没有合适的资源?快使用搜索试试~ 我知道了~
PCNSE考试认证.pdf
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 162 浏览量
2024-04-15
11:40:36
上传
评论
收藏 174KB PDF 举报
温馨提示
试读
19页
PCNSE考试认证.pdf
资源推荐
资源详情
资源评论
Q1. An administrator wants to configure the Palo Alto Networks Windows User-ID agent to map IP
addresses to usernames. The company uses four Microsoft Active Directory servers and two Microsoft
Exchange servers, which can provide logs for login events. All six servers have IP addresses assigned from
the following subnet: 192.168.28.32/27. The Microsoft Active Directory servers reside in
192.168.28.32/28, and the Microsoft Exchange servers reside in 192.168.28.48/28
What information does the administrator need to provide in the User Identification > Discovery section?
A. network 192.168.28.32/28 with server type Microsoft Active Directory and network 192.168.28.48/28
with server type Microsoft Exchange
B. the IP-address and corresponding server type (Microsoft Active Directory or Microsoft Exchange) for
each of the six servers
C. network 192.168.28.32/27 with server type Microsoft
D. one IP address of a Microsoft Active Directory server and "Auto Discover" enabled to automatically
obtain all five of the other servers
Q2. An administrator needs to optimize traffic to prefer business-critical applications over noncritical
applications. QoS natively integrates with which feature to provide service quality?
A. Content-ID B. certificate revocation C. port inspection D. App-ID
Q3. An administrator discovers that a file blocked by the WildFire inline ML feature on the firewall is
a false-positive action.
How can the administrator create an exception for this particular file?
A. Add partial hash and filename in the file section of the WildFire inline ML tab of the Antivirus profile.
B. Set the WildFire inline ML action to allow for that protocol on the Antivirus profile.
C. Disable the WildFire profile on the related Security policy.
D. Add the related Threat ID in the Signature exceptions tab of the Antivirus profile
Q4. A firewall has Security policies from three sources: 1. locally created policies 2. shared device group
policies as pre-rules 3. the firewall's device group as post-rules How will the rule order populate once
pushed to the firewall?
A. shared device group policies, firewall device group policies, local policies
B. firewall device group policies, local policies, shared device group policies
C. local policies, firewall device group policies, shared device group policies
D. shared device group policies, local policies, firewall device group policies
Q5. Which Panorama mode should be used so that all logs are sent to, and only stored in, Cortex Data
Lake?
A. Log Collector B. Management Only C. Panorama D. Legacy
Q6. SAML SLO is supported for which two firewall features? (Choose two.)
A. CaptivePortal
B. WebUl
C. Global Protect Portal
D. CLI
Q7. An engineer is troubleshooting a traffic-routing issue.
What is the correct packet-flow sequence?
A. NAT > Security policy enforcement > OSPF
B. PBF > Static route > Security policy enforcement
C. PBF > Zone Protection Profiles > Packet Buffer Protection
D. BGP > PBF > NAT
Q8. A security engineer received multiple reports of an IPSec VPN tunnel going down the night
before. The engineer couldn't find any events related to VPN under system logs.
What is the likely cause?
A. Dead Peer Detection is not enabled.
B. The Tunnel Monitor is not configured.
C. The log quota for GTP and Tunnel needs to be adjusted.
D. Tunnel Inspection settings are misconfigured.
Q9. When using SSH keys for CLI authentication for firewall administration, which method is used
for authorization?
A. Kerberos
B. LDAP
C. Radius
D. Local
Q10. A client is concerned about web shell attacks against their servers.
Which profile will protect the individual servers?
A. Anti-Spyware profile
B. DoS Protection profile
C. Zone Protection profile
D. Antivirus profile
Q11. A Firewall Engineer is migrating a legacy firewall to a Palo Alto Networks firewall in order to
use features like App-ID and SSL decryption.
Which order of steps is best to complete this migration?
