PCNSC試験無料問題集「Palo Alto Networks Certified Network Security Consultant 認定」
A customer has a five-year-old firewall in production in the time since the firewall was installed, the IT team deleted unused security policies on a regular basis but they did not remove the address objects and groups that were part ofthese security policies.
What is the best way to delete all of the unused address objects on the firewall?
What is the best way to delete all of the unused address objects on the firewall?
正解:A
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
A customer has deployed a GlobalProtect portal and gateway as its remote-access VPN solution for its fleet of Windows 10 laptops The customer wants to use Host information Profile (HIP) data collected at the GlobalProtect gateway throughout its enterprise as an additional means of policy enforcement What additional licensing must the customer purchase?
正解:B
解答を投票する
Match the App-ID adoption task with its order in the process.
正解:
Explanation:
To match the App-ID adoption task with its order in the process, follow these steps:
* Perform a like-for-like (Layer 3/4) migration from the legacy firewall to the Palo Alto Networks NGFW.
* This is the initial step to ensure that the Palo Alto Networks NGFW is in place and functioning with the existing security policies.
* Capture, retain, and verify that all traffic has been logged for a period of time.
* This step involves enabling logging and monitoring traffic to understand the application usage and to ensure that all traffic is being logged.
* Clone the legacy rules and add application information to the intended application-based rules.
* This step involves creating copies of the existing rules and enhancing them with application-specific information using App-ID.
* Verify that no traffic is hitting the legacy rules.
* After creating application-based rules, ensure that traffic is now hitting these new rules instead of the legacy rules. This indicates that the transition to App-ID based policies is successful.
* Remove the legacy rules.
* Once it is confirmed that no traffic is hitting the legacy rules and the new App-ID based rules are effectively managing the traffic, the legacy rules can be safely removed.
Order in Process:
* Perform a like-for-like (Layer 3/4) migration from the legacy firewall to the Palo Alto Networks NGFW.
* Capture, retain, and verify that all traffic has been logged for a period of time.
* Clone the legacy rules and add application information to the intended application-based rules.
* Verify that no traffic is hitting the legacy rules.
* Remove the legacy rules.
References:
* Palo Alto Networks - App-ID Best Practices: https://docs.paloaltonetworks.com/best-practices
* Palo Alto Networks - Migration from Legacy Firewalls: https://docs.paloaltonetworks.com/migration
A customer is adding a new site-to-site tunnel from a PaloAlto Networks NGFW to a third party with a policy based VPN peer After the initial configuration is completed and the changes are committed, phase 2 fails to establish Which two changes may be required to fix the issue? (Choose two)
正解:B,C
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)