一番最新のPalo Alto Networks PCNSA試験問題集PDFには2025年更新
100%無料Paloalto Network Security Administrator PCNSA問題集PDFお試しサンプル認定ガイドがカバーされます
認定試験では、ネットワークセキュリティテクノロジー、セキュリティポリシー、セキュリティベストプラクティスなど、ネットワークセキュリティに関連する幅広いトピックをカバーしています。この試験は、Palo Alto Networksの次世代ファイアウォール、Panorama Management Server、およびその他のセキュリティテクノロジーを構成および管理する候補者の能力をテストするように設計されています。この試験では、VPN、NAT、DMZなどのネットワークセキュリティの概念も取り上げています。
質問 # 84
A network has 10 domain controllers, multiple WAN links, and a network infrastructure with bandwidth needed to support mission-critical applications. Given the scenario, which type of User-ID agent is considered a best practice by Palo Alto Networks?
- A. Citrix terminal server with adequate data-plane resources
- B. PAN-OS integrated agent
- C. Captive Portal
- D. Windows-based agent on a domain controller
正解:D
解説:
In an infrastructure with remote networks separated by WAN links, the integrated agent is more appropriate for reading remote logs and the Windows-based agent is more appropriate for reading local logs. However, use of the integrated agent is not without cost: It consumes more of the firewall's management plane resources. For this reason, deployment of the Windows agent at remote sites and having them forward the relevant User-ID information to a firewall on a central network often is beneficial.
質問 # 85
Match the Cyber-Attack Lifecycle stage to its correct description.
正解:
解説:
Explanation
Reconnaissance - stage where the attacker scans for network vulnerabilities and services that can be exploited.
Installation - stage where the attacker will explore methods such as a root kit to establish persistence Command and Control - stage where the attacker has access to a specific server so they can communicate and pass data to and from infected devices within a network.
Act on the Objective - stage where an attacker has motivation for attacking a network to deface web property
質問 # 86
An administrator would like to override the default deny action for a given application and instead would like to block the traffic and send the ICMP code "communication with the destination is administratively prohibited" Which security policy action causes this?
- A. Drop
- B. Reset both
- C. Reset server
- D. Drop, send ICMP Unreachable
正解:B
質問 # 87
Assume that traffic matches a Security policy rule but the attached Security Profiles is configured to block matching traffic Which statement accurately describes how the firewall will apply an action to matching traffic?
- A. If it is a block rule then the Security policy rule action is applied last
- B. If it is an allow rule then the Security policy rule is applied last
- C. If it is an allowed rule, then the Security Profile action is applied last
- D. If it is a block rule then Security Profile action is applied last
正解:C
質問 # 88
Based on the graphic which statement accurately describes the output shown in the server monitoring panel?

- A. The User-ID agent is connected to a domain controller labeled lab client.
- B. The host lab-client has been by the User-ID agent.
- C. The host lab-client has been found by a domain controller.
正解:A
質問 # 89
Given the screenshot, what two types of route is the administrator configuring? (Choose two.)
- A. static route
- B. BGP
- C. OSPF
- D. default route
正解:D
質問 # 90
Which solution is a viable option to capture user identification when Active Directory is not in use?
- A. group mapping
- B. Authentication Portal
- C. Cloud Identity Engine
- D. Directory Sync Service
正解:B
質問 # 91
An administrator would like to use App-ID's deny action for an application and would like that action updated with dynamic updates as new content becomes available.
Which security policy action causes this?
- A. Reset both
- B. Drop
- C. Deny
- D. Reset server
正解:C
解説:
Reference:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/manage- configuration backups/revert-firewall-configuration- changes.html
質問 # 92
An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?
- A. branch office traffic
- B. north-south traffic
- C. perimeter traffic
- D. east-west traffic
正解:D
質問 # 93
Drag and Drop Question
Match each feature to the DoS Protection Policy or the DoS Protection Profile.
Select and Place:
正解:
解説:
質問 # 94
An administrator notices that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would the administrator need to monitor and block to mitigate the malicious activity?
- A. branch office traffic
- B. north-south traffic
- C. perimeter traffic
- D. east-west traffic
正解:D
質問 # 95
Prior to a maintenance-window activity, the administrator would like to make a backup of only the running configuration to an external location. What command in Device > Setup > Operations would provide the most operationally efficient way to achieve this outcome?
- A. export device state
- B. export named configuration snapshot
- C. save candidate config
- D. save named configuration snapshot
正解:D
解説:
Export Named Configuration Snapshot This option exports the current running configuration, a candidate configuration snapshot, or a previously imported configuration (candidate or running). The firewall exports the configuration as an XML file with the specified name. You can save the snapshot in any network location. These exports often are used as backups. These XML files also can be used as templates for building other firewall configurations.
