Summer Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: wrap60

Paloalto Networks NetSec-Pro Dumps

Page: 1 / 6
Total 60 questions

Palo Alto Networks Network Security Professional Questions and Answers

Question 1

An administrator wants to implement additional Cloud-Delivered Security Services (CDSS) on a data center NGFW that already has one enabled. What benefit does the NGFW’s single-pass parallel processing (SP3) architecture provide?

Options:

A.

It allows for traffic inspection at the application level.

B.

There will be no additional performance degradation.

C.

There will be only a minor reduction in performance.

D.

It allows additional security inspection devices to be added inline.

Question 2

When configuring Security policies on VM-Series firewalls, which set of actions will ensure the most comprehensive Security policy enforcement?

Options:

A.

Configure port-based policies, check threat logs weekly, conduct software updates annually, and enable decryption.

B.

Configure policies using User-ID and App-ID, enable decryption, apply appropriate security profiles to rules, and update regularly with dynamic updates.

C.

Configure all default policies provided by the firewall, use Policy Optimizer, and adjust security rules after an incident occurs.

D.

Configure a block policy for all malicious inbound traffic, configure an allow policy for all outbound traffic, and update regularly with dynamic updates.

Question 3

How does Strata Logging Service help resolve ever-increasing log retention needs for a company using Prisma Access?

Options:

A.

It increases resilience due to decentralized collection and storage of logs.

B.

Automatic selection of physical data storage regions decreases adoption time.

C.

It can scale to meet the capacity needs of new locations as business grows.

D.

Log traffic using the licensed bandwidth purchased for Prisma Access reduces overhead.

Question 4

Which two components of a Security policy, when configured, allow third-party contractors access to internal applications outside business hours? (Choose two.)

Options:

A.

App-ID

B.

Service

C.

User-ID

D.

Schedule

Question 5

What must be configured to successfully onboard a Prisma Access remote network using Strata Cloud Manager (SCM)?

Options:

A.

Cloud Identity Engine

B.

Autonomous Digital Experience Manager (ADEM)

C.

GlobalProtect agent

D.

IPSec termination node

Question 6

Using Prisma Access, which solution provides the most security coverage of network protocols for the mobile workforce?

Options:

A.

Explicit proxy

B.

Client-based VPN

C.

Enterprise browser

D.

Clientless VPN

Question 7

What occurs when a security profile group named “default” is created on an NGFW?

Options:

A.

It only applies to traffic that has been dropped due to the reset client action.

B.

It allows traffic to bypass all security checks by default.

C.

It negates all existing security profiles rules on new policy.

D.

It is automatically applied to all new security rules.

Question 8

Which action is only taken during slow path in the NGFW policy?

Options:

A.

Session lookup

B.

Layer 2—Layer 4 firewall processing

C.

SSL/TLS decryption

D.

Security policy lookup

Question 9

What key capability distinguishes Content-ID technology from conventional network security approaches?

Options:

A.

It performs packet header analysis short of deep packet inspection.

B.

It provides single-pass application layer inspection for real-time threat prevention.

C.

It exclusively monitors network traffic volumes.

D.

It relies primarily on reputation-based filtering.

Question 10

How are policies evaluated in the AWS management console when creating a Security policy for a Cloud NGFW?

Options:

A.

The administrator sets a rule order to determine the order in which they are evaluated.

B.

They can be dragged up or down the stack as they are evaluated.

C.

The administrator sets a rule priority to determine the order in which they are evaluated.

D.

They must be created in the order they are intended to be evaluated.

Question 11

How many places will a firewall administrator need to create and configure a custom data loss prevention (DLP) profile across Prisma Access and the NGFW?

Options:

A.

One

B.

Two

C.

Three

D.

Four

Question 12

Which GlobalProtect configuration is recommended for granular security enforcement of remote user device posture?

Options:

A.

Configuring host information profile (HIP) checks for all mobile users

B.

Configuring a rule that blocks the ability of users to disable GlobalProtect while accessing internal applications

C.

Implementing multi-factor authentication (MFA) for all users attempting to access internal applications

D.

Applying log at session end to all GlobalProtect Security policies

Question 13

Which two features can a network administrator use to troubleshoot the issue of a Prisma Access mobile user who is unable to access SaaS applications? (Choose two.)

Options:

A.

SaaS Application Risk Portal

B.

Capacity Analyzer

C.

GlobalProtect logs

D.

Autonomous Digital Experience Manager (ADEM) console

Question 14

Which zone is available for use in Prisma Access?

Options:

A.

Clientless VPN

B.

Interzone

C.

Intrazone

D.

DMZ

Question 15

A network security engineer needs to implement segmentation but is under strict compliance requirements to place security enforcement as close as possible to the private applications hosted in Azure. Which deployment style is valid and meets the requirements in this scenario?

Options:

A.

On a VM-Series NGFW, configure several Layer 2 zones with Layer 2 interfaces assigned to logically segment the network.

B.

On a PA-Series NGFW, configure several Layer 2 zones with Layer 2 interfaces assigned to logically segment the network.

C.

On a VM-Series NGFW, configure several Layer 3 zones with Layer 3 interfaces assigned to logically segment the network.

D.

On a PA-Series NGFW, configure several Layer 3 zones with Layer 3 interfaces assigned to logically segment the network.

Question 16

In a distributed enterprise implementing Prisma SD-WAN, which configuration element should be implemented first to ensure optimal traffic flow between remote sites and headquarters?

Options:

A.

Deploy redundant ION devices at each location.

B.

Implement dynamic path selection using real-time performance metrics.

C.

Configure static routes between all the branch offices.

D.

Enable split tunneling for all branch locations.

Question 17

Which functionality does an NGFW use to determine whether new session setups are legitimate or illegitimate?

Options:

A.

SYN bit

B.

SYN cookies

C.

Random Early Detection (RED)

D.

SYN flood protection

Question 18

In which two applications can Prisma Access threat logs for mobile user traffic be reviewed? (Choose two.)

Options:

A.

Prisma Cloud dashboard

B.

Strata Cloud Manager (SCM)

C.

Strata Logging Service

D.

Service connection firewall

Page: 1 / 6
Total 60 questions