Which two benefits come from assigning a Decrypting Profile to a Decryption rule with a" NO Decrypt" action? (Choose two.)
A. Block sessions with untrusted issuers
B. Block sessions with expired certificates
C. Block sessions with client authentication
D. Block sessions with unsuspected cipher suites
E. Block credential phishing.
正解:A,B
質問 2:
Which prerequisite must be satisfied before creating an SSH proxy Decryption policy?
A. Both SSH keys and SSL certificates must be generated
B. SSL certificates must be generated
C. No prerequisites are required
D. SSH keys must be manually generated
正解:C
質問 3:
A web server is hosted in the DMZ and the server re configured to listen for income connections on TCP port
443. A Security policies rules allowing access from the Trust zone to the DMZ zone needs to be configured to allow web-browsing access. The web server host its contents over Traffic from Trust to DMZ is being decrypted with a Forward Proxy rule.
Which combination of service and application, and order of Security policy rules needs to be configured to allow cleaned web-browsing traffic to the server on tcp/443?
A. Rule #1application web-browsing, service service imp action allow
Rule #2 application ssl. service application -default, action allow
B. Rule# 1 application: ssl; service application-default: action allow
Role # 2 application web browsing, service application default, action allow
C. Rule#1application: web-biows.no; service service-https action allow
Rule#2 application ssl. Service application-default, action allow
D. Rule#1 application web-brows.no service application-default, action allow Rule #2 application ssl. Service application-default, action allow
正解:D
質問 4:
Which DoS protection mechanism detects and prevents session exhaustion attacks?
A. Flood Protection
B. TCP Port Scan Protection
C. Pocket Based Attack Protection
D. Resource Protection
正解:D
質問 5:
What are two benefits of nested device groups in panorama? (Choose two )
A. overwrites local firewall configuration
B. all device groups inherit setting from the Shared group
C. requires configuration both function and location for every device
D. reuse of the existing Security policy rules and objects
正解:B,C
質問 6:
How does Panorama prompt VMware NSX to quarantine an in6erface VM??
A. Syslog Server Profile
B. SNMP Server Profile
C. HTTP Server Profile
D. Email Server Profile
正解:A
質問 7:
Which feature can be configured on VM-Series firewalls'?
A. aggregate interlaces
B. multiple virtual systems
C. machine learning
D. Globallprotect
正解:D
小矶** -
もちろん合格することが目標ではあるが、見やすく、PCNSC勉強しやすい本だと思いました。