無料Palo Alto Networks PCNSA学習ガイド試験問題と解答
PCNSA試験問題集、PCNSA練習テスト問題
Palo Alto Networks PCNSA認定試験に備えるには、候補者はPalo Alto Networksのファイアウォールとネットワークセキュリティの概念についての実践的な経験が必要です。さらに、インストラクター主導のコース、オンライントレーニングモジュール、および学習ガイドなど、Palo Alto Networksが提供するトレーニングリソースを活用することができます。練習問題やその他の学習教材も、認定試験に備えるために利用できます。
Palo Alto Networks PCNSA認定試験は、組織内でPalo Alto Networksファイアウォールの展開と管理を担当するネットワークセキュリティ管理者、ネットワークエンジニア、およびその他のIT専門家を対象としています。この認定試験の候補者は、ネットワークセキュリティの概念やプロトコルについて良好な理解を持ち、ファイアウォールの構成と管理において実践的な経験を持っている必要があります。
質問 # 14
Given the scenario, which two statements are correct regarding multiple static default routes? (Choose two.)
- A. Route with highest metric is actively used
- B. Path monitoring does not determine if route is useable
- C. Path monitoring determines if route is useable
- D. Route with lowest metric is actively used
正解:C、D
質問 # 15
For the firewall to use Active Directory to authenticate users, which Server Profile is required in the Authentication Profile?
- A. RADIUS
- B. LDAP
- C. TACACS+
- D. SAML
正解:B
解説:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/authentication/configure-an-authentication-profile-and-sequence
質問 # 16
What do you configure if you want to set up a group of objects based on their ports alone?
- A. Address groups
- B. Service groups
- C. Application groups
- D. Custom objects
正解:B
質問 # 17
Match the network device with the correct User-ID technology.
正解:
解説:
Explanation
Microsoft Exchange - Server monitoring
Linux authentication - syslog monitoring
Windows Client - client probing
Citrix client - Terminal Services agent
質問 # 18
Your company requires positive username attribution of every IP address used by wireless devices to support a new compliance requirement. You must collect IP -to-user mappings as soon as possible with minimal downtime and minimal configuration changes to the wireless devices themselves. The wireless devices are from various manufactures.
Given the scenario, choose the option for sending IP-to-user mappings to the NGFW.
- A. XFF headers
- B. RADIUS
- C. syslog
- D. UID redistribution
正解:C
質問 # 19
Which built-in IP address EDL would be useful for preventing traffic from IP addresses that are verified as unsafe based on WildFire analysis Unit 42 research and data gathered from telemetry?
- A. Palo Alto Networks C&C IP Addresses
- B. Palo Alto Networks Bulletproof IP Addresses
- C. Palo Alto Networks Known Malicious IP Addresses
- D. Palo Alto Networks High-Risk IP Addresses
正解:C
解説:
Palo Alto Networks Known Malicious IP Addresses
-Contains IP addresses that are verified malicious based on WildFire analysis, Unit 42 research, and data gathered from telemetry (Share Threat Intelligence with Palo Alto Networks). Attackers use these IP addresses almost exclusively to distribute malware, initiate command-and-control activity, and launch attacks.
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/use-an-external-dynamic-list-in-policy/built-in-edls
質問 # 20
Which administrative management services can be configured to access a management interface?
- A. SSH: telnet HTTP, HTTPS
- B. HTTPS, SSH telnet SNMP
- C. HTTP, CLI, SNMP, HTTPS
- D. HTTPS, HTTP. CLI, API
正解:D
解説:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/management-interfaces You can use the following user interfaces to manage the Palo Alto Networks firewall:
Use the Web Interface to perform configuration and monitoring tasks with relative ease. This graphical interface allows you to access the firewall using HTTPS (recommended) or HTTP and it is the best way to perform administrative tasks.
Use the Command Line Interface (CLI) to perform a series of tasks by entering commands in rapid succession over SSH (recommended), Telnet, or the console port. The CLI is a no-frills interface that supports two command modes, operational and configure, each with a distinct hierarchy of commands and statements. When you become familiar with the nesting structure and syntax of the commands, the CLI provides quick response times and administrative efficiency.
Use the XML API to streamline your operations and integrate with existing, internally developed applications and repositories. The XML API is a web service implemented using HTTP/HTTPS requests and responses.
Use Panorama to perform web-based management, reporting, and log collection for multiple firewalls. The Panorama web interface resembles the firewall web interface but with additional functions for centralized management.
質問 # 21
What is the main function of Policy Optimizer?
- A. reduce load on the management plane by highlighting combinable security rules
- B. migrate other firewall vendors' security rules to Palo Alto Networks configuration
- C. eliminate "Log at Session Start" security rules
- D. convert port-based security rules to application-based security rules
正解:D
解説:
Reference: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/app-id-features/policy- optimizer.html
質問 # 22
Which protocol is used to map usernames to user groups when User-ID is configured?
