최신 PCNSE 무료덤프 - Palo Alto Networks Certified Network Security Engineer

문제1

With the default TCP and UDP settings on the firewall, what will be the identified application in the following session?

A. insufficient-data

B. unknown-tcp

C. not-applicable

D. incomplete

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제2

The web server is configured to listen for HTTP traffic on port 8080. The clients access the web server using the IP address 1.1.1.100 on TCP Port 80. The destination NAT rule is configured to translate both IP address and report to 10.1.1.100 on TCP Port 8080.
Which NAT and security rules must be configured on the firewall? (Choose two)

A. A NAT rule with a source of any from untrust-I3 zone to a destination of 10.1.1.100 in dmz-zone using service-http service.

B. A security policy with a source of any from untrust-I3 zone to a destination of 1.1.100 in dmz-I3 zone using web-browsing application.

C. A security policy with a source of any from untrust-I3 Zone to a destination of 10.1.1.100 in dmz- I3 zone using web-browsing application

D. A NAT rule with a source of any from untrust-I3 zone to a destination of 1.1.1.100 in untrust-I3 zone using service-http service.

정답: B,D

설명: (DumpTOP 회원만 볼 수 있음)

문제3

What happens to traffic traversing SD-WAN fabric that doesn't match any SD-WAN policies?

A. Traffic is forwarded to the first physical interface participating in SD-WAN based on lowest interface number (i.e., Eth1/1 over Eth1/3).

B. Traffic matches a catch-all policy that is created through the SD-WAN plugin.

C. Traffic is dropped because there is no matching SD-WAN policy to direct traffic.

D. Traffic matches implied policy rules and is redistributed round robin across SD-WAN links.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제4

Updates to dynamic user group membership are automatic therefore using dynamic user groups instead of static group objects allows you to:

A. respond to changes in user behaviour or potential threats using manual policy changes

B. respond to changes in user behaviour and confirmed threats with manual policy changes

C. respond to changes in user behaviour or potential threats without manual policy changes

D. respond to changes in user behaviour or potential threats without automatic policy changes

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제5

When an in-band data port is set up to provide access to required services, what is required for an interface that is assigned to service routes?

A. You must enable DoS and zone protection

B. You must set the interface to Layer 2 Layer 3, or virtual wire

C. The interface must be used for traffic to the required services

D. You must use a static IP address

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제6

An administrator needs to build Security rules in a Device Group that allow traffic to specific users and groups defined in Active Directory.
What must be configured in order to select users and groups for those rules from Panorama?

A. A User-ID Certificate profile must be configured on Panorama

B. The Security rules must be targeted to a firewall in the device group and have Group Mapping configured

C. User-ID Redistribution must be configured on Panorama to ensure that all firewalls have the same mappings

D. A master device with Group Mapping configured must be set in the device group where the Security rules are configured

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제7

An internal system is not functioning. The firewall administrator has determined that the incorrect egress interface is being used.
After looking at the configuration, the administrator believes that the firewall is not using a static route.
What are two reasons why the firewall might not use a static route? (Choose two.)

A. duplicate static route

B. path monitoring on the static route

C. no install on the route

D. disabling of the static route

정답: B,C

문제8

A variable name must start with which symbol?

A. $

B. !

C. &

D. #

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제9

When configuring forward error correction (FEC) for PAN-OS SD-WAN, an administrator would turn on the feature inside which type of SD-WAN profile?

A. SD-WAN Interface profile

B. Path Quality profile

C. Certificate profile

D. Traffic Distribution profile

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제10

To protect your firewall and network from single source denial of service (DoS) attacks that can overwhelm its packet buffer and cause legitimate traffic to drop, you can configure

A. PBP (Packet Buffer Protection)

B. PGP (Packet Gateway Protocol)

C. BGP (Border Gateway Protocol)

D. PBP (Protocol Based Protection)

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제11

Which Palo Alto Networks VM-Series firewall is supported for VMware NSX?

A. VM-300

B. VM-200

C. VM-100

D. VM-1000-HV

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제12

A network security engineer has been asked to analyze Wildfire activity.
However, the Wildfire Submissions item is not visible form the Monitor tab.
What could cause this condition?

A. Though WildFire is working, there are currently no WildFire Submissions log entries.

B. The firewall does not have an active WildFire subscription.

C. A policy is blocking WildFire Submission traffic.

D. The engineer's account does not have permission to view WildFire Submissions.

정답: D

문제13

Which tool provides an administrator the ability to see trends in traffic over periods of time, such as threats detected in the last 30 days?

A. TCP Dump

B. Session Browser

C. Application Command Center

D. Packet Capture

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

최신 PCNSE 무료덤프 - Palo Alto Networks Certified Network Security Engineer

우리와 연락하기

유용한 링크

최신 업데이트