ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSC
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A customer's Palo Alto Networks NGFW currently has only one security policy allowing all traffic They have identified that this is a substantial security risk and have heard that the Expedition tool can help them extract security policies from an 'allow any' rule What should the consultant say about Expedition?
How can you verify that a new security policy is correctly blocking traffic without disrupting the network?
An existing customer who has deployed several Palo Alto Networks Next-Generation Firewalls would like to start using Device-ID to obtain policy rule recommendations They have also purchased a Support license, a Threat license a URL Filtering license, and a WildFire license for each firewall What additional license do they need to purchase'?
You are hosting a public-facing web server on your DMZ and access to that server is through a Palo Alto Networks firewall Both internal clients and internet clients access this web server using the FQDN public webserver acme com which resolves to the public address of 99.99 99.2 Which combination of NAT policies is necessary to enable access to the web server for both internal and internet clients? A) B) C) D)
Which two log types are necessary to fully investigate a network intrusion? (Choose two)
Instead of disabling App-IDs regularly, a security policy rule is going to be configured to temporarily allow new App-IDs. In which two circumstances is it valid to disable App-IDs as part of content update-? (Choose two)
In Panorama, what is the correct order of precedence for security policies?
What is the maximum number of virtual systems supported by a Palo Alto Networks VM-300 firewall?
Which GlobalProtect feature ensures that only trusted endpoints can connect to the network?
Which CLI command should you use to verify whether all SFP SFP*, or QSFP modules are installed in a firewall?

Question 2 - PCNSC discussion

Report
Export

Examine the configured Security policy rule Which day one/Iron Skillet Security Profile Group is used to secure the traffic that is permitted through this rule?

A.
Inbound
Answers
A.
Inbound
B.
Outbound
Answers
B.
Outbound
C.
Internal
Answers
C.
Internal
D.
Detautl
Answers
D.
Detautl
Suggested answer: C

Explanation:

The security policy rule shown in the image is configured to permit traffic from a source zone LAN-User-Zone to a destination zone Server-Zone. The applications allowed include tftp, ssl, and web-browsing, and the action is allow. According to Iron Skillet day one configurations, which provide best practice security profiles for immediate deployment, the relevant security profile group used to secure internal traffic like this is the Internal profile group.

Iron Skillet provides predefined configuration templates including security profile groups like Internal, External, and others to quickly secure traffic according to typical deployment scenarios.

Palo Alto Networks - Iron Skillet Documentation: https://github.com/PaloAltoNetworks/iron-skillet

Show Answer
asked 23/09/2024
Ramesh K
42 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms