PCNSC 2
PCNSC 2
PCNSC
Palo Alto Networks Certified Network Security Consultant
QUESTION & ANSWERS
https://www.dumpscore.com/palo-alto-networks/PCNSC-braindumps
QUESTION: 1
An existing customer who has deployed several Palo Alto Networks Next-Generation Firewalls would like to
start using Device-ID to obtain policy rule recommendations They have also purchased a Support license, a
Threat license a URL Filtering license, and a WildFire license for each firewall What additional license do they
need to purchase"?
Correct Answer: A
Explanation/Reference:
To start using Device-ID to obtain policy rule recommendations, the customer needs to purchase: A.a Cortex Data Lake license
The Cortex Data Lake is a cloud-based logging service that aggregates data from all Palo Alto Networks products and services.
Device-ID uses this data to provide insights and recommendations for policy rules based on the identities of devices on the
network. References: Palo Alto Networks - Cortex Data Lake: https://docs.paloaltonetworks.com/cortex/cortex-data-lake Palo
enforce-policy
QUESTION: 2
Match the task for server settings in group mapping with its order in the process.
https://www.dumpscore.com/palo-alto-networks/PCNSC-braindumps
Answer :
Explanation/Reference:
To configure group mapping on a Palo Alto Networks firewall, follow these steps in order: Navigate to Device > User
Identification > Group Mapping: This is the initial step where you access the group mapping settings in the web interface. Add
a new group mapping: After navigating to the group mapping section, the next step is to add a new group mapping
configuration. Enter a unique name to identify the group mapping configuration: Provide a unique and descriptive name for the
new group mapping configuration to easily identify it.Create an LDAP Server Profile: This step involves creating an LDAP Server
Profile, which defines the connection settings for the LDAP server that will be queried for user and group information. Select the
LDAP Server Profile: Finally, associate the created LDAP Server Profile with the group mapping configuration. This links the
group mapping to the specific LDAP server. Order in Process: Navigate to Device > User Identification > Group Mapping Add a
new group mapping. Enter a unique name to identify the group mapping configuration. Create an LDAP Server Profile. Select
the LDAP Server Profile. References: Palo Alto Networks - Configuring Group Mapping: https://docs.paloaltonetworks.com/pan-
os/10-0/pan-os-admin/user-id/map-users-to-groups Palo Alto Networks - User-ID Agent and Group Mapping Configuration:
https://knowledgebase.paloaltonetworks.com
https://www.dumpscore.com/palo-alto-networks/PCNSC-braindumps
QUESTION: 3
Match the App-ID adoption task with its order in the process.
Answer :
Explanation/Reference:
To match the App-ID adoption task with its order in the process, follow these steps: Perform a like-for-like (Layer 3/4) migration
from the legacy firewall to the Palo Alto Networks NGFW. This is the initial step to ensure that the Palo Alto Networks NGFW is
in place and functioning with the existing security policies. Capture, retain, and verify that all traffic has been logged for a
period of time. This step involves enabling logging and monitoring traffic to understand the application usage and to ensure
that all traffic is being logged. Clone the legacy rules and add application information to the intended application-based rules.
This step involves creating copies of the existing rules and enhancing them with application-specific information using App-ID.
Verify that no traffic is hitting the legacy rules.After creating application-based rules, ensure that traffic is now hitting these
new rules instead of the legacy rules. This indicates that the transition to App-ID based policies is successful. Remove the
legacy rules. Once it is confirmed that no traffic is hitting the legacy rules and the new App-ID based rules are effectively
managing the traffic, the legacy rules can be safely removed. Order in Process: Perform a like-for-like (Layer 3/4) migration
https://www.dumpscore.com/palo-alto-networks/PCNSC-braindumps
from the legacy firewall to the Palo Alto Networks NGFW. Capture, retain, and verify that all traffic has been logged for a period
of time. Clone the legacy rules and add application information to the intended application-based rules. Verify that no traffic is
hitting the legacy rules. Remove the legacy rules. References: Palo Alto Networks - App-ID Best Practices:
https://docs.paloaltonetworks.com/migration
QUESTION: 4
Which category of Vulnerability Signatures is most likely to trigger false positive alerts?
Option A : code-execution
Option B : phishing
Option C : info-leak
Option D : brute-force
Correct Answer: C
Explanation/Reference:
The category of Vulnerability Signatures that is most likely to trigger false positive alerts is: C.info-leak Information leakage
signatures are designed to detect attempts to access or disclose sensitive information. These signatures can be prone to false
positives because benign activities or legitimate data transmissions can sometimes be mistakenly identified as information
leaks. References: Palo Alto Networks - Managing False Positives in Threat Prevention: https://docs.paloaltonetworks.com/pan-
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/threat-prevention/vulnerability-protection
QUESTION: 5
Which feature allows you to use multiple links simultaneously to balance the load in a Palo Alto Networks
firewall?
https://www.dumpscore.com/palo-alto-networks/PCNSC-braindumps
Option C : Virtual Wire
Correct Answer: D
QUESTION: 6
Which two log types are necessary to fully investigate a network intrusion? (Choose two)
https://www.dumpscore.com/palo-alto-networks/PCNSC-braindumps