An administrator needs to build Security rules in a Device Group that allow traffic to specific users and groups defined in Active Directory. What must be configured in order to select users and groups for those rules from Panorama? The Security rules must be targeted to a firewall in the device group and have Group Mapping configured.
A. N/A
B. User-ID Redistribution must be configured on Panorama to ensure that all firewalls have the same mappings
C. A User-ID Certificate profile must be configured on Panorama
D. A master device with Group Mapping configured must be set in the device group where the Security rules are configured
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
An administrator has configured a pair of firewalls using high availability in Active/Passive mode. Link and Path Monitoring is enabled with the Failure Condition set to "any." There is one link group configured containing member interfaces ethernet1/1 and ethernet1/2 with a Group Failure Condition set to "all." Which HA state will the Active firewall go into if ethernet1/1 link goes down due to a failure?'
A. Non-functional
B. Active
C. Passive
D. Active-Secondary
正解:B
質問 3:
A customer requires that virtual systems with separate virtual routers can communicate with one another within a Palo Alto Networks firewall. In addition to confirming Security policies, which three configurations will accomplish this goal? (Choose three)
A. Layer 3 zones for the virtual systems that need to communicate
B. Route added with next hop next-vr by using the VR configured in the virtual system
C. Route added with next hop set to "none" and using the interface of the virtual systems that need to communicate
D. External zones with the virtual systems added
正解:A,B,D
質問 4:
A firewall engineer at a company is researching the Device Telemetry feature of PAN-OS. Which two aspects of the feature require further action for the company to remain compliant with local laws regarding privacy and data storage? (Choose two.)
A. Telemetry feature is automatically enabled during PAN-OS installation.
B. Telemetry data is shared in real time with Palo Alto Networks.
C. Telemetry feature is using Traffic logs and packet captures to collect data.
D. Telemetry data is uploaded into Strata Logging Service.
正解:A,C
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
The vulnerability protection profile of an on-premises Palo Alto Networks firewall is triggering on a common Threat ID, and it has been determined to be a false positive. The issue causes an outage of a critical service.
When the vulnerability protection profile is opened to add the exception, the Threat ID is missing. Which action will most efficiently find and implement the exception?
A. Select "Show all signatures" within the vulnerability protection profile under "Exceptions"
B. Review traffic logs to add the exception from there
C. Open a support case
D. Review high-severity system logs to identify why the threat is missing in "Vulnerability Profile Exceptions"
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
华月** -
過去問でどのくらいの結果が出るか楽しみです。
PCNSE問題を解きながら解説も理解できるので学び易いと思います。