NGFW-Engineer 試験問題を無料オンラインアクセス

Which zone type allows traffic between zones in different virtual systems (VSYS), without the traffic leaving the firewall?

• A.External
• B.Isolated
• C.Internal
• D.Transient

In a hybrid cloud deployment, what is the primary function of Ansible in managing Palo Alto Networks NGFWs?

• A.It automates NGFW policy updates and configurations through playbooks.
• B.It enables centralized log collection and correlation for NGFWs.
• C.It facilitates dynamic updates to NGFW threat databases.
• D.It provides a web interface for managing NGFW hardware clusters.

Which two zone types are valid when configuring a new security zone? (Choose two.)

• A.Tunnel
• B.Virtual Wire
• C.Internal
• D.Intrazone

In a Palo Alto Networks environment, GlobalProtect has been enabled using certificate-based authentication for both users and devices. To ensure proper validation of certificates, one or more certificate profiles are configured.
What function do certificate profiles serve in this context?

• A.They define trust anchors (root / intermediate Certificate Authorities (CAs)), specify revocation checks (CRL/OCSP), and map certificate attributes (e.g., CN) for user or device authentication.
• B.They allow the firewall to bypass certificate validation entirely, focusing only on username / password-based authentication.
• C.They store private keys for users and devices, effectively allowing the firewall to issue or reissue certificates if the primary Certificate Authority (CA) becomes unavailable, providing a built-in fallback CA to maintain continuous certificate issuance and authentication.
• D.They provide a one-click mechanism to distribute certificates to all endpoints without relying on external enrollment methods.

According to dynamic updates best practices, what is the recommended threshold value for content updates in a mission- critical network?

• A.32 hours
• B.48 hours
• C.8 hours
• D.16 hours