PCNSA無料問題集「Palo Alto Networks Certified Network Security Administrator」

質問 1

How would a Security policy need to be written to allow outbound traffic using Secure Shell (SSH) to destination ports tcp/22 and tcp/4422?

（A）The admin creates a Security policy allowing application "ssh" and service "application-default".

（B）The admin creates a custom service object named "tcp-4422" with port tcp/4422.
The admin then creates a Security policy allowing application "ssh", service "tcp-4422". and service
"application-default".

（C）The admin creates a custom service object named "tcp-4422" with port tcp/4422.
The admin also creates a custom service object named "tcp-22" with port tcp/22.
The admin then creates a Security policy allowing application "ssh", service "tcp-4422". and service
"tcp-22".

（D）The admin creates a custom service object named "tcp-4422" with port tcp/4422.
The admin then creates a Security policy allowing application "ssh" and service "tcp-4422".

正解：C 解答を投票する

質問 2

In which two types of NAT can oversubscription be used? (Choose two.)

（A）Dynamic IP and Port (DIPP)

（B）Dynamic IP

（C）Static IP

（D）Destination NAT

正解：A、B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

Which interface type can use virtual routers and routing protocols?

（A）Layer2

（B）Tap

（C）Virtual Wire

（D）Layer3

正解：D 解答を投票する

質問 4

In the example security policy shown, which two websites fcked? (Choose two.)

（A）LinkedIn

（B）Facebook

（C）YouTube

（D）Amazon

正解：A、B 解答を投票する

質問 5

Which administrator type utilizes predefined roles for a local administrator account?

（A）Dynamic

（B）Device administrator

（C）Superuser

（D）Role-based

正解：A 解答を投票する

質問 6

How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?

（A）Automatically "download only" and then install Applications and Threats later, after the administrator approves the update

（B）Configure the option for "Threshold"

（C）Automatically "download and install" but with the "disable new applications" option used

（D）Disable automatic updates during weekdays

正解：B 解答を投票する

質問 7

View the diagram.

What is the most restrictive yet fully functional rule to allow general Internet and SSH traffic into both the DMZ and Untrust/lnternet zones from each of the lOT/Guest and Trust Zones?

（A）

（B）

（C）

（D）

正解：C 解答を投票する

質問 8

Which rule type is appropriate for matching traffic occurring within a specified zone?

（A）Intrazone

（B）Interzone

（C）Shadowed

（D）Universal

正解：A 解答を投票する

質問 9

Which type firewall configuration contains in-progress configuration changes?

（A）running

（B）committed

（C）backup

（D）candidate

正解：D 解答を投票する

質問 10

How many zones can an interface be assigned with a Palo Alto Networks firewall?

（A）four

（B）three

（C）two

（D）one

正解：D 解答を投票する

質問 11

Which Security profile would you apply to identify infected hosts on the protected network uwall user database?

（A）Antivirus

（B）URL filtering

（C）Anti-spyware

（D）Vulnerability protection

正解：C 解答を投票する

質問 12

Which URL Filtering Profile action does not generate a log entry when a user attempts to access a URL?

（A）block

（B）override

（C）continue

（D）allow

正解：D 解答を投票する

質問 13

What is the main function of Policy Optimizer?

（A）migrate other firewall vendors' security rules to Palo Alto Networks configuration

（B）convert port-based security rules to application-based security rules

（C）reduce load on the management plane by highlighting combinable security rules

（D）eliminate "Log at Session Start" security rules

正解：B 解答を投票する

質問 14

What are three valid ways to map an IP address to a username? (Choose three.)

（A）a user connecting into a GlobalProtect gateway using a GlobalProtect Agent

（B）usernames inserted inside HTTP Headers

（C）using the XML API

（D）WildFire verdict reports

（E）DHCP Relay logs

正解：A、B、C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 15

Which stage of the cyber-attack lifecycle makes it important to provide ongoing education to users on spear phishing links, unknown emails, and risky websites?

（A）delivery

（B）installation

（C）exploitation

（D）reconnaissance

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 16

Which path in PAN-OS 10.0 displays the list of port-based security policy rules?

（A）Policies> Security> Rule Usage> No App Specified

（B）Policies> Security> Rule Usage> Port-based Rules

（C）Policies> Security> Rule Usage> Unused Apps

（D）Policies> Security> Rule Usage> Port only specified

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 17

An administrator is configuring a NAT rule
At a minimum, which three forms of information are required? (Choose three.)

（A）source zone

（B）destination zone

（C）destination address

（D）destination interface

（E）name

正解：A、B、C 解答を投票する

PCNSA 無料問題集「Palo Alto Networks Certified Network Security Administrator」

弊社を連絡する

関連リンク

トップ試験