Palo Alto Networks Certified Network Security Engineer - PCNSE 模擬練習
Exhibit.

Review the screenshots and consider the following information
1. FW-1is assigned to the FW-1_DG device group, and FW-2 is assigned to OFFICE_FW_DC
2. There are no objects configured in REGIONAL_DG and OFFICE_FW_DG device groups Which IP address will be pushed to the firewalls inside Address Object Server-1?

Review the screenshots and consider the following information
1. FW-1is assigned to the FW-1_DG device group, and FW-2 is assigned to OFFICE_FW_DC
2. There are no objects configured in REGIONAL_DG and OFFICE_FW_DG device groups Which IP address will be pushed to the firewalls inside Address Object Server-1?
正解: A
解説: (PassTest メンバーにのみ表示されます)
A firewall architect is attempting to install a new Palo Alto Networks NGFW. The company has previously had issues moving all administrative functions onto a data plane interface to meet the design limitations of the environment. The architect is able to access the device for HTTPS and SSH; however, the NGFW can neither validate licensing nor get updates. Which action taken by the architect will resolve this issue?
正解: A
解説: (PassTest メンバーにのみ表示されます)
What should an engineer consider when setting up the DNS proxy for web proxy?
正解: D
When an engineer configures an active/active high availability pair, which two links can they use? (Choose two)
正解: A,B
解説: (PassTest メンバーにのみ表示されます)
An engineer is monitoring an active/active high availability (HA) firewall pair.
Which HA firewall state describes the firewall that is experiencing a failure of a monitored path?
Which HA firewall state describes the firewall that is experiencing a failure of a monitored path?
正解: A
解説: (PassTest メンバーにのみ表示されます)
Certain services in a customer implementation are not working, including Palo Alto Networks Dynamic version updates. Which CLI command can the firewall administrator use to verify if the service routes were correctly installed and that they are active in the Management Plane?
正解: A
解説: (PassTest メンバーにのみ表示されます)
What does SSL decryption require to establish a firewall as a trusted third party and to establish trust between a client and server to secure an SSL/TLS connection'?
正解: B
An administrator wants to configure the Palo Alto Networks Windows User-D agent to map IP addresses to u:
'The company uses four Microsoft Active 'servers and two Microsoft Exchange servers, which can provide logs for login events. All six servers have IP addresses assigned from the following subnet: 192.168.28.32/27.
The Microsoft Active Directory in 192.168.28.22/128, and the Microsoft Exchange reside in 192,168.28 48
/28. What the 0 the User
'The company uses four Microsoft Active 'servers and two Microsoft Exchange servers, which can provide logs for login events. All six servers have IP addresses assigned from the following subnet: 192.168.28.32/27.
The Microsoft Active Directory in 192.168.28.22/128, and the Microsoft Exchange reside in 192,168.28 48
/28. What the 0 the User
正解: B
Which User-ID mapping method should be used in a high-security environment where all IP address-to-user mappings should always be explicitly known?
正解: C
解説: (PassTest メンバーにのみ表示されます)
How is Perfect Forward Secrecy (PFS) enabled when troubleshooting a VPN Phase 2 mismatch?
正解: D
解説: (PassTest メンバーにのみ表示されます)
Which three sessions are created by a NGFW for web proxy? (Choose three.)
正解: A,C,E
An engineer needs to collect User-ID mappings from the company's existing proxies.
What two methods can be used to pull this data from third party proxies? (Choose two.)
What two methods can be used to pull this data from third party proxies? (Choose two.)
正解: A,C
解説: (PassTest メンバーにのみ表示されます)
If an administrator wants to apply QoS to traffic based on source, what must be specified in a QoS policy rule?
正解: D
解説: (PassTest メンバーにのみ表示されます)
An enterprise Information Security team has deployed policies based on AD groups to restrict user access to critical infrastructure systems. However, a recent phishing campaign against the organization has prompted Information Security to look for more controls that can secure access to critical assets. For users that need to access these systems. Information Security wants to use PAN-OS multi-factor authentication (MFA) integration to enforce MFA.
What should the enterprise do to use PAN-OS MFA?
What should the enterprise do to use PAN-OS MFA?
正解: A