NETSEC-GENERALIST Practice Questions
70 real NETSEC-GENERALIST exam questions with expert-verified answers and explanations. Page 1 of 2.
- Question #1Palo Alto Networks Panorama Configuration and Management
An administrator has imported a pair of firewalls to Panorama under the same template stack. As a part of the template stack, the administrator wants to create a high availability...
PanoramaTemplate VariablesHigh Availability (HA)Configuration Management - Question #2Network Address Translation (NAT) Configuration
At a minimum, which action must be taken to ensure traffic coming from outside an organization to the DMZ can access the DMZ zone for a company using private IP address space?
NATDestination NATDMZFirewall Policies - Question #3SD-WAN Security and Deployment
In which mode should an ION device be configured at a newly acquired site to allow site traffic to be audited without steering traffic?
ION device modesSD-WAN deploymentTraffic auditingNetwork monitoring - Question #4NGFW Threat Prevention
Which functionality does an NGFW use to determine whether new session setups are legitimate or illegitimate?
NGFWSYN Flood ProtectionTCP Handshake SecurityFirewall Features - Question #5Prisma SD-WAN Traffic Optimization
A network engineer needs to configure a Prisma SD-WAN environment to optimize and secure traffic flow between branch offices and the data center. Which action should the engineer p...
SD-WANTraffic OptimizationDynamic Path SelectionNetwork Performance - Question #6Zero Trust Network Access (ZTNA) Architecture and Implementation
Why would an enterprise architect use a Zero Trust Network Access (ZTNA) connector instead of a service connection for private application access?
ZTNAZTNA ConnectorApplication DiscoverySecurity Policy Automation - Question #7Secure Cloud Application Access
A company uses Prisma Access to provide secure connectivity for mobile users to access its corporate-sanctioned Google Workspace and wants to block access to all unsanctioned Googl...
Prisma AccessTenant RestrictionsGoogle WorkspaceSaaS Security - Question #8Cloud Security Deployment and High Availability
Which two cloud deployment high availability (HA) options would cause a firewall administrator to use Cloud NGFW? (Choose two.)
Cloud NGFWHigh AvailabilityAutoscalingCloud Load Balancing - Question #9Prisma Access Deployment and Connectivity
A company currently uses Prisma Access for its mobile users. A use case is discovered in which mobile users will need to access an internal site, but there is no existing network c...
Prisma AccessService ConnectionSASE ConnectivityRemote User Access - Question #10Cloud NGFW Operations
How are content updates downloaded and installed for Cloud NGFWs?
Cloud NGFWContent UpdatesAutomatic UpdatesOperational Management - Question #11Palo Alto Networks Cloud-Delivered Security Services
Which Cloud-Delivered Security Services (CDSS) solution is required to configure and enable Advanced DNS Security?
Palo Alto NetworksCloud-Delivered Security ServicesAdvanced DNS SecurityAdvanced Threat Prevention - Question #12Cloud and Container Security
What is the main security benefit of adding a CN-Series firewall to an existing VM-Series firewall deployment when the customer is using containers?
Container SecurityPalo Alto Networks CN-SeriesMicrosegmentationLateral Movement Prevention - Question #13Security Operations and Management
An IT security administrator is maintaining connectivity and security between on-premises infrastructure, private cloud, and public cloud environments in Strata Cloud Manager (SCM)...
Certificate ManagementPKIHybrid Cloud SecuritySecurity Best Practices - Question #14Next-Generation Firewall Fundamentals
Which statement best demonstrates a fundamental difference between Content-ID and traditional network security methods?
Content-IDNext-Generation FirewallApplication Layer Security - Question #15Threat Prevention
Which two SSH Proxy decryption profile configurations will reduce network attack surface? (Choose two.)
SSH DecryptionAttack Surface ReductionSecurity Best PracticesThreat Prevention - Question #16Centralized Management and Operations
Which feature is available in both Panorama and Strata Cloud Manager (SCM)?
