NETSEC-ANALYST Exam Questions

An administrator is creating a Security policy rule and sees that the destination zone is grayed out. While creating the rule, which option was selected to cause this?

How many levels can there be in a device-group hierarchy, below the shared level?

Where in Panorama would Zone Protection profiles be configured?

Which parameter is used to view the Security policy rulebase as groups?

When a security rule is configured as Intrazone, which field cannot be changed?

An administrator is trying to understand which NAT policy is being matched. In what order does the firewall evaluate NAT policies?

Which policy set should be used to ensure that a policy is applied just before the default security rules?

Which rule type is appropriate for matching traffic occurring within a specified zone? How should the administrator configure the firewall to restrict users to specific email appli...

Review the screenshot below. Based on the information it contains, which protocol decoder will detect a machine-learning match, create a Threat log entry, and permit the traffic?

An interface can belong to how many Security Zones?

What are the two types of Administrator accounts? (Choose two.)

The Net Sec Manager asked to create a new Firewall Operator profile with customized privileges. In particular, the new firewall operator should be able to: Check the configuration...

Within the WildFire Analysis profile, which three items are configurable? (Choose three.)

Which Security profile can be used to configure sinkhole IPs m the DNS Sinkhole settings?

Which three management interface settings must be configured for functional dynamic updates and administrative access on a Palo Alto Networks firewall? (Choose three.)

How does the Policy Optimizer policy view differ from the Security policy view?

An administrator creates a new Security policy rule to allow DNS traffic from the LAN to the DMZ zones. The administrator does not change the rule type from its default value. What...

What do application filters help provide access to?

What is the function of an application group object?

How would a Security policy need to be written to allow outbound traffic using Secure Shell (SSH) to destination ports tcp/22 and tcp/4422?

Which type of DNS signatures are used by the firewall to identify malicious and command-and- control domains?

Which Security policy action will message a user's browser that their web session has been terminated?

In order to protect users against exploit kits that exploit a vulnerability and then automatically download malicious payloads, which Security profile should be configured?

Which verdict may be assigned to a WildFire sample?

To protect against illegal code execution, which Security profile should be applied?

Which three types of entries can be excluded from an external dynamic list? (Choose three.)

The Administrator profile "PCNSA Admin" is configured with an Authentication profile "Authentication Sequence PCNSA". The Authentication Sequence PCNSA has a profile list with four...

By default, which action is assigned to the intrazone-default rule?

A Panorama administrator would like to create an address object for the DNS server located in the New York City office, but does not want this object added to the other Panorama ma...

An administrator is troubleshooting an issue with traffic that matches the interzone-default rule, which is set to default configuration. What should the administrator do?

What is the default action for the SYN Flood option within the DoS Protection profile?

Application groups enable access to what?

Where does a user assign a tag group to a policy rule in the policy creation window?

What is used to monitor Security policy applications and usage?

What is considered best practice with regards to committing configuration changes?

Which Security profile generates an alert based on a threshold when the action is set to Alert?

Given the network diagram, which two statements are true about traffic between the User and Server networks? (Choose two.)

Which setting is available to edit when a tag is created on the local firewall?

With the PAN-OS 11.0 Nova release, which two attack options can new inline deep learning analysis engines detect and prevent? (Choose two.)

Which profile must be applied to the Security policy rule to block spyware on compromised hosts from trying to phone-home or beacon out to external command-and-control (C2) servers...

Which feature dynamically analyzes and detects malicious content by evaluating various web page details using a series of machine learning (ML) models?

An administrator is troubleshooting an issue with Office365 and expects that this traffic traverses the firewall. When reviewing Traffic Log entries, there are no logs matching tra...

When creating an address object, which option is available to select from the Type drop-down menu?

Ethernet 2/1 has an IP Address of 10.0.1.2 in Zone 'trust' (LAN). If both interfaces are connected to the same virtual router, which IP address information will an administrator ne...

Where within the URL Filtering security profile must a user configure the action to prevent credential submissions?

Which Security profile must be added to Security policies to enable DNS Signatures to be checked?

Which two Security profile actions can only be applied to DoS Protection profiles? (Choose two.)

Where can you apply URL Filtering policy in a Security policy rule?

Which interface types are assigned to IEEE 802.1Q VLANs?

Which three factors can be used to create malware based on domain generation algorithms? (Choose three.)