Palo Alto Networks Certified Network Security Engineer - PCNSE무료 덤프문제 풀어보기
An engineer configures a specific service route in an environment with multiple virtual systems instead of using the inherited global service route configuration.
What type of service route can be used for this configuration?
What type of service route can be used for this configuration?
정답: B
An engineer troubleshoots a Panorama-managed firewall that is unable to reach the DNS servers configured via a global template. As a troubleshooting step, the engineer needs to configure a local DNS server in place of the template value.
Which two actions can be taken to ensure that only the specific firewall is affected during this process?
(Choose two )
Which two actions can be taken to ensure that only the specific firewall is affected during this process?
(Choose two )
정답: A,D
설명: (Fast2test 회원만 볼 수 있음)
An administrator needs to evaluate a recent policy change that was committed and pushed to a firewall device group. How should the administrator identify the configuration changes?
정답: B
설명: (Fast2test 회원만 볼 수 있음)
To connect the Palo Alto Networks firewall to AutoFocus, which setting must be enabled?
정답: A
설명: (Fast2test 회원만 볼 수 있음)
A company wants to deploy IPv6 on its network which requires that all company Palo Alto Networks firewalls process IPv6 traffic and to be configured with IPv6 addresses. Which consideration should the engineers take into account when planning to enable IPv6?
정답: A
An engineer has been given approval to upgrade their environment to the latest version of PAN-OS. The environment consists of both physical and virtual firewalls, a virtual Panorama, and virtual log collectors.
What is the recommended order of operational steps when upgrading?
What is the recommended order of operational steps when upgrading?
정답: B
설명: (Fast2test 회원만 볼 수 있음)
The server team is concerned about the high volume of logs forwarded to their syslog server, it is determined that DNS is generating the most logs per second. The risk and compliance team requests that any Traffic logs indicating port abuse of port 53 must still be forwarded to syslog. All other DNS. Traffic logs can be exclude from syslog forwarding. How should syslog log forwarding be configured?
정답: B
An administrator is using Panorama to manage multiple firewalls. After upgrading all devices to the latest PAN-OS software, the administrator enables log forwarding from the firewalls to Panorama.
However, pre-existing logs from the firewalls are not appearing in Panorama.
Which action should be taken to enable the firewalls to send their pre-existing logs to Panorama?
However, pre-existing logs from the firewalls are not appearing in Panorama.
Which action should be taken to enable the firewalls to send their pre-existing logs to Panorama?
정답: B
설명: (Fast2test 회원만 볼 수 있음)
An administrator needs to build Security rules in a Device Group that allow traffic to specific users and groups defined in Active Directory. What must be configured in order to select users and groups for those rules from Panorama? The Security rules must be targeted to a firewall in the device group and have Group Mapping configured.
정답: C
설명: (Fast2test 회원만 볼 수 있음)
A firewall administrator configures the HIP profiles on the edge firewall where GlobalProtect is enabled, and adds the profiles to security rules. The administrator wants to redistribute the HIP reports to the data center firewalls to apply the same access restrictions using HIP profiles. However, the administrator can only see the HIP match logs on the edge firewall but not on the data center firewall What are two reasons why the administrator is not seeing HIP match logs on the data center firewall? (Choose two.)
정답: C,D
설명: (Fast2test 회원만 볼 수 있음)
Refer to the exhibit.

Using the above screenshot of the ACC, what is the best method to set a global filter, narrow down Blocked User Activity, and locate the user(s) that could be compromised by a botnet?

Using the above screenshot of the ACC, what is the best method to set a global filter, narrow down Blocked User Activity, and locate the user(s) that could be compromised by a botnet?
정답: C
설명: (Fast2test 회원만 볼 수 있음)