant security profile group used to secure internal traffic like this is theInternalprofile group.
Iron Skillet provides predefined configuration templates including security profile groups like Internal, External, and others to quickly secure traffic according to typical deployment scenarios.
References:
* Palo Alto Networks - Iron Skillet Documentation:https://github.com/PaloAltoNetworks/iron-skillet

質問 # 20
Which of the following WildFire action settings will ensure that a malicious file is quarantined and prevented from spreading?

• A. Allow
• B. Block
• C. Reset-Both
• D. Alert

正解：B

質問 # 21
Which two action would be part of an automatic solution that would block sites with untrusted certificates without enabling SSL forward proxy? (Choose two.)

• A. Configure a Dynamic Address Group for untrusted sites.
• B. Create a Security Policy rule with vulnerability Security Profile attached.
• C. Enable the "Block seasons with untrusted Issuers- setting.
• D. Create a no-decrypt Decryption Policy rule.
• E. Configure an EDL to pull IP Addresses of known sites resolved from a CRL.

正解：B、C

質問 # 22
A customer has deployed a GlobalProtect portal and gateway as its remote-access VPN solution for its fleet of Windows 10 laptops The customer wants to use Host information Profile (HIP) data collected at the GlobalProtect gateway throughout its enterprise as an additional means of policy enforcement What additional licensing must the customer purchase?

• A. DNS Security on the perimeter firewall
• B. WildFire license
• C. GlobalProtect license for each firewall that will use HIP data to enforce policy
• D. GlobalProtect license for the gateway firewall

正解：C

質問 # 23
The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router.
Which two options would help the administrator Troubleshoot this issue? (Choose two.)

• A. Perform a traffic pcap on the NGFW lo see any BGP problems
• B. View the Runtime Stats and look for problems with BGP configuration
• C. View the ACC lab to isolate routing issues.
• D. View the System logs and look for error messages about BGP

正解：B、C

質問 # 24
Refer to the exhibit.

A web server in the DMZ is being mapped to a public address through DNAT.
Which Security policy rule will allow traffic to flow to the web server?

• A. Untrust (any) to Untrust (10. 1.1. 100), web browsing - Allow
• B. Untrust (any) to Untrust (1. 1. 1. 100), web browsing - Allow
• C. Untrust (any) to DMZ (10. 1. 1. 100), web browsing - Allow
• D. Untrust (any) to DMZ (1. 1. 1. 100), web browsing - Allow

正解：B

質問 # 25
TAC has requested a PCAP on your Panorama lo see why the DNS app is having intermittent issues resolving FODN What is the appropriate CLI command1*

• A. tcpdump snaplen 53 filter "port 53"
• B. tcp dump snaplen 53 filter "tcp 53"
• C. tcpdump snaplen 0 filter "port 53"
• D. tcp dump snap-en 0 filter "app dns"

正解：C

解説：
To capture a PCAP on your Panorama to troubleshoot DNS resolution issues, the appropriate CLI command is:
B:tcpdump snaplen 0 filter "port 53"
This command captures packets with no size limit (snaplen 0) and filters the traffic for port 53, which is used by DNS. This is the most straightforward and comprehensive way to capture all DNS traffic for analysis.
References:
* Palo Alto Networks - Using tcpdump on PAN-OS: https://knowledgebase.paloaltonetworks.com
* Palo Alto Networks - Troubleshooting Network Connectivity Issues: https://docs.paloaltonetworks.com

質問 # 26
Your customer has asked you to set up tunnel monitoring on an IPsec VPN tunnel between two offices What three steps are needed to set up tunnel monitoring? (Choose three)

• A. Create a monitoring profile
• B. Enable tunnel monitoring on each IPsec tunnel
• C. Restart each IPsec tunnel
• D. Restart each IKE gateway
• E. Add an IP address to each tunnel interface

