PCNSA試験無料問題集（360題）「Palo Alto Networks Certified Network Security Administrator 認定」

出題：1

Which policy set should be used to ensure that a policy is applied just before the default security rules?

A. Shared post-rulebase

B. Local Firewall policy

C. Parent device-group post-rulebase

D. Child device-group post-rulebase

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Which feature enables an administrator to review the Security policy rule base for unused rules?

A. View Rulebase as Groups

B. Test Policy Match

C. Security policy tags eb

D. Policy Optimizer

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

What must be configured before setting up Credential Phishing Prevention?

A. Anti Phishing Block Page

B. User-ID

C. Anti Phishing profiles

D. Threat Prevention

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Given the detailed log information above, what was the result of the firewall traffic inspection?

A. It was blocked by the Vulnerability Protection profile action.

B. It was blocked by the Security policy action.

C. It was blocked by the Anti-Virus Security profile action.

D. It was blocked by the Anti-Spyware Profile action.

正解：D 解答を投票する

出題：5

What are three ways application characteristics are used? (Choose three.)

A. As an Object to define Security policies

B. As a global filter in the Application Command Center (ACC)

C. As an attribute to define an application filter

D. As an attribute to define an application group

E. As a setting to define a new custom application

正解：C,D,E 解答を投票する

出題：6

After making multiple changes to the candidate configuration of a firewall, the administrator would like to start over with a candidate configuration that matches the running configuration.
Which command in Device > Setup > Operations would provide the most operationally efficient way to accomplish this?

A. Revert to last saved configuration

B. Revert to running configuration

C. Load named configuration snapshot

D. Import named config snapshot

正解：B 解答を投票する

出題：7

Which type of administrator account cannot be used to authenticate user traffic flowing through the firewall's data plane?

A. SAML user

B. local database user

C. Kerberos user

D. local user

正解：A 解答を投票する

出題：8

Which DNS Query action is recommended for traffic that is allowed by Security policy and matches Palo Alto Networks Content DNS Signatures?

A. allow

B. block

C. alert

D. sinkhole

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Identify the correct order to configure the PAN-OS integrated USER-ID agent.
3. add the service account to monitor the server(s)
2. define the address of the servers to be monitored on the firewall
4. commit the configuration, and verify agent connection status
1. create a service account on the Domain Controller with sufficient permissions to execute the User- ID agent

A. 2-3-4-1

B. 3-1-2-4

C. 1-4-3-2

D. 1-3-2-4

正解：D 解答を投票する

出題：10

How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?

A. Configure the option for "Threshold"

B. Disable automatic updates during weekdays

C. Automatically "download only" and then install Applications and Threats later, after the administrator approves the update

D. Automatically "download and install" but with the "disable new applications" option used

正解：A 解答を投票する

出題：11

Which object would an administrator create to block access to all high-risk applications?

A. HIP profile

B. application group

C. application filter

D. Vulnerability Protection profile

正解：C 解答を投票する

出題：12

How are Application Fillers or Application Groups used in firewall policy?

A. An Application Filter is a static way of grouping applications and can be configured as a nested member of an Application Group

B. An Application Filter is a dynamic way to group applications and can be configured as a nested member of an Application Group

C. An Application Group is a dynamic way of grouping applications and can be configured as a nested member of an Application Group

D. An Application Group is a static way of grouping applications and cannot be configured as a nested member of Application Group

正解：B 解答を投票する

出題：13

What action will inform end users when their access to Internet content is being restricted?

A. Publish monitoring data for Security policy deny logs.

B. Ensure that the 'site access" setting for all URL sites is set to 'alert'.

C. Create a custom 'URL Category' object with notifications enabled.

D. Enable 'Response Pages' on the interface providing Internet access.

正解：D 解答を投票する

出題：14

Match the cyber-attack lifecycle stage to its correct description.

正解：

出題：15

Based on the screenshot presented which column contains the link that when clicked opens a window to display all applications matched to the policy rule?