PCNSA無料問題集「Palo Alto Networks Certified Network Security Administrator」

質問 1

Which security profile should be used to classify malicious web content?

（A）Antivirus

（B）URL Filtering

（C）Vulnerability Protection

（D）Web Content

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

Identify the correct order to configure the PAN-OS integrated USER-ID agent.
3. add the service account to monitor the server(s)
2. define the address of the servers to be monitored on the firewall
4. commit the configuration, and verify agent connection status
1. create a service account on the Domain Controller with sufficient permissions to execute the User- ID agent

（A）2-3-4-1

（B）1-4-3-2

（C）1-3-2-4

（D）3-1-2-4

正解：C 解答を投票する

質問 3

An administrator configured a Security policy rule where the matching condition includes a single application and the action is set to deny. What deny action will the firewall perform?

（A）Perform the default deny action as defined in the App-ID database for the application

（B）Drop the traffic silently

（C）Discard the session's packets and send a TCP reset packet to let the client know the session has been terminated

（D）Send a TCP reset packet to the client- and server-side devices

正解：C 解答を投票する

質問 4

In which section of the PAN-OS GUI does an administrator configure URL Filtering profiles?

（A）Device

（B）Policies

（C）Objects

（D）Network

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

Which user mapping method could be used to discover user IDs in an environment with multiple Windows domain controllers?

（A）domain controller monitoring

（B）Windows client probing

（C）Active Directory monitoring

（D）Windows session monitoring

正解：C 解答を投票する

質問 6

How is the hit count reset on a rule?

（A）Device > Setup > Logging and Reporting Settings > Reset Hit Count

（B）select a security policy rule, right click Hit Count > Reset

（C）in the CLI, type command reset hitcount <POLICY-NAME>

（D）with a dataplane reboot

正解：B 解答を投票する

質問 7

Which object would an administrator create to block access to all high-risk applications?

（A）Vulnerability Protection profile

（B）application filter

（C）application group

（D）HIP profile

正解：B 解答を投票する

質問 8

Where within the firewall GUI can all existing tags be viewed?

（A）Network > Tags

（B）Objects > Tags

（C）Policies > Tags

（D）Monitor > Tags

正解：B 解答を投票する

質問 9

Where within the URL Filtering security profile must a user configure the action to prevent credential submissions?

（A）URL Filtering > HTTP Header Insertion

（B）URL Filtering > URL Filtering Settings

（C）URL Filtering > Categories

（D）URL Filtering > Inline Categorization

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

Which two matching criteria are used when creating a Security policy involving NAT? (Choose two.)

（A）Post-NAT address

（B）Post-NAT zone

（C）Pre-NAT zone

（D）Pre-NAT address

正解：B、D 解答を投票する

質問 11

Which statement best describes the use of Policy Optimizer?

（A）Policy Optimizer can add or change a Log Forwarding profile for each Secunty policy selected

（B）Policy Optimizer can display which Security policies have not been used in the last 90 days

（C）Policy Optimizer can be used on a schedule to automatically create a disabled Layer 7 App-ID Security policy for every Layer 4 policy that exists Admins can then manually enable policies they want to keep and delete ones they want to remove

（D）Policy Optimizer on a VM-50 firewall can display which Layer 7 App-ID Security policies have unused applications

正解：D 解答を投票する

質問 12

After making multiple changes to the candidate configuration of a firewall, the administrator would like to start over with a candidate configuration that matches the running configuration.
Which command in Device > Setup > Operations would provide the most operationally efficient way to accomplish this?

（A）Import named config snapshot

（B）Load named configuration snapshot

（C）Revert to last saved configuration

（D）Revert to running configuration

正解：D 解答を投票する

質問 13

The compliance officer requests that all evasive applications need to be blocked on all perimeter firewalls out to the internet The firewall is configured with two zones;
1. trust for internal networks
2. untrust to the internet
Based on the capabilities of the Palo Alto Networks NGFW, what are two ways to configure a security policy using App-ID to comply with this request? (Choose two )

（A）Create a deny rule at the top of the policy from trust to untrust with service application-default and select evasive as the application

（B）Create a deny rule at the top of the policy from trust to untrust over any service and select evasive as the application

（C）Create a deny rule at the top of the policy from trust to untrust with service application-default and add an application filter with the evasive characteristic

（D）Create a deny rule at the top of the policy from trust to untrust over any service and add an application filter with the evasive characteristic

正解：C、D 解答を投票する

PCNSA 無料問題集「Palo Alto Networks Certified Network Security Administrator」

弊社を連絡する

関連リンク

トップ試験