正解：A、B、E

解説：
To set up tunnel monitoring on an IPsec VPN tunnel between two offices, the following steps are needed:
A:Create a monitoring profile: This profile defines the criteria for monitoring, such as the IP address to ping and the failure condition.
B:Add an IP address to each tunnel interface: Tunnel monitoring requires an IP address on each tunnel interface to send and receive monitoring pings.
E:Enable tunnel monitoring on each IPsec tunnel: This step activates the monitoring profile on the IPsec tunnel, ensuring that the tunnel is actively monitored and can trigger alerts or failover mechanisms if the tunnel goes down.
These steps ensure that the tunnel is properly monitored, allowing for proactive detection and response to connectivity issues.
References:
* Palo Alto Networks - Configuring IPsec Tunnel Monitoring:
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/vpns/site-to-site-vpn/configure-ipsec-tunnel-

質問 # 27
Which two types of security profiles are recommended to protect against known and unknown threats?
(Choose two)

• A. URL Filtering
• B. Anti-Spyware
• C. Antivirus
• D. File Blocking

正解：B、C

質問 # 28
What will be the egress interface if the traffic's ingress interface is Ethernet 1/6 sourcing form 192.168.11.3 and to the destination 10.46.41.113.during the.

• A. ethernet 1/7
• B. ethernet 1/3
• C. ethernet 1/5
• D. ethernet 1/6

正解：B

質問 # 29
Which PAN-OS policy must you configure to force a user to provide additional credential before he is allowed to access an internal application that contains highly sensitive business data?

• A. Authentication policy
• B. Security policy
• C. Application Override policy
• D. Decryption policy

正解：A

質問 # 30
An administrator has been asked to configure active/passive HA for a pair of Palo Alto Networks NGFWs.
The administrator assigns priority 100 to the active firewall.
Which priority is collect tot the passive firewall?

• A. 0
• B. 1
• C. 2
• D. 3

正解：C

質問 # 31
Which feature can be configured on VM-Series firewalls'?

• A. aggregate interlaces
• B. Globallprotect
• C. machine learning
• D. multiple virtual systems

正解：B

質問 # 32
Which three options are supposed in HA Lite? (Choose three.)

• A. session synchronization
• B. active/passive deployment
• C. Configuration synchronization
• D. synchronization of IPsec security associations
• E. Virtual link

正解：B、C、D

質問 # 33
A customer wants to combine multiple Ethernet interfaces into a single virtual interface using Link aggregation.
Which two formats are correct for naming aggregate interlaces? (Choose two.)

• A. aggregate.8
• B. ae.1
• C. aggregate.1
• D. ae.8

正解：B、D

質問 # 34
A speed/duplex negotiation mismatch is between the Palo Alto Networks management port and the switch it connect.
How would an administrator configure the interface to IGbps?

• A. set deviceconfig interface speed-duplex 1Gbs--half-duplex
• B. set deviceconfig system speed-duplex 1Gbs--half-duplex.
• C. set deviceconfig interface speed-duplex 1Gbs--full-duplex
• D. set deviceconfig system speed-duplex 10Gbps-full-duplex

正解：B

質問 # 35
A Palo Alto Networks NGFW just submitted a file lo WildFire tor analysis Assume a 5-minute window for analysis. The firewall is configured to check for verdicts every 5 minutes.
How quickly will the firewall receive back a verdict?

• A. 5 minutes
• B. 10 to 15 minutes
• C. More than 15 minutes
• D. 5 to 10 minutes

正解：D

質問 # 36
An administrator needs to create a new Antivirus Profile to address a virus that is spreading internally over SMB.
To create a secure posture the administrator should choose which set of actions for the SMB decoder in an Antivirus Profile?

• A. Action - Reset-Both. WiWfire Action - Alert
• B. Action - Reset-Both: Wildfire Action - Reset-Both
• C. Action - Drop; Wildfire Action - Reset-Both
• D. Action - Allow; Wildfire Action - Allow

正解：B

解説：
To create a secure Antivirus Profile to address a virus spreading internally over SMB, the administrator should choose the following set of actions for the SMB decoder:
B:Action - Reset-Both; Wildfire Action - Reset-Both
Choosing "Reset-Both" for both the Antivirus Action and the Wildfire Action ensures that the connection is terminated on both the client and server sides whenever a virus is detected. This action helps prevent the spread of the virus by cutting off the infected connection immediately.
References:
* Palo Alto Networks - Antivirus Profile Best Practices: https://docs.paloaltonetworks.com/best-practices
* Palo Alto Networks - Creating and Configuring Antivirus Profiles:
* https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/antivirus-profiles

質問 # 37
Which of the following is NOT a benefit of using App-ID?