Palo Alto PanoramaStrata Cloud ManagerPolicy OptimizationCentralized Management - Question #17Palo Alto Networks Licensing and Subscription Management
Which action in the Customer Support Portal is required to generate authorization codes for Software NGFWs?
Palo Alto Networks Customer Support PortalSoftware NGFW LicensingDeployment ProfilesAuthorization Codes - Question #18Implement and Manage GlobalProtect for Secure Remote Access
Which two pieces of information are needed prior to deploying server certificates from a trusted third-party certificate authority (CA) to GlobalProtect components? (Choose two.)
Server CertificatesPKIGlobalProtectSubject Alternative Name (SAN) - Question #19Threat Prevention
In conjunction with Advanced URL Filtering, which feature can be enabled after usemame-to-IP mapping is set up?
Credential Phishing PreventionAdvanced URL FilteringUser-IDPalo Alto Networks - Question #20Threat Prevention Content Management
Which two content updates can be pushed to next-generation firewalls from Panorama? (Choose two.)
Panorama AdministrationContent UpdatesThreat PreventionNGFW Features - Question #21Configure Network Address Translation and Security Policies
Refer to the exhibit. A network administrator is using DNAT to map two servers to one public IP address. Traffic will be directed to a specific server based on the application, whe...
DNATSecurity PolicyApplication IdentificationPort Forwarding - Question #22Implementing and Managing Decryption
A company has an ongoing initiative to monitor and control IT-sanctioned SaaS applications. To be successful, it will require configuration of decryption policies, along with data...
SSL DecryptionSSL Forward ProxyCertificatesSaaS Security - Question #23Palo Alto Networks Security Subscriptions and Services
Which subscription sends non-file format-based traffic that matches Data Filtering Profile criteria to a cloud service to render a verdict?
Enterprise DLPData FilteringPalo Alto Networks SubscriptionsCloud Security - Question #24Decryption
Which NGFW function can be used to enhance visibility, protect, block, and log the use of Post- quantum Cryptography (PQC)?
NGFW DecryptionPost-quantum CryptographyEncrypted Traffic InspectionTraffic Visibility - Question #25Application Identification and Control
What are two ways to create an App-ID for unknown applications? (Choose two.)
App-IDCustom ApplicationsApplication IdentificationPalo Alto Networks Features - Question #26Threat Prevention Configuration
Which two security profiles must be updated to prevent data exfiltration in outbound traffic on NGFWs? (Choose two.)
Data ExfiltrationSecurity ProfilesPalo Alto Networks NGFWContent Filtering - Question #27Logging and Monitoring
All branch sites in an organization have NGFWs running in production, and the organization wants to centralize its logs with Strata Logging Service. Which type of certificate is re...
CertificatesPKIStrata Logging ServiceNGFW Integration - Question #28Palo Alto Networks Multitenancy and Virtual Systems
What is a benefit of virtual systems for multitenancy?
Virtual Systems (vSys)MultitenancyNetwork SegmentationSecurity Isolation - Question #29Threat Prevention
Which action must a firewall administrator take to incorporate custom vulnerability signatures into current Security policies?
Custom SignaturesVulnerability ProtectionSecurity Policy ConfigurationPAN-OS Objects - Question #30Decryption
Which step is necessary to ensure an organization is using the inline cloud analysis features in its Advanced Threat Prevention subscription?
SSL DecryptionAdvanced Threat PreventionCloud-Delivered Security ServicesTraffic Inspection - Question #31Palo Alto Networks Centralized Management
How many places will a firewall administrator need to create and configure a custom data loss prevention (DLP) profile across Prisma Access and the NGFW?
DLPPrisma AccessNGFWCentralized Management - Question #32Operational Monitoring and Performance Management
Infrastructure performance issues and resource constraints have prompted a firewall administrator to monitor hardware NGFW resource statistics. Which AlOps feature allows the admin...
AIOpsNGFWPerformance MonitoringCapacity Planning - Question #33Prisma Access Architecture and Features
Which zone is available for use in Prisma Access?
