최신 PCNSE 무료덤프 - Palo Alto Networks Certified Network Security Engineer

문제1

If a URL is in multiple custom URL categories with different actions, which action will take priority?

A. Override

B. Alert

C. Allow

D. Block

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제2

A threat intelligence team has requested more than a dozen Short signatures to be deployed on all perimeter Palo Alto Networks firewalls. How does the firewall engineer fulfill this request with the least time to implement?

A. Use Panorama IPs Signature Converter to create custom vulnerability signatures, and push them to the firewalls.

B. Create custom vulnerability signatures manually on one firewall export them, and then import them to the rest of the firewalls

C. Use Expedition to create custom vulnerability signatures, deploy them to Panorama using API and push them to the firewalls.

D. Create custom vulnerability signatures manually in Panorama, and push them to the firewalls

정답: A

문제3

In the New App Viewer under Policy Optimizer, what does the compare option for a specific rule allow an administrator to compare?

A. The security rule with any other security rule selected

B. Applications configured in the rule with applications seen from traffic matching the same rule

C. Applications configured in the rule with their dependencies

D. The running configuration with the candidate configuration of the firewall

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제4

Which conditions must be met when provisioning a high availability (HA) cluster? (Choose two.)

A. HA cluster members must share the same zone names.

B. Dedicated HA communication interfaces for the cluster must be used over HSCI interfaces

C. HA cluster members must be the same firewall model and run the same PAN-OS version.

D. Panorama must be used to manage HA cluster members.

정답: B,C

문제5

A system administrator runs a port scan using the company tool as part of vulnerability check. The administrator finds that the scan is identified as a threat and is dropped by the firewall. After further investigating the logs, the administrator finds that the scan is dropped in the Threat Logs.

A. Remove the Zone protection profile from the zone setting.

B. Add the tool IP address to the reconnaissance protection source address exclusion in the DoS Protection profile.

C. Add the tool IP address to the reconnaissance protection source address exclusion in the Zone protection profile.

D. Change the TCP port scan action from Block to Alert in the Zone Protection profile.

정답: C

문제6

A firewall engineer is tasked with defining signatures for a custom application. Which two sources can the engineer use to gather information about the application patterns'? (Choose two.)

A. Data filtering logs

B. Traffic logs

C. Wireshark

D. Policy Optimizer

정답: B,C

설명: (DumpTOP 회원만 볼 수 있음)

문제7

An administrator plans to deploy 15 firewalls to act as GlobalProtect gateways around the world. Panorama will manage the firewalls.
The firewalls will provide access to mobile users and act as edge locations to on-premises infrastructure. The administrator wants to scale the configuration out quickly and wants all of the firewalls to use the same template configuration.
Which two solutions can the administrator use to scale this configuration? (Choose two.)

A. virtual systems

B. variables

C. template stacks

D. collector groups

정답: B,C

설명: (DumpTOP 회원만 볼 수 있음)

문제8

An administrator is attempting to create policies for deployment of a device group and template stack. When creating the policies, the zone drop-down list does not include the required zone. What can the administrator do to correct this issue?

A. Add the template as a reference template in the device group

B. Specify the target device as the master device in the device group

C. Add a firewall to both the device group and the template

D. Enable "Share Unused Address and Service Objects with Devices" in Panorama settings

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제9

A customer would like to support Apple Bonjour in their environment for ease of configuration.
Which type of interface in needed on their PA-3200 Series firewall to enable Bonjour Reflector in a segmented network?

A. Virtual Wire interface

B. Layer 2 interface

C. Layer 3 interface

D. Loopback interface

정답: B

문제10

An administrator needs to validate that policies that will be deployed will match the appropriate rules in the device-group hierarchy. Which tool can the administrator use to review the policy creation logic and verify that unwanted traffic is not allowed?

A. Policy Optimizer

B. Preview Changes

C. Test Policy Match

D. Managed Devices Health

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제11

Which feature of Panorama allows an administrator to create a single network configuration that can be reused repeatedly for large-scale deployments even if values of configured objects, such as routes and interface addresses, change?

A. the 'Shared' device group

B. a device group

C. template variables

D. template stacks

정답: C

문제12

Which two are required by IPSec in transport mode? (Choose two.)

A. NAT Traversal

B. DH-group 20 (ECP-384 bits)

C. Auto generated key

D. IKEv1

정답: B,C

설명: (DumpTOP 회원만 볼 수 있음)

최신 PCNSE 무료덤프 - Palo Alto Networks Certified Network Security Engineer

우리와 연락하기

유용한 링크

최신 업데이트