• A. Identifies applications running on non-standard ports
• B. Ensures consistent bandwidth allocation for all applications
• C. Blocks application traffic that uses dynamic ports
• D. Reduces the attack surface by allowing only required applications

正解：B

質問 # 38
What happens when a packet from an existing session is received by a firewall that

• A. The firewall lakes ownership of the session from the peer firewall
• B. The firewall drops the packet to prevent any L3 loops
• C. The firewall forwards the packet lo the peer firewall over the HA3 link
• D. The firewall requests the sender to resend the packet

正解：A

解説：
When a packet from an existing session is received by a firewall that is part of an HA (High Availability) pair:
D:The firewall takes ownership of the session from the peer firewall
In a high-availability configuration, if a firewall in an HA pair receives a packet for an existing session that it is not currently handling, it will take ownership of that session from the peer firewall. This ensures seamless continuity of the session and maintains the stateful nature of the firewall's session handling.
References:
* Palo Alto Networks - High Availability Concepts:
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/high-availability/ha-concepts

質問 # 39
The firewall identified a popular application as a unknown-tcp. Which options are available to identify the application? (Choose two.)

• A. Create a custom application.
• B. Submit an App-ID request to Palo Alto Networks.
• C. Create a customer object for the customer application server to identify the custom application.
• D. Create a Security policy to identify the customer application.

正解：A、C

質問 # 40
Instead of disabling App-IDs regularly, a security policy rule is going to be configured to temporarily allow new App-IDs. In which two circumstances is it valid to disable App-IDs as part of content update-?
(Choose two)

• A. when disabling facebook-base to disable all other Facebook App-IDs
• B. when planning to enable the App-IDs immediately
• C. when an organization operates a mission-critical network and has zero tolerance for downtime
• D. when you want to immediately benefit from the latest threat prevention

正解：C、D

解説：
Disabling App-IDs as part of a content update can be valid in the following circumstances:
B:When you want to immediately benefit from the latest threat prevention: Disabling certain App-IDs can help ensure that the latest threat prevention measures are applied without waiting for the App-IDs to be fully tested in a specific environment. This can be crucial in quickly addressing emerging threats.
D:When an organization operates a mission-critical network and has zero tolerance for downtime: In such environments, administrators might temporarily disable new or modified App-IDs to avoid potential disruptions caused by unverified or untested App-IDs. This ensures that the network remains stable and functional while the new App-IDs are evaluated in a controlled manner.
References:
* Palo Alto Networks - Best Practices for Application and Threat Content Updates:
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/app-id/manage-app-id/application-and-threat
* Palo Alto Networks - Application and Threat Content Release Notes:
* https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-release-notes/application-and-threat-content-release

質問 # 41
An administrator logs in to the Palo Alto Networks NGFW and reports and reports that the WebUI is missing the policies tab. Which profile is the cause of the missing policies tab?

• A. Authentication
• B. Authorization
• C. WebUI
• D. Admin Role

正解：D

質問 # 42
What should an administrator consider when planning to revert Panorama to a pre-PAN-OS 8.1 version?

• A. An administrator must use the Expedition tool to adapt the configuration to the pre-pan-OS 8.1 state.
• B. When Panorama is reverted to an earlier PAN-OS release, variable used in template stacks will be removed authentically.
• C. Panorama cannot be reverted to an earlier PAN-OS release if variables are used in templates or stacks.
• D. Administrators need to manually update variable characters to those to used in pre-PAN-OS 8.1.

正解：C

質問 # 43
......

テストエンジンに練習PCNSCテスト問題：https://www.goshiken.com/Palo-Alto-Networks/PCNSC-mondaishu.html

PCNSCリアル試験問題でテストエンジン問題集トレーニングには62問あります：https://drive.google.com/open?id=1PLlvE1Nd1WATTE5O9iF06FDDkoB0-2Au