A. Configure SSL decryption without migrating port-based security rules to App-ID rules.
B. First migrate SSH rules to App-ID; then implement SSL decryption.
C. First migrate port-based rules to App-ID rules; then implement SSL decryption.
D. First implement SSL decryption; then migrate port-based rules to App-ID rules.
Q12. What can be used to create dynamic address groups?
A. region objects
B. dynamic address
C. FQDN addresses
D. tags
Q13. Which Security profile generates a packet threat type found in threat logs?
A. Zone Protection
B. WildFire
C. Antivirus
D. Anti-Spyware
Q14. An engineer is troubleshooting traffic routing through the virtual router. The firewall uses
multiple routing protocols, and the engineer is trying to determine routing priority.
Match the default Administrative Distances for each routing protocol.
Static OSPF External
EBGP RIP
Answer Area
EBGP 20
RIP 120
Static 10
OSPF External 110
Q15. An administrator is seeing one of the firewalls in a HA active/passive pair moved to
"suspended" state due to Non-functional loop.
Which three actions will help the administrator resolve this issue? (Choose three.)
A. Check the High Availability > Link and Path Monitoring settings.
B. Check High Availability > Active/Passive Settings > Passive Link State
C. Check the High Availability > HA Communications > Packet Forwarding settings.
D. Check the HA Link Monitoring interface cables.
E. Use the CLI command "show high-availability flap-statistics"
Q16. An administrator is attempting to create policies for deployment of a device group and
template stack. When creating the policies, the zone drop-down list does not include the required
zone.
What must the administrator do to correct this issue?
A. Add the template as a reference template in the device group.
B. Specify the target device as the master device in the device group.
C. Enable "Share Unused Address and Service Objects with Devices" in Panorama settings.
D. Add a firewall to both the device group and the template
A QoS profile is configured as shown in the image. The following throughput is realized:
Class 3 traffic: 325Mbps
Class 5 traffic: 470Mbps
Class 7 traffic: 330Mbps
What happens as a result?
A. Classes3, 5, and 7 will each have round-robin packet drops as needed against the profile Egress Max.
B. All traffic continues to flow based on the overhead in each class's Egress Max settings.
C. Available bandwidth from the unused classes will be used to maintain the Egress Guaranteed
throughput for each.
D. Class 7 traffic will have the most packets dropped in favor of Classes 3 and 5 maintaining their Egress
Guaranteed throughput.
Q18. A company requires that a specific set of ciphers be used when remotely managing their Palo
Alto Networks appliances.
Which profile should be configured in order to achieve this?
A. Decryption profile
B. SSL/TLS Service profile
C. Certificate profile
D. SSH Service profile
Q19. A firewall should be advertising the static route 10.2.0.0/24 into OSPF. The configuration on
the neighbor is correct, but the route is not in the neighbor's routing table.
Which two configurations should you check on the firewall? (Choose two.)
A. In the redistribution profile check that the source type is set to "ospf."
B. Ensure that the OSPF neighbor state is "2-Way"
C. Within the redistribution profile ensure that Redist is selected.
D. In the OSFP configuration, ensure that the correct redistribution profile is selected in the OSPF Export
Rules section
剩余18页未读,继续阅读
资源评论
资料库01
- 粉丝: 306
- 资源: 2384
下载权益
C知道特权
VIP文章
课程特权
开通VIP
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 基于Android的app启动动画应用设计与实现1(源码)
- python_3.12.3.zip
- multisim1仿真运放及三极管电路应用经典电路multisim10仿真实例源文件合集(21个).zip
- 基于Android的Fragment+ViewPager实现滑屛切换界面应用设计与实现1(源码)
- tensorflow-2.9.3-cp38-cp38-win-amd64.whl
- tensorflow-gpu-2.9.3-cp38-cp38-win-amd64.whl
- 1716994562763661.750000.jpg
- tensorflow-gpu-2.9.2-cp38-cp38-win-amd64.whl
- FSA-火烈鸟搜索优化算法
- 幸运女生眷顾.html
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功