Summer Sale Discount Flat 70% Offer - Ends in 0d 00h 00m 00s - Coupon code: 70diswrap

Paloalto Networks NetSec-Pro Dumps

Page: 1 / 7
Total 73 questions

Palo Alto Networks Network Security Professional Questions and Answers

Question 1

How can a firewall administrator block a list of 300 unique URLs in the most time-efficient manner?

Options:

A.

Use application filters to block the App-IDs.

B.

Use application groups to block the App-IDs.

C.

Import the list into a custom URL category.

D.

Block multiple predefined URL categories.

Question 2

Which set of practices should be implemented with Cloud Access Security Broker (CASB) to ensure robust data encryption and protect sensitive information in SaaS applications?

Options:

A.

Do not enable encryption for data-at-rest to improve performance.

B.

Use default encryption keys provided by the SaaS provider.

C.

Perform annual encryption key rotations.

D.

Enable encryption for data-at-rest and in transit, regularly update encryption keys, and use strong encryption algorithms.

Question 3

What key capability distinguishes Content-ID technology from conventional network security approaches?

Options:

A.

It performs packet header analysis short of deep packet inspection.

B.

It provides single-pass application layer inspection for real-time threat prevention.

C.

It exclusively monitors network traffic volumes.

D.

It relies primarily on reputation-based filtering.

Question 4

Which functionality does an NGFW use to determine whether new session setups are legitimate or illegitimate?

Options:

A.

SYN bit

B.

SYN cookies

C.

Random Early Detection (RED)

D.

SYN flood protection

Question 5

A cloud security architect is designing a certificate management strategy for Strata Cloud Manager (SCM) across hybrid environments. Which practice ensures optimal security with low management overhead?

Options:

A.

Deploy centralized certificate automation with standardized protocols and continuous monitoring.

B.

Implement separate certificate authorities with independent validation rules for each cloud environment.

C.

Configure manual certificate deployment with quarterly reviews and environment-specific security protocols.

D.

Use cloud provider default certificates with scheduled synchronization and localized renewal processes.

Question 6

A network security engineer wants to forward Strata Logging Service data to tools used by the Security Operations Center (SOC) for further investigation. In which best practice step of Palo Alto Networks Zero Trust does this fit?

Options:

A.

Map and Verify Transactions

B.

Implementation

C.

Standards and Designs

D.

Report and Maintenance

Question 7

Which two GlobalProtect modes allow partial users to access internal apps via GlobalProtect while other users access internal apps through third-party VPN?

Options:

A.

Proxy

B.

Hybrid, Proxy + Tunnel

C.

Clientless VPN only

D.

Always-On Tunnel only

Question 8

How many places will a firewall administrator need to create and configure a custom data loss prevention (DLP) profile across Prisma Access and the NGFW?

Options:

A.

One

B.

Two

C.

Three

D.

Four

Question 9

Which action is only taken during slow path in the NGFW policy?

Options:

A.

Session lookup

B.

Layer 2—Layer 4 firewall processing

C.

SSL/TLS decryption

D.

Security policy lookup

Question 10

How are policies evaluated in the AWS management console when creating a Security policy for a Cloud NGFW?

Options:

A.

The administrator sets a rule order to determine the order in which they are evaluated.

B.

They can be dragged up or down the stack as they are evaluated.

C.

The administrator sets a rule priority to determine the order in which they are evaluated.

D.

They must be created in the order they are intended to be evaluated.

Question 11

Which procedure is most effective for maintaining continuity and security during a Prisma Access data plane software upgrade?

Options:

A.

Back up configurations, schedule upgrades during off-peak hours, and use a phased approach rather than attempting a network-wide rollout.

B.

Use Strata Cloud Manager (SCM) to perform dynamic upgrades automatically and simultaneously across all locations at once to ensure network-wide uniformity.

C.

Disable all security features during the upgrade to prevent conflicts and re-enable them after completion to ensure a smooth rollout process.

D.

Perform the upgrade during peak business hours, quickly address any user-reported issues, and ensure immediate troubleshooting post-rollout.

Question 12

A network security engineer has created a Security policy in Prisma Access that includes a negated region in the source address. Which configuration will ensure there is no connectivity loss due to the negated region?

Options:

A.

Set the service to be application-default.

B.

Create a Security policy for the negated region with destination address “any”.

C.

Add a Dynamic Application Group to the Security policy.

D.

Add all regions that contain private IP addresses to the source address.

Question 13

What is a necessary step for creation of a custom Prisma Access report on Strata Cloud Manager (SCM)?

Options:

A.

Open a support ticket.

B.

Set up Cloud Identity Engine.

C.

Generate a PDF summary report.

D.

Configure a dashboard.

Question 14

Which action allows an engineer to collectively update VM-Series firewalls with Strata Cloud Manager (SCM)?

Options:

A.

Creating an update grouping rule

B.

Scheduling software update

C.

Creating a device grouping rule

D.

Setting a target OS version

Question 15

Which set of attributes is used by IoT Security to identify and classify appliances on a network when determining Device-ID?

Options:

A.

IP address, network traffic patterns, and device type

B.

MAC address, device manufacturer, and operating system

C.

Hostname, application usage, and encryption method

D.

Device model, firmware version, and user credential

Question 16

Which two prerequisites must be evaluated when decrypting internet-bound traffic? (Choose two.)

Options:

A.

RADIUS profile

B.

Incomplete certificate chains

C.

Certificate pinning

D.

SAML certificate

Question 17

Which AI-powered solution provides unified management and operations for NGFWs and Prisma Access?

Options:

A.

Strata Cloud Manager (SCM)

B.

Autonomous Digital Experience Manager (ADEM)

C.

Prisma Access Browser

D.

Panorama

Question 18

What configurations are supported for Traffic Steering of Remote Network in Prisma Access?

Options:

A.

EDL

B.

DAG, Dynamic Address Group

C.

BGP AS Path prepend only

D.

Static NAT policy only

Question 19

A company has an ongoing initiative to monitor and control IT-sanctioned SaaS applications. To be successful, it will require configuration of decryption policies, along with data filtering and URL Filtering Profiles used in Security policies. Based on the need to decrypt SaaS applications, which two steps are appropriate to ensure success? (Choose two.)

Options:

A.

Configure SSL Forward Proxy.

B.

Validate which certificates will be used to establish trust.

C.

Configure SSL Inbound Inspection.

D.

Create new self-signed certificates to use for decryption.

Question 20

Which firewall attribute can an engineer use to simplify rule creation and automatically adapt to changes in server roles or security posture based on log events?

Options:

A.

Address objects

B.

Dynamic Address Groups

C.

Dynamic User Groups

D.

Predefined IP addresses

Question 21

Which configurations on hosts are supported for detection by HIP?

Options:

A.

Anti-malware

B.

Disk Encryption

C.

VLAN ID

D.

BGP peer state

Page: 1 / 7
Total 73 questions