최신Palo Alto Networks Next-Generation Firewall Engineer - NGFW-Engineer무료샘플문제
문제1
Which initial action is required to configure logical routers?
Which initial action is required to configure logical routers?
정답: C
설명: (ExamPassdump 회원만 볼 수 있음)
문제2
Which two statements describe an external zone in the context of virtual systems (VSYS) on a Palo Alto Networks firewall? (Choose two.)
Which two statements describe an external zone in the context of virtual systems (VSYS) on a Palo Alto Networks firewall? (Choose two.)
정답: A,C
설명: (ExamPassdump 회원만 볼 수 있음)
문제3
In a Palo Alto Networks environment, GlobalProtect has been enabled using certificate-based authentication for both users and devices. To ensure proper validation of certificates, one or more certificate profiles are configured.
What function do certificate profiles serve in this context?
In a Palo Alto Networks environment, GlobalProtect has been enabled using certificate-based authentication for both users and devices. To ensure proper validation of certificates, one or more certificate profiles are configured.
What function do certificate profiles serve in this context?
정답: A
설명: (ExamPassdump 회원만 볼 수 있음)
문제4
Which two zone types are valid when configuring a new security zone? (Choose two.)
Which two zone types are valid when configuring a new security zone? (Choose two.)
정답: B,D
설명: (ExamPassdump 회원만 볼 수 있음)
문제5
An administrator needs to perform several maintenance tasks on a managed firewall directly from the Panorama console without using the Context Switch feature.
Which set of tasks can the administrator fully execute from the Panorama UI?
An administrator needs to perform several maintenance tasks on a managed firewall directly from the Panorama console without using the Context Switch feature.
Which set of tasks can the administrator fully execute from the Panorama UI?
정답: D
설명: (ExamPassdump 회원만 볼 수 있음)
문제6
An automation engineer is developing a Python script to standardize SD-WAN deployments across multiple customer tenants in Panorama. A key requirement is to programmatically create path quality profiles to monitor link performance based on latency, jitter, and packet loss.
Which API call is required for this task?
An automation engineer is developing a Python script to standardize SD-WAN deployments across multiple customer tenants in Panorama. A key requirement is to programmatically create path quality profiles to monitor link performance based on latency, jitter, and packet loss.
Which API call is required for this task?
정답: C
설명: (ExamPassdump 회원만 볼 수 있음)
문제7
An administrator enables SSL Forward Proxy decryption using a self-signed certificate on a Palo Alto Networks firewall as the forward trust certificate. Shortly after, users report receiving "Your connection is not private" browser errors for all external websites.
What is the most likely cause of these widespread certificate errors?
An administrator enables SSL Forward Proxy decryption using a self-signed certificate on a Palo Alto Networks firewall as the forward trust certificate. Shortly after, users report receiving "Your connection is not private" browser errors for all external websites.
What is the most likely cause of these widespread certificate errors?
정답: D
설명: (ExamPassdump 회원만 볼 수 있음)
문제8
A network administrator is establishing a site-to-site VPN between a Palo Alto Networks firewall and a partner's Check Point Security Gateway. The partner has provided a specific list of local and remote IP address subnets that are permitted through the tunnel. The initial tunnel configuration on the PAN-OS firewall fails during the IKE Phase 2 exchange.
Which configuration step is essential to ensure compatibility with the policy-based Check Point gateway?
A network administrator is establishing a site-to-site VPN between a Palo Alto Networks firewall and a partner's Check Point Security Gateway. The partner has provided a specific list of local and remote IP address subnets that are permitted through the tunnel. The initial tunnel configuration on the PAN-OS firewall fails during the IKE Phase 2 exchange.
Which configuration step is essential to ensure compatibility with the policy-based Check Point gateway?
정답: C
설명: (ExamPassdump 회원만 볼 수 있음)
문제9
An NGFW engineer is establishing bidirectional connectivity between the accounting virtual system (VSYS) and the marketing VSYS. The traffic needs to transition between zones without leaving the firewall (no external physical connections). The interfaces for each VSYS are assigned to separate virtual routers (VRs), and inter-VR static routes have been configured. An external zone has been created correctly for each VSYS.
Security policies have been added to permit the desired traffic between each zone and its respective external zone. However, the desired traffic is still unable to successfully pass from one VSYS to the other in either direction.
Which additional configuration task is required to resolve this issue?
An NGFW engineer is establishing bidirectional connectivity between the accounting virtual system (VSYS) and the marketing VSYS. The traffic needs to transition between zones without leaving the firewall (no external physical connections). The interfaces for each VSYS are assigned to separate virtual routers (VRs), and inter-VR static routes have been configured. An external zone has been created correctly for each VSYS.
Security policies have been added to permit the desired traffic between each zone and its respective external zone. However, the desired traffic is still unable to successfully pass from one VSYS to the other in either direction.
Which additional configuration task is required to resolve this issue?
정답: D
설명: (ExamPassdump 회원만 볼 수 있음)
문제10
An engineer is configuring a site-to-site IPSec VPN to a partner network. The IKE Gateway and IPSec tunnel configurations are complete, and the tunnel interface has been assigned to a security zone. However, the tunnel fails to establish, and no application traffic passes through it once it is up.
Which two Security policy configurations are required to allow tunnel establishment and data traffic flow in this scenario? (Choose two.)
An engineer is configuring a site-to-site IPSec VPN to a partner network. The IKE Gateway and IPSec tunnel configurations are complete, and the tunnel interface has been assigned to a security zone. However, the tunnel fails to establish, and no application traffic passes through it once it is up.
Which two Security policy configurations are required to allow tunnel establishment and data traffic flow in this scenario? (Choose two.)
정답: A,C
설명: (ExamPassdump 회원만 볼 수 있음)