NETSEC-GENERALIST Question #47: Real Exam Question with Answer & Explanation

The correct answer is B: Use User-ID and Device-ID-based policies. User-ID and Device-ID-Based Policies Granular Control: Policies tied to users/devices (not just IPs) enforce least-privilege access. Dynamic Security: Allows role-based access control (e.g., contractors vs. employees). Segment Networks Using Zones Attack Surface Reduction: Isolat

Network Security Best Practices

Question

Which of the following are considered best practices for network hardening on Palo Alto firewalls? (Choose two)

Options

AEnable unused administrative interfaces
BUse User-ID and Device-ID-based policies
CDisable logging
DSegment networks using zones

Explanation

User-ID and Device-ID-Based Policies Granular Control: Policies tied to users/devices (not just IPs) enforce least-privilege access. Dynamic Security: Allows role-based access control (e.g., contractors vs. employees). Segment Networks Using Zones Attack Surface Reduction: Isolates traffic (e.g., DMZ, internal LANs) to limit lateral movement. Simplified Policies: Rules are applied between zones (e.g., "Untrusted" → "DMZ" only for HTTP).

Topics

#Network Hardening#Palo Alto Firewalls#Security Policies#Network Segmentation

Community Discussion

No community discussion yet for this question.

Full NETSEC-GENERALIST Practice Browse All NETSEC-GENERALIST Questions