NETSEC-ANALYST Exam Questions

An internal host wants to connect to servers of the internet through using source NAT. Which policy is required to enable source NAT on the firewall?

Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?

Which path in PAN-OS 10.0 displays the list of port-based security policy rules?

Which two components are utilized within the Single-Pass Parallel Processing architecture on a Palo Alto Networks Firewall? (Choose two.)

Which path is used to save and load a configuration with a Palo Alto Networks firewall?

Which action related to App-ID updates will enable a security administrator to view the existing security policy rule that matches new application signatures?

How do you reset the hit count on a Security policy rule?

Given the topology, which zone type should you configure for firewall interface E1/1?

Which interface type is part of a Layer 3 zone with a Palo Alto Networks firewall?

Which firewall plane provides configuration, logging, and reporting functions on a separate processor?

A security administrator has configured App-ID updates to be automatically downloaded and installed. The company is currently using an application identified by App-ID as SuperApp_...

How many zones can an interface be assigned with a Palo Alto Networks firewall?

Which two configuration settings shown are not the default? (Choose two.)

Which data-plane processor layer of the graphic shown provides uniform matching for spyware and vulnerability exploits on a Palo Alto Networks Firewall?

Which option shows the attributes that are selectable when setting up application filters?

Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choice to block the same URL then which choice would be the...

Which data flow direction is protected in a zero-trust firewall deployment that is not protected in a perimeter-only firewall deployment?

Which definition describes the guiding principle of the zero-trust architecture?

All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone. Complete the two empty fields in the Security policy rules that permits only this t...

In which profile should you configure the DNS Security feature?

Which two statements are true for the DNS Security service introduced in PAN-OS version 10.0? (Choose two.)

Which two features can be used to tag a username so that it is included in a dynamic user group? (Choose two.)

The CFO found a malware infected USB drive in the parking lot, which when inserted infected their corporate laptop. The malware contacted a known command- and-control server, which...

You must configure which firewall feature to enable a data-plane interface to submit DNS queries on behalf of the control plane?

Which component provides network security for mobile endpoints by inspecting traffic routed through gateways?

For the firewall to use Active Directory to authenticate users, which Server Profile is required in the Authentication Profile?

Which operations are allowed when working with App-ID application tags?

Your company occupies one floor in a single building. You have two Active Directory domain controllers on a single network. The firewall's management plane is only slightly utilize...

Which type of administrative role must you assign to a firewall administrator account, if the account must include a custom set of firewall permissions?

Which statement is true regarding a Heatmap report?

Based on the screenshot presented, which column contains the link that when clicked, opens a window to display all applications matched to the policy rule?

Access to which feature requires the PAN-OS Filtering license?

Based on the screenshot, what is the purpose of the Included Groups?

Based on the graphic, which statement accurately describes the output shown in the Server Monitoring panel?

Which action results in the firewall blocking network traffic without notifying the sender?

What do Dynamic User Groups help you to do?

Which security policy rule would be needed to match traffic that passes between the Outside zone and Inside zone, but does not match traffic that passes within the zones?

You notice that protection is needed for traffic within the network due to malicious lateral movement activity. Based on the image shown, which traffic would you need to monitor an...

Based on the shown security policy, which Security policy rule would match all FTP traffic from the inside zone to the outside zone?

Which plane on a Palo Alto Networks Firewall provides configuration, logging, and reporting functions on a separate processor?

Which Palo Alto network security operating platform component provides consolidated policy creation and centralized management?

Which type of firewall configuration contains in-progress configuration changes?

Which link in the web interface enables a security administrator to view the security policy rules that match new application signatures?

At which stage of the cyber-attack lifecycle would the attacker attach an infected PDF file to an email?

How frequently can wildfire updates be made available to firewalls?

Which data flow direction is protected in a zero trust firewall deployment that is not protected in a perimeter-only firewall deployment?

Which protocol is used to map usernames to user groups when User-ID is configured?

Which Palo Alto networks security operating platform service protects cloud-based application such as Dropbox and salesforce by monitoring permissions and shared and scanning files...

Which three interface deployment methods can be used to block traffic flowing through the Palo Alto Networks firewall? (Choose three.)

Which three statements describe the operation of Security policy rules and Security Profiles? (Choose three.)