最新的Palo Alto Networks Certified Network Security Engineer - PCNSE免費考試真題
問題1
An administrator configures a site-to-site IPsec VPN tunnel between a PA-850 and an external customer on their policy-based VPN devices.
What should an administrator configure to route interesting traffic through the VPN tunnel?
What should an administrator configure to route interesting traffic through the VPN tunnel?
正確答案: A
問題2
Which three items must be configured to implement application override? (Choose three )
正確答案: B,C,E
說明:(僅 VCESoft 成員可見)
問題3
An enterprise network security team is deploying VM-Series firewalls in a multi-cloud environment. Some firewalls are deployed in VMware NSX-V, while others are in AWS, and all are centrally managed using Panorama with the appropriate plugins installed. The team wants to streamline policy management by organizing the firewalls into device groups in which the AWS-based firewalls act as a parent device group, while the NSX-V firewalls are configured as a child device group to inherit Security policies. However, after configuring the device group hierarchy and attempting to push configurations, the team receives errors, and policy inheritance is not functioning as expected. What is the most likely cause of this issue?
正確答案: B
說明:(僅 VCESoft 成員可見)
問題4
Based on the images below, what is the correct order in which the various rules are deployed to firewalls inside the DATACENTER_DG device group?

Based on the images below, what is the correct order in which the various rules are deployed to firewalls inside the DATACENTER_DG device group?

Based on the images below, what is the correct order in which the various rules are deployed to firewalls inside the DATACENTER_DG device group?
正確答案: B
問題5
An administrator wants to configure the Palo Alto Networks Windows User-D agent to map IP addresses to u:
'The company uses four Microsoft Active 'servers and two Microsoft Exchange servers, which can provide logs for login events. All six servers have IP addresses assigned from the following subnet: 192.168.28.32/27.
The Microsoft Active Directory in 192.168.28.22/128, and the Microsoft Exchange reside in 192,168.28 48
/28. What the 0 the User
'The company uses four Microsoft Active 'servers and two Microsoft Exchange servers, which can provide logs for login events. All six servers have IP addresses assigned from the following subnet: 192.168.28.32/27.
The Microsoft Active Directory in 192.168.28.22/128, and the Microsoft Exchange reside in 192,168.28 48
/28. What the 0 the User
正確答案: C
問題6
An administrator pushes a new configuration from Panorama to a par of firewalls that are configured as an active/passive HA pair. Which NGFW receives the from Panorama?
正確答案: B
問題7
A network administrator is trying to prevent domain username and password submissions to phishing sites on some allowed URL categories Which set of steps does the administrator need to take in the URL Filtering profile to prevent credential phishing on the firewall?
正確答案: D
說明:(僅 VCESoft 成員可見)
問題8
If a URL is in multiple custom URL categories with different actions, which action will take priority?
正確答案: A
說明:(僅 VCESoft 成員可見)
問題9
After implementing a new NGFW, a firewall engineer sees a VoIP traffic issue going through the firewall After troubleshooting the engineer finds that the firewall performs NAT on the voice packets payload and opens dynamic pinholes for media ports What can the engineer do to solve the VoIP traffic issue?
正確答案: A
說明:(僅 VCESoft 成員可見)
問題10
A company configures its WildFire analysis profile to forward any file type to the WildFire public cloud. A company employee receives an email containing an unknown link that downloads a malicious Portable Executable (PE) file.
What does Advanced WildFire do when the link is clicked?
What does Advanced WildFire do when the link is clicked?
正確答案: B
說明:(僅 VCESoft 成員可見)
問題11
The server team is concerned about the high volume of logs forwarded to their syslog server, it is determined that DNS is generating the most logs per second. The risk and compliance team requests that any Traffic logs indicating port abuse of port 53 must still be forwarded to syslog. All other DNS. Traffic logs can be exclude from syslog forwarding. How should syslog log forwarding be configured?
正確答案: C
問題12
A company is deploying User-ID in their network. The firewall team needs to have the ability to see and choose from a list of usernames and user groups directly inside the Panorama policies when creating new security rules.
How can this be achieved?
How can this be achieved?
正確答案: B
問題13
When configuring explicit proxy on a firewall, which interface should be selected under the Listening interface option?
正確答案: B
問題14
An engineer is tasked with decrypting web traffic in an environment without an established PKI When using a self-signed certificate generated on the firewall which type of certificate should be in? approved web traffic?
正確答案: C

