최신 PCNSE 무료덤프 - Palo Alto Networks Certified Network Security Engineer
Match the terms to their corresponding definitions
정답:
Which function does the HA4 interface provide when implementing a firewall cluster which contains firewalls configured as active-passive pairs?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
An administrator has a Palo Alto Networks NGFW. All security subscriptions and decryption are enabled and the system is running close to its resource limits.
Knowing that using decryption can be resource-intensive, how can the administrator reduce the load on the firewall?
Knowing that using decryption can be resource-intensive, how can the administrator reduce the load on the firewall?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
An engineer is designing a deployment of multi-vsys firewalls.
What must be taken into consideration when designing the device group structure?
What must be taken into consideration when designing the device group structure?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
An engineer is deploying multiple firewalls with common configuration in Panorama.
What are two benefits of using nested device groups? (Choose two.)
What are two benefits of using nested device groups? (Choose two.)
정답: C,D
설명: (DumpTOP 회원만 볼 수 있음)
Which User-ID mapping method should be used in a high-security environment where all IP address-to-user mappings should always be explicitly known?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
An engineer is configuring a template in Panorama which will contain settings that need to be applied to all firewalls in production.
Which three parts of a template an engineer can configure? (Choose three.)
Which three parts of a template an engineer can configure? (Choose three.)
정답: B,C,D
설명: (DumpTOP 회원만 볼 수 있음)
To ensure that a Security policy has the highest priority, how should an administrator configure a Security policy in the device group hierarchy?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
Four configuration choices are listed, and each could be used to block access to a specific URL.
If you configured each choice to block the same URL, then which choice would be evaluated last in the processing order to block access to the URL?
If you configured each choice to block the same URL, then which choice would be evaluated last in the processing order to block access to the URL?
정답: C
A firewall administrator to have visibility on one segment of the company network. The traffic on the segment is routed on the Backbone switch. The administrator is planning to apply security rules on segment X after getting the visibility. There is already a PAN-OS firewall used in L3 mode as an internet gateway, and there are enough system resources to get extra traffic on the firewall. The administrator needs to complete this operation with minimum service interruptions and without making any IP changes. What is the best option for the administrator to take?
정답: C
A security engineer needs firewall management access on a trusted interface.
Which three settings are required on an SSL/TLS Service Profile to provide secure Web UI authentication? (Choose three.)
Which three settings are required on an SSL/TLS Service Profile to provide secure Web UI authentication? (Choose three.)
정답: A,C,D
설명: (DumpTOP 회원만 볼 수 있음)
An auditor is evaluating the configuration of Panorama and notices a discrepancy between the Panorama template and the local firewall configuration.
When overriding the firewall configuration pushed from Panorama, what should you consider?
When overriding the firewall configuration pushed from Panorama, what should you consider?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
Which three firewall multi-factor authentication factors are supported by PAN-OS? (Choose three.)
정답: B,C,E
Refer to the exhibit.
Which will be the egress interface if the traffic's ingress interface is ethernet1/7 sourcing from 192.168.111.3 and to the destination 10.46.41.113?
Which will be the egress interface if the traffic's ingress interface is ethernet1/7 sourcing from 192.168.111.3 and to the destination 10.46.41.113?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
A company is expanding its existing log storage and alerting solutions All company Palo Alto Networks firewalls currently forward logs to Panoram a. Which two additional log forwarding methods will PAN-OS support? (Choose two)
정답: A,C
An engineer creates a set of rules in a Device Group (Panorama) to permit traffic to various services for a specific LDAP user group.
What needs to be configured to ensure Panorama can retrieve user and group information for use in these rules?
What needs to be configured to ensure Panorama can retrieve user and group information for use in these rules?
정답: D
설명: (DumpTOP 회원만 볼 수 있음)
A network security administrator wants to inspect HTTPS traffic from users as it egresses through a firewall to the Internet/Untrust zone from trusted network zones.
The security admin wishes to ensure that if users are presented with invalid or untrusted security certificates, the user will see an untrusted certificate warning.
What is the best choice for an SSL Forward Untrust certificate?
The security admin wishes to ensure that if users are presented with invalid or untrusted security certificates, the user will see an untrusted certificate warning.
What is the best choice for an SSL Forward Untrust certificate?
정답: B
The UDP-4501 protocol-port is to between which two GlobalProtect components?
정답: A
A firewall engineer creates a NAT rule to translate IP address 1.1.1.10 to 192.168.1.10. The engineer also plans to enable DNS rewrite so that the firewall rewrites the IPv4 address in a DNS response based on the original destination IP address and translated destination IP address configured for the rule. The engineer wants the firewall to rewrite a DNS response of 1.1.1.10 to 192.168.1.10.
What should the engineer do to complete the configuration?
What should the engineer do to complete the configuration?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)