首页  /     /   在线练习

更新时间: 试题数量: 购买人数: 提供作者:

有效期: 个月

章节介绍: 共有个章节

收藏
搜索
题库预览
What must be configured before a firewall administrator can define

Policy rules based on users and groups?

防火墙管理员基于用户和组定义策略规则之前,必须进行哪些配置?

A large enterprise wants to implement

Certificate-based authentication for both users and devices using an On-premises Microsoft Active Directory Certificate Services (AD CS) hierarchy As the primary certificate authority (CA). The enterprise also requires Online Certificate Status Protocol (OCSP) checks to ensure efficient revocation status Updates and reduce the overhead on its NG Ws. The environment includes multiple Active Directory forests, Panorama management for several geographically Dispersed firewalls, GlobalProtect portals and gateways needing distinct Certificate profiles for users and devices and strict Security policies Demanding frequent revocation checks with minimal latency.

Which approach best addresses these requirements while maintaining

Consistent policy enforcement?

一家大型企业希望使用本地 Microsoft Active Directory 证书服务 (AD CS) 层次结构作为主要证书颁发机构 (CA),为用户和设备实施基于证书的身份验证。该企业还需要在线证书状态协议 (OCSP) 检查,以确保高效的吊销状态更新并降低其下一代防火墙的开销。该环境包含多个 Active Directory 林、用于多个地理位置分散的防火墙的 Panorama 管理、GlobalProtect 门户和网关,这些门户和网关需要为用户和设备提供不同的证书配置文件,并且严格的安全策略要求频繁进行吊销检查并最大程度地降低延迟。