- A. RADIUS
- B. LDAP
- C. TACACS+
- D. SAML
正解:B
解説:
Explanation/Reference: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-users-to-groups.html
質問 # 23
Match the Palo Alto Networks Security Operating Platform architecture to its description.
正解:
解説:
質問 # 24
Assume that traffic matches a Security policy rule but the attached Security Profiles is configured to block matching traffic.
Which statement accurately describes how the firewall will apply an action to matching traffic?
- A. If it is a block rule then Security Profile action is applied last
- B. If it is a block rule then the Security policy rule action is applied last
- C. If it is an allowed rule, then the Security Profile action is applied last
- D. If it is an allow rule then the Security policy rule is applied last
正解:C
質問 # 25
Which User-ID agent would be appropriate in a network with multiple WAN links, limited network bandwidth, and limited firewall management plane resources?
- A. Windows-based agent deployed on each of the WAN Links
- B. Citrix terminal server deployed on the internal network
- C. PAN-OS integrated agent deployed on the internal network
- D. Windows-based agent deployed on the internal network
正解:D
解説:
Explanation
Another reason to choose the Windows agent over the integrated PAN-OS agent is to save processing cycles on the firewall's management plane.
質問 # 26
Arrange the correct order that the URL classifications are processed within the system.
正解:
解説:
質問 # 27
Which data-plane processor layer of the graphic shown provides uniform matching for spyware and vulnerability exploits on a Palo Alto Networks Firewall?
- A. Network Processing
- B. Signature Matching
- C. Security Processing
- D. Security Matching
正解:B
質問 # 28
Which three statement describe the operation of Security Policy rules or Security Profiles? (Choose three)
- A. Security policy rules inspect but do not block traffic.
- B. Security Profile are attached to security policy rules.
- C. Security Profile should be used only on allowed traffic.
- D. Security Policy rules can block or allow traffic.
- E. Security Policy rules are attached to Security Profiles.
正解:B、C、E
質問 # 29
Based on the screenshot, what is the purpose of the Included Groups?
- A. They are groups that are imported from RADIUS authentication servers.
- B. They are the only groups visible based on the firewall's credentials.
- C. They are used to map users to groups.
- D. They contain only the users you allow to manage the firewall.
正解:C
解説:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-users-to-groups.html
質問 # 30
Which administrator type utilizes predefined roles for a local administrator account?
- A. Device administrator
- B. Role-based
- C. Superuser
- D. Dynamic
正解:D
解説:
Explanation/Reference:
Reference: https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-cli-quick-start/get-started-with-the-cli/ give-administrators-access-to-the-cli/administrative-privileges?PageSpeed=noscript
質問 # 31
Complete the statement. A security profile can block or allow traffic____________
- A. before it is matched by a security policy
- B. after it is matched by a security policy that allows traffic
- C. on unknown-tcp or unknown-udp traffic
- D. after it is matched by a security policy that allows or blocks traffic Security profiles are objects added to policy rules that are configured with an action of allow.
正解:B
質問 # 32
Based on the show security policy rule would match all FTP traffic from the inside zone to the outside zone?
- A. inside-portal
- B. internal-inside-dmz
- C. engress outside
- D. intercone-default
正解:D
質問 # 33
Which type of address object is www.paloaltonetworks.com?
- A. named address
- B. IP netmask
- C. IP range
- D. FQDN
正解:D
質問 # 34
What is a recommended consideration when deploying content updates to the firewall from Panorama?
- A. After deploying content updates, perform a commit and push to Panorama.
- B. Content updates for firewall A/A HA pairs need a defined master device.
- C. Content updates for firewall A/P HA pairs can only be pushed to the active firewall.
- D. Before deploying content updates, always check content release version compatibility.
正解:A
解説:
https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-licenses-and-updates/deploy-updates-to-firewalls-log-collectors-and-wildfire- appliances-using-panorama/schedule-a-content-update-using-panorama.html
質問 # 35
Complete the statement. A security profile can block or allow traffic____________
- A. after it is matched by a security policy that allows or blocks traffic
- B. after it is matched by a security policy that allows traffic
- C. before it is matched by a security policy
- D. on unknown-tcp or unknown-udp traffic
正解:A
解説:
Explanation
Security profiles are not used in the match criteria of a traffic flow. The security profile is applied to scan traffic after the application or category is allowed by the security policy.
質問 # 36
......
最新のPCNSA実際の無料試験問題は更新された284問があります:https://jp.fast2test.com/PCNSA-premium-file.html
検証済みPCNSA問題集PDF資料 [2023年更新]:https://drive.google.com/open?id=1rbNEvzsoh9JrEX4AKvAvcIDDPqHiwI1C