Free Palo Alto Networks PCNSC Exam Dumps Questions & Answers

Instead of disabling App-IDs regularly, a security policy rule is going to be configured to temporarily allow new App-IDs. In which two circumstances is it valid to disable App-IDs as part of content update-?
(Choose two)

• A.  when disabling facebook-base to disable all other Facebook App-IDs
• B.  when an organization operates a mission-critical network and has zero tolerance for downtime
• C.  when you want to immediately benefit from the latest threat prevention
• D.  when planning to enable the App-IDs immediately

How can you verify that a new security policy is correctly blocking traffic without disrupting the network?

• A.  Implement the policy in a lab environment first
• B.  Disable all other rules temporarily
• C.  Enable logging on the rule and monitor the logs
• D.  Use the test security-policy-match CLI command

Which log type would you consult to diagnose why a specific URL is being blocked?

• A.  Data Filtering log
• B.  Traffic log
• C.  Threat log
• D.  URL Filtering log

Which GlobalProtect feature ensures that only trusted endpoints can connect to the network?

• A.  SSL Decryption
• B.  User-ID
• C.  App-ID
• D.  Host Information Profile (HIP)

A firewall that was previously connected lo a User-ID agent server now shows disconnected What is the likely cause?

• A.  The agent is not running
• B.  The firewall was upgraded to a PAN-OS version that is not compatible with the agent version
• C.  The server has stopped listening on port 2010
• D.  The Domain Controller service account has been locked out