Prisma AccessZonesClientless VPNSASE - Question #34VM-Series Deployment and Management
Which two configurations are required when creating deployment profiles to migrate a perpetual VM-Series firewall to a flexible VM? (Choose two.)
VM-SeriesFlexible LicensingDeployment ProfilesPanorama Management - Question #35Security Operations and Monitoring
A network security engineer wants to forward Strata Logging Service data to tools used by the Security Operations Center (SOC) for further investigation. In which best practice ste...
Zero Trust ArchitectureLogging and MonitoringSecurity OperationsSecurity Best Practices - Question #36Centralized Management and Configuration Deployment
What is the most efficient way in Strata Cloud Manager (SCM) to apply a Security policy to all ten firewalls in one data center?
SCM ManagementPolicy DeploymentConfiguration ScopeDevice Groups - Question #37Cloud NGFW Traffic Processing and Logging
Based on the image below, which source IP address will be seen in the data filtering logs of the Cloud NGFW for AWS with the default rulestack settings?
Cloud NGFWAWS NetworkingNetwork Address Translation (NAT)Firewall Logging - Question #38IoT Security and Device Classification
Which type of traffic can a firewall use for proper classification and visibility of internet of things (loT) devices?
IoT SecurityDevice IdentificationDHCP ProtocolFirewall Visibility - Question #39Network Configuration
A firewall administrator wants to segment the network traffic and prevent noncritical assets from being able to access critical assets on the network. Which action should the admin...
Network SegmentationSecurity ZonesFirewall InterfacesPalo Alto Networks - Question #40SaaS Application Security
A security administrator is adding a new sanctioned cloud application to SaaS Data Security. After authentication, how does the tool gain API access for monitoring?
SaaS Data SecurityAPI IntegrationCloud SecurityAuthorization Tokens - Question #41Network Security Architecture and Design
Which network design for internet of things (loT) Security allows traffic mirroring from the switch to a TAP interface on the firewall to monitor traffic not otherwise seen?
IoT SecurityNetwork MonitoringTraffic MirroringFirewall Deployment - Question #42Managing Security Policies in Hybrid and Multi-Cloud Environments
With Strata Cloud Manager (SCM), which action will efficiently manage Security policies across multiple cloud providers and on-premises data centers?
Strata Cloud ManagerPolicy ManagementHybrid/Multi-CloudCentralized Security - Question #43Threat Prevention and Mitigation
What is the primary role of Advanced DNS Security in protecting against DNS-based threats?
DNS SecurityThreat PreventionMachine LearningMalware Protection - Question #44Monitoring and Troubleshooting GlobalProtect
Which two logging types help troubleshoot remote user access issues? (Choose two)
GlobalProtectLoggingTroubleshootingRemote Access - Question #45Traffic Inspection and Decryption
In SSL Forward Proxy, what role does the firewall play in handling encrypted traffic?
SSL Forward ProxySSL DecryptionCertificate AuthorityFirewall Security - Question #46Palo Alto Networks Cloud-Delivered Security Services
What ensures that CDSS services have the latest threat intelligence?
Cloud-Delivered Security ServicesThreat IntelligencePalo Alto NetworksSecurity Updates - Question #47Network Security Best Practices
Which of the following are considered best practices for network hardening on Palo Alto firewalls? (Choose two)
Network HardeningPalo Alto FirewallsSecurity PoliciesNetwork Segmentation - Question #48Security Operations and Management
Which two features are available in Strata Cloud Manager (SCM)? (Choose two)
Strata Cloud ManagerCloud Security ManagementAIOpsPalo Alto Networks - Question #49Implementing and Configuring Security Policies
Which two profile types are available in NGFW security policies? (Choose two)
NGFW Security PoliciesSecurity ProfilesAnti-SpywareFile Blocking - Question #50Understand Advanced Firewall Features and Application-Level Gateway (ALG) Operations
When a firewall acts as an application-level gateway (ALG), what does it require in order to establish a connection?
Firewall ALGsNetwork SecurityPort ManagementApplication Protocols