Which networking technology can be configured On Layer 3 interfaces but not on Layer 2 interfaces? 问题 3:哪种网络技术可以在第 3 层接口上配置,但不能在第 2 层接口上配置?
An engineer at a managed service provider is Updating an application that allows its customers to request firewall changes To also manage SD-WAN. The application will be able to make any approved Changes directly to devices via API. 托管服务提供商的一位工程师正在更新一个应用程序,该应用程序允许其客户请求防火墙更改以管理 SD-WAN。该应用程序将能够通过 API 直接对设备进行任何已批准的更改。
What is a result of enabling split tunneling in The GlobalProtect portal configuration with the “Both Network Traffic and DNS” Option? 在 GlobalProtect 门户配置中启用“同时使用网络流量和 DNS”选项的拆分隧道会有什么效果?
When integrating Kubernetes with Palo Alto Networks NGFWs, what is used to secure traffic between microservices? 将 Kubernetes 与 Palo Alto Networks 下一代防火墙集成时,使用什么来保护微服务之间的流量?
Which statement applies to Log Collector Groups? 哪项说明适用于日志收集器组?
An NGFW engineer is establishing bidirectional Connectivity between the accounting virtual system (VSYS) and the marketing VSYS. The traffic needs to transition between zones without leaving the Firewall (no external physical connections). The interfaces for each VSYS are Assigned to separate virtual routers (VRs), and inter-VR static routes have Been configured. An external zone has been created correctly for each VSYS. Security policies have been added to permit the desired traffic between each Zone and its respective external zone. However, the desired traffic is still Unable to successfully pass from one VSYS to the other in either direction. 一位 NGFW 工程师正在建立会计虚拟系统 (VSYS) 和营销虚拟系统之间的双向连接。流量需要在区域之间传输,而无需离开防火墙(无需外部物理连接)。每个 VSYS 的接口都已分配给单独的虚拟路由器 (VR),并且已配置 VR 间静态路由。已为每个 VSYS 正确创建外部区域。已添加安全策略以允许每个区域与其各自的外部区域之间的所需流量。但是,所需流量仍然无法成功地从一个 VSYS 传输到另一个 VSYS。 Which Additional configuration task is required to resolve this issue? 需要执行哪项额外的配置任务来解决这个问题?
When deploying Palo Alto Networks NGFWs in a cloud service provider (CSP) environment, which method ensures high availability (HA) across multiple availability zones? Q10. 在云服务提供商 (CSP) 环境中部署 Palo Alto Networks 下一代防火墙 (NGFW) 时,哪种方法可以确保跨多个可用区的高可用性 (HA)?
Which statement applies to the relationship between Panorama pushed Security, policy and local firewall Security policy? 哪句话适用于 Panorama 推送安全策略和本地防火墙安全策略之间的关系?
By default, which type of traffic is configured by service route configuration to use the management interface? 默认情况下,服务路由配置将哪种类型的流量配置为使用管理接口?
Which PAN-OS method of mapping users to IP addresses is the most reliable? PAN-OS 将用户映射到 IP 地址的哪种方法最可靠?
Which set of options is available for detailed logs when building a custom report on a Palo Alto Networks NGFW? 在 Palo Alto Networks 下一代防火墙 (NGFW) 上构建自定义报告时,哪组选项可用于详细日志?
An organization runs multiple Kubernetes clusters both on premises and in public clouds (AWS, Azure, GCP). They want to deploy the Palo Alto Networks CN-Series NGFW to secure east-west traffic within each cluster, maintain consistent Security policies across all environments, and dynamically scale as containerized workloads spin up or down. They also plan to use a centralized Panorama instance for policy management and visibility. 一家组织在本地和公有云(AWS、Azure、GCP)上运行多个 Kubernetes 集群。他们希望部署 Palo Alto Networks CN 系列 NGFW,以保护每个集群内的东西向流量,在所有环境中保持一致的安全策略,并随着容器化工作负载的启动或关闭而动态扩展。他们还计划使用集中式 Panorama 实例进行策略管理和可见性管理。 Which approach meets these requirements? 哪种方法符合这些要求?
LACP 选项卡中的哪种配置可以为 Palo Alto Networks 高可用性 (HA) 主动/被动对上的聚合以太网 (AE) 接口启用预协商?
Which zone type allows traffic between zones in different virtual systems (VSYS), without the traffic leaving the firewall? 哪种区域类型允许不同虚拟系统 (VSYS) 中的区域之间进行流量通信,而无需离开防火墙?
During an upgrade to the routing infrastructure in a customer environment, the network administrator wants to implement Advanced Routing Engine (ARE) on a Palo Alto Networks firewall. 问题 20:在客户环境中升级路由基础架构时,网络管理员希望在 Palo Alto Networks 防火墙上实施高级路由引擎 (ARE)。 Which firewall models support this configuration? 哪些防火墙型号支持此配置?
Which CLI command is used to configure the management interface as a DHCP client? 问题 21:哪个 CLI 命令可用于将管理接口配置为 DHCP 客户端?
In an active/active high availability (HA) configuration with two PA-Series firewalls, how do the firewalls use the HA3 interface? 问题 22:在包含两台 PA 系列防火墙的主动/主动高可用性 (HA) 配置中,防火墙如何使用 HA3 接口?
In a hybrid cloud deployment, what is the primary function of Ansible in managing Palo Alto Networks NGFWs? 问题 23:在混合云部署中,Ansible 在管理 Palo Alto Networks 下一代防火墙方面的主要功能是什么?
1 2 3
更多题库
1.井下探放水钻工
通行证考试试题
动环系统试题
华能江苏公司外包人员安规调考试卷(电气)
炼铁厂三车间十大保命条例考试
工业废水处理工(初级)
机械维修作业(2020)题库_20240814080404
2025年班组长考试题库(任哺生)
结业考试题库
题库-车辆中心车辆检修电气专业202506
附件4:笔试综合题库
单选题-输电线路
控制区人员准入考试题库
6.保护及馈线自动化(1122)
附件5:货运专业题库
国家电网公司2025年供应链管理专业学习试题汇总表(供应链管理通识部分)
总行(省纸打印版)
【安全知识考试】30-2-配电安规-配电一次运检专业
1162a318f275f88f109c0978e5c7f39c
机修试题-导题模版-0723-8-13(1)