質問 1:
A security architect has been asked to implement User-ID in a MacOS environment with no enterprise email, using a Sun LDAP server for user authentication.
In this environment, which two User-ID methods are effective for mapping users to IP addresses? Choose 2 answers
A. Terminal Server Agent
B. Mac OS Agent
C. Captive Portal
D. GlobalProtect
正解:C,D
質問 2:
A network engineer experienced network reachability problems through the firewall. The routing table on the device is complex. To troubleshoot the problem the engineer ran a Command Line Interface (CLI) command to determine the egress interface for traffic destined to 98.139.183.24. The command resulted in the following output:
How should this output be interpreted?
A. There is no interface in the firewall with the IP address 98.139.183.24.
B. In virtual-router vrl, there is a route in the routing table for the network 98.139.0.0/16.
C. There is no route for the IP address 98.139.183.24, and there is a default route for outbound traffic.
D. There is no route for the IP address 98.139.183.24, and there is no default route.
正解:D
質問 3:
A company has a web server behind their Palo Alto Networks firewall that they would like to make accessible to the public. They have decided to configure a destination NAT Policy rule.
Given the following zone information:
-DMZzone: DMZ-L3 -Public zone: Untrust-L3 -Web server zone: Trust-L3 -Public IP address (Untrust-L3): 1.1.1.1 -Private IP address (Trust-L3): 192.168.1.50
What should be configured as the destination zone on the Original Packet tab of the NAT Policy rule?
A. Trust-L3
B. Any
C. Untrust-L3
D. DMZ-L3
正解:C
質問 4:
A company hosts a publicly-accessible web server behind their Palo Alto Networks firewall, with
this configuration information:
-Users outside the company are in the "Untrust-L3" zone.
-The web server physically resides in the "Trust-L3" zone.
-Web server public IP address: 1.1.1.1
-Web server private IP address: 192.168.1.10
Which NAT Policy rule will allow users outside the company to access the web server?
A. Option C
B. Option A
C. Option D
D. Option B
正解:D
質問 5:
HOTSPOT
Match the description of an application field with its name.
Answer options may be used more than once or not at all.
正解:
Explanation:
A TCP three-way handshake completed successfully but the firewall does not have an appropriate App-ID signature - unknown-tcp A TCP handshake completed successfully, but only one more packet was sent - not enough to identify the application - insufficient-data Data received has been discarded because it matched an explicit "deny" rule for that traffic - not-applicable A TCP three-way handshake die NOT complete OR no additional data was sent after a successful TCP three-way handshake - incomplete UDP data has been received but the firewall does not have an appropriate App-ID signature - unknown-udp.
Reference: https://live.paloaltonetworks.com/docs/DOC-1549
質問 6:
Where in the firewall GUI can an administrator see how many sessions of web-browsing traffic have occurred in the last day?
A. Objects->Applications->web-browsing
B. ACC->Application
C. Monitor->App Scope->Summary
D. Monitor->Session Browser
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
A security architect has been asked to implement User-ID in a MacOS environment with no enterprise email, using a Sun LDAP server for user authentication.
In this environment, which two User-ID methods are effective for mapping users to IP addresses? Choose 2 answers
A. Terminal Server Agent
B. Mac OS Agent
C. Captive Portal
D. GlobalProtect
正解:C,D
質問 2:
A network engineer experienced network reachability problems through the firewall. The routing table on the device is complex. To troubleshoot the problem the engineer ran a Command Line Interface (CLI) command to determine the egress interface for traffic destined to 98.139.183.24. The command resulted in the following output:
How should this output be interpreted?
A. There is no interface in the firewall with the IP address 98.139.183.24.
B. In virtual-router vrl, there is a route in the routing table for the network 98.139.0.0/16.
C. There is no route for the IP address 98.139.183.24, and there is a default route for outbound traffic.
D. There is no route for the IP address 98.139.183.24, and there is no default route.
正解:D
質問 3:
A company has a web server behind their Palo Alto Networks firewall that they would like to make accessible to the public. They have decided to configure a destination NAT Policy rule.
Given the following zone information:
-DMZzone: DMZ-L3 -Public zone: Untrust-L3 -Web server zone: Trust-L3 -Public IP address (Untrust-L3): 1.1.1.1 -Private IP address (Trust-L3): 192.168.1.50
What should be configured as the destination zone on the Original Packet tab of the NAT Policy rule?
A. Trust-L3
B. Any
C. Untrust-L3
D. DMZ-L3
正解:C
質問 4:
A company hosts a publicly-accessible web server behind their Palo Alto Networks firewall, with
this configuration information:
-Users outside the company are in the "Untrust-L3" zone.
-The web server physically resides in the "Trust-L3" zone.
-Web server public IP address: 1.1.1.1
-Web server private IP address: 192.168.1.10
Which NAT Policy rule will allow users outside the company to access the web server?
A. Option C
B. Option A
C. Option D
D. Option B
正解:D
質問 5:
HOTSPOT
Match the description of an application field with its name.
Answer options may be used more than once or not at all.
正解:
Explanation:
A TCP three-way handshake completed successfully but the firewall does not have an appropriate App-ID signature - unknown-tcp A TCP handshake completed successfully, but only one more packet was sent - not enough to identify the application - insufficient-data Data received has been discarded because it matched an explicit "deny" rule for that traffic - not-applicable A TCP three-way handshake die NOT complete OR no additional data was sent after a successful TCP three-way handshake - incomplete UDP data has been received but the firewall does not have an appropriate App-ID signature - unknown-udp.
Reference: https://live.paloaltonetworks.com/docs/DOC-1549
質問 6:
Where in the firewall GUI can an administrator see how many sessions of web-browsing traffic have occurred in the last day?
A. Objects->Applications->web-browsing
B. ACC->Application
C. Monitor->App Scope->Summary
D. Monitor->Session Browser
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
0 お客様のコメント