Summer Sale- Special Discount Limited Time 65% Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

Paloalto Networks NetSec-Pro Palo Alto Networks Network Security Professional Exam Practice Test

Page: 1 / 6
Total 60 questions

Palo Alto Networks Network Security Professional Questions and Answers

Question 1

When a firewall acts as an application-level gateway (ALG), what does it require in order to establish a connection?

Options:

A.

Dynamic IP and Port (DIPP)

B.

Payload

C.

Session Initiation Protocol (SIP)

D.

Pinholes

Question 2

Which set of attributes is used by IoT Security to identify and classify appliances on a network when determining Device-ID?

Options:

A.

IP address, network traffic patterns, and device type

B.

MAC address, device manufacturer, and operating system

C.

Hostname, application usage, and encryption method

D.

Device model, firmware version, and user credential

Question 3

How does a firewall behave when SSL Inbound Inspection is enabled?

Options:

A.

It acts transparently between the client and the internal server.

B.

It decrypts inbound and outbound SSH connections.

C.

It decrypts traffic between the client and the external server.

D.

It acts as meddler-in-the-middle between the client and the internal server.

Question 4

Using Prisma Access, which solution provides the most security coverage of network protocols for the mobile workforce?

Options:

A.

Explicit proxy

B.

Client-based VPN

C.

Enterprise browser

D.

Clientless VPN

Question 5

A company has an ongoing initiative to monitor and control IT-sanctioned SaaS applications. To be successful, it will require configuration of decryption policies, along with data filtering and URL Filtering Profiles used in Security policies. Based on the need to decrypt SaaS applications, which two steps are appropriate to ensure success? (Choose two.)

Options:

A.

Configure SSL Forward Proxy.

B.

Validate which certificates will be used to establish trust.

C.

Configure SSL Inbound Inspection.

D.

Create new self-signed certificates to use for decryption.

Question 6

What is a necessary step for creation of a custom Prisma Access report on Strata Cloud Manager (SCM)?

Options:

A.

Open a support ticket.

B.

Set up Cloud Identity Engine.

C.

Generate a PDF summary report.

D.

Configure a dashboard.

Question 7

Which procedure is most effective for maintaining continuity and security during a Prisma Access data plane software upgrade?

Options:

A.

Back up configurations, schedule upgrades during off-peak hours, and use a phased approach rather than attempting a network-wide rollout.

B.

Use Strata Cloud Manager (SCM) to perform dynamic upgrades automatically and simultaneously across all locations at once to ensure network-wide uniformity.

C.

Disable all security features during the upgrade to prevent conflicts and re-enable them after completion to ensure a smooth rollout process.

D.

Perform the upgrade during peak business hours, quickly address any user-reported issues, and ensure immediate troubleshooting post-rollout.

Question 8

What are two recommendations to ensure secure and efficient connectivity across multiple locations in a distributed enterprise network? (Choose two.)

Options:

A.

Use Prisma Access to provide secure remote access for branch users.

B.

Employ centralized management and consistent policy enforcement across all locations.

C.

Create broad VPN policies for contractors working at branch locations.

D.

Implement a flat network design for simplified network management and reduced overhead.

Question 9

A cloud security architect is designing a certificate management strategy for Strata Cloud Manager (SCM) across hybrid environments. Which practice ensures optimal security with low management overhead?

Options:

A.

Deploy centralized certificate automation with standardized protocols and continuous monitoring.

B.

Implement separate certificate authorities with independent validation rules for each cloud environment.

C.

Configure manual certificate deployment with quarterly reviews and environment-specific security protocols.

D.

Use cloud provider default certificates with scheduled synchronization and localized renewal processes.

Question 10

What is the recommended upgrade path from PAN-OS 9.1 to PAN-OS 11.2?

Options:

A.

9.1 → 11.0 → 11.2

B.

9.1 → 10.0 → 11.

C.

9.1 → 11.

D.

9.1 → 10.0 → 11.2

Question 11

Which two features can a network administrator use to troubleshoot the issue of a Prisma Access mobile user who is unable to access SaaS applications? (Choose two.)

Options:

A.

SaaS Application Risk Portal

B.

Capacity Analyzer

C.

GlobalProtect logs

D.

Autonomous Digital Experience Manager (ADEM) console

Question 12

What must be configured to successfully onboard a Prisma Access remote network using Strata Cloud Manager (SCM)?

Options:

A.

Cloud Identity Engine

B.

Autonomous Digital Experience Manager (ADEM)

C.

GlobalProtect agent

D.

IPSec termination node

Question 13

Which two content updates can be pushed to next-generation firewalls from Panorama? (Choose two.)

Options:

A.

Advanced URL Filtering

B.

Applications and threats

C.

WildFire

D.

GlobalProtect data file

Question 14

How can a firewall administrator block a list of 300 unique URLs in the most time-efficient manner?

Options:

A.

Use application filters to block the App-IDs.

B.

Use application groups to block the App-IDs.

C.

Import the list into a custom URL category.

D.

Block multiple predefined URL categories.

Question 15

Which two security services are required for configuration of NGFW Security policies to protect against malicious and misconfigured domains? (Choose two.)

Options:

A.

Advanced Threat Prevention

B.

SaaS Security

C.

Advanced WildFire

D.

Advanced DNS Security

Question 16

Which step is necessary to ensure an organization is using the inline cloud analysis features in its Advanced Threat Prevention subscription?

Options:

A.

Disable anti-spyware to avoid performance impacts and rely solely on external threat intelligence.

B.

Enable SSL decryption in Security policies to inspect and analyze encrypted traffic for threats.

C.

Update or create a new anti-spyware security profile and enable the appropriate local deep learning models.

D.

Configure Advanced Threat Prevention profiles with default settings and only focus on high-risk traffic to avoid affecting network performance.

Question 17

Which two types of logs must be forwarded to Strata Logging Service for IoT Security to function? (Choose two.)

Options:

A.

WildFire

B.

Enhanced application

C.

Threat

D.

URL Filtering

Question 18

Which two prerequisites must be evaluated when decrypting internet-bound traffic? (Choose two.)

Options:

A.

RADIUS profile

B.

Incomplete certificate chains

C.

Certificate pinning

D.

SAML certificate

Page: 1 / 6
Total 60 questions