PCNSC: Palo Alto Networks Certified Network Security Consultant


Related questions
An existing customer who has deployed several Palo Alto Networks Next-Generation Firewalls would like to start using Device-ID to obtain policy rule recommendations They have also purchased a Support license, a Threat license a URL Filtering license, and a WildFire license for each firewall
What additional license do they need to purchase'?
A customer is adding a new site-to-site tunnel from a Palo Alto Networks NGFW to a third party with a policy based VPN peer After the initial configuration is completed and the changes are committed, phase 2 fails to establish
Which two changes may be required to fix the issue? (Choose two)
Which of the following WildFire action settings will ensure that a malicious file is quarantined and prevented from spreading?
How can you verify that a new security policy is correctly blocking traffic without disrupting the network?
A customer's Palo Alto Networks NGFW currently has only one security policy allowing all traffic They have identified that this is a substantial security risk and have heard that the Expedition tool can help them extract security policies from an 'allow any' rule
What should the consultant say about Expedition?
The Expedition tool can help the customer extract security policies from an 'allow any' rule by using its Machine Learning feature:
B . By using the Machine Learning feature, Expedition can parse the traffic log files related to the policy and extract security rules for matching traffic
Expedition can analyze traffic log files and apply machine learning algorithms to suggest security policies that match the observed traffic patterns. This helps in creating a more secure and granular policy set from a broad 'allow any' rule.
Palo Alto Networks - Expedition Documentation: https://live.paloaltonetworks.com/t5/expedition-migration-tool/ct-p/migration_tool
Palo Alto Networks - Using Machine Learning in Expedition: https://live.paloaltonetworks.com/t5/expedition-articles/expedition-machine-learning-overview/ta-p/260401
What is the maximum number of virtual systems supported by a Palo Alto Networks VM-300 firewall?
Which firewall interface type allows you to non-disruptively monitor traffic coming from a port operating in promiscuous mode?
Which touting configuration should you recommend lo a customer who wishes lo actively use multiple pathways to the same destination?
In an HA (High Availability) setup, what is the purpose of the HA3 link?
Which of the following is NOT a benefit of using App-ID?
Question