試験科目:「Palo Alto Networks Certified Network Security Engineer」
NO.1 In an enterprise deployment, a network security engineer wants to assign to a group of
administrators without creating local administrator accounts on the firewall.
Which authentication method must be used?
A. Certification based authentication
B. RADIUS with Vendor-Specific Attributes
D. Kerberos
Answer: B

NO.2 Several offices are connected with VPNs using static IPv4 routes.
An administrator has been tasked with implementing OSPF to replace static routing.
Which step is required to accomplish this goal?
A. Assign an IP address on each tunnel interface at each site
B. Create new VPN zones at each site to terminate each VPN connection
C. Assign OSPF Area ID to all Ethernet and tunnel interfaces
D. Enable OSPFv3 on each tunnel interface and use Area ID
Answer: C

NO.3 Which three options are available when creating a security profile? (Choose three)
B. Url Filtering
C. Anti-Malware
D. File Blocking
E. Antivirus
F. Threat Prevention
Answer: C,D,E

NO.4 Which Public Key infrastructure component is used to authenticate users for GlobalProtect
when the Connect Method is set to pre-logon?
A. Certificate revocation list
B. Trusted root certificate
C. Machine certificate
D. Online Certificate Status Protocol
Answer: C