質問 # 96
You receive notification about a new malware that infects hosts. An infection results in the infected host attempting to contact a command-and-control server.
Which Security Profile detects and prevents this threat from establishing a command-and-control connection?
- A. Data Filtering Profile applied to outbound Security policy rules.
- B. Antivirus Profile applied to outbound Security policy rules
- C. Vulnerability Protection Profile applied to outbound Security policy rules.
- D. Anti-Spyware Profile applied to outbound security policies.
正解:D
質問 # 97
An internal host wants to connect to servers of the internet through using source NAT. Which policy is required to enable source NAT on the firewall?
- A. NAT policy with no source of destination zone selected
- B. NAT policy with source zone and destination zone specified
- C. post-NAT policy with external source and any destination address
- D. pre-NAT policy with external source and any destination address
正解:B
質問 # 98
Which object would an administrator create to enable access to all applications in the office-programs subcategory?
- A. Application filter
- B. HIP profile
- C. Application group
- D. URL category
正解:D
質問 # 99
What do Dynamic User Groups help you to do?
- A. create a dynamic list of firewall administrators
- B. create a policy that provides auto-sizing for anomalous user behavior and malicious activity
- C. create a policy that provides auto-remediation for anomalous user behavior and malicious activity
- D. create a QoS policy that provides auto-remediation for anomalous user behavior and malicious activity
正解:C
解説:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-new-features/user-id-features/dynamic-user-groups
質問 # 100
Match the network device with the correct User-ID technology.
正解:
解説:
Explanation
Microsoft Exchange - Server monitoring
Linux authentication - syslog monitoring
Windows Client - client probing
Citrix client - Terminal Services agent
質問 # 101
Based on the security policy rules shown, ssh will be allowed on which port?
- A. 0
- B. 1
- C. 2
- D. 3
正解:D
質問 # 102
A network administrator created an intrazone Security policy rule on the firewall. The source zones were set to IT. Finance, and HR.
Which two types of traffic will the rule apply to? (Choose two)
- A. traffic within zone IT
- B. traffic between zone IT and zone Finance
- C. traffic between zone Finance and zone HR
- D. traffic within zone HR
正解:A、D
質問 # 103
Actions can be set for which two items in a URL filtering security profile? (Choose two.)
- A. PAN-DB URL Categories
- B. Allow List
- C. Custom URL Categories
- D. Block List
正解:B、D
解説:
Explanation
質問 # 104
An administrator is investigating a log entry for a session that is allowed and has the end reason of aged-out. Which two fields could help in determining if this is normal? (Choose two.)
- A. Packets sent/received
- B. IP Protocol
- C. Action
- D. Decrypted
正解:B、D
質問 # 105
Which option lists the attributes that are selectable when setting up an Application filters?
- A. Category, Subcategory, Technology, Risk, and Characteristic
- B. Name, Category, Technology, Risk, and Characteristic
- C. Category, Subcategory, Risk, Standard Ports, and Technology
- D. Category, Subcategory, Technology, and Characteristic
正解:A
解説:
Explanation/Reference:
Reference:
https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-web-interface-help/objects/objects-application- filters
質問 # 106
Which data flow direction is protected in a zero trust firewall deployment that is not protected in a perimeter-only firewall deployment?
- A. north south
- B. east west
- C. inbound
- D. outbound
正解:A
質問 # 107
A website is unexpectedly allowed due to miscategorization.
What are two way-s to resolve this issue for a proper response? (Choose two.)
- A. Create a URL category and assign the affected URL.
Update the active URL Filtering profile site access setting for the custom URL category to block. - B. Identify the URL category being assigned to the website.
Edit the active URL Filtering profile and update that category's site access settings to block. - C. Create a URL category and assign the affected URL. Add a Security policy with a URL category qualifier of the custom URL category below the original policy. Set the policy action to Deny.
- D. Review the categorization of the website on https://urlfiltering.paloaltonetworks.com.
Submit for "request change*, identifying the appropriate categorization, and wait for confirmation before testing again.
正解:C、D
質問 # 108
......
PCNSA認定試験に備えるために、候補者は、トレーニングコース、学習ガイド、練習試験など、Palo Alto Networksが提供するさまざまなリソースを活用することができます。これらのリソースは、Palo Alto Networksプラットフォームを包括的に理解し、厳しい試験に備えるために設計されています。
更新されたのはPalo Alto Networks PCNSA問題集PDFオンラインエンジン:https://jp.fast2test.com/PCNSA-premium-file.html
PDF試験材料は2025年最新の実際に出るPCNSA問題集:https://drive.google.com/open?id=1rbNEvzsoh9JrEX4AKvAvcIDDPqHiwI1C