Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. NetSec-Analyst

Free Palo Alto Networks NetSec-Analyst Exam Questions (page: 4)

Page 4 of 48
PDF with 372 Questions

Which interface does not require a MAC or IP address?

  1. Virtual Wire
  2. Layer3
  3. Layer2
  4. Loopback

Answer(s): A



A company moved its old port-based firewall to a new Palo Alto Networks NGFW 60 days ago.
Which utility should the company use to identify out-of-date or unused rules on the firewall?

  1. Rule Usage Filter > No App Specified
  2. Rule Usage Filter >Hit Count > Unused in 30 days
  3. Rule Usage Filter > Unused Apps
  4. Rule Usage Filter > Hit Count > Unused in 90 days

Answer(s): D



DRAG DROP (Drag and Drop is not supported)

Order the steps needed to create a new security zone with a Palo Alto Networks firewall.

  1. See Explanation for the Answer.

Answer(s): A

Explanation:

Step 1 ­ Select network tab

Step 2 ­ Select zones from the list of available items

Step 3 ­ Select Add

Step 4 ­ Specify Zone Name

Step 5 ­ Specify Zone Type

Step 6 ­ Assign interfaces as needed



What are two differences between an implicit dependency and an explicit dependency in App-ID? (Choose two.)

  1. An implicit dependency does not require the dependent application to be added in the security policy
  2. An implicit dependency requires the dependent application to be added in the security policy
  3. An explicit dependency does not require the dependent application to be added in the security policy
  4. An explicit dependency requires the dependent application to be added in the security policy

Answer(s): A,D



Recently changes were made to the firewall to optimize the policies and the security team wants to see if those changes are helping.

What is the quickest way to reset the hit counter to zero in all the security policy rules?

  1. At the CLI enter the command reset rules and press Enter
  2. Highlight a rule and use the Reset Rule Hit Counter > Selected Rules for each rule
  3. Reboot the firewall
  4. Use the Reset Rule Hit Counter > All Rules option

Answer(s): D



Which two App-ID applications will need to be allowed to use Facebook-chat? (Choose two.)

  1. facebook
  2. facebook-chat
  3. facebook-base
  4. facebook-email

Answer(s): B,C



Which User-ID agent would be appropriate in a network with multiple WAN links, limited network bandwidth, and limited firewall management plane resources?

  1. Windows-based agent deployed on the internal network
  2. PAN-OS integrated agent deployed on the internal network
  3. Citrix terminal server deployed on the internal network
  4. Windows-based agent deployed on each of the WAN Links

Answer(s): A

Explanation:

Another reason to choose the Windows agent over the integrated PAN-OS agent is to save processing cycles on the firewall's management plane.



Your company requires positive username attribution of every IP address used by wireless devices to support a new compliance requirement. You must collect IP ­to-user mappings as soon as possible with minimal downtime and minimal configuration changes to the wireless devices themselves. The wireless devices are from various manufactures.

Given the scenario, choose the option for sending IP-to-user mappings to the NGFW.

  1. syslog
  2. RADIUS
  3. UID redistribution
  4. XFF headers

Answer(s): A



Viewing page 4 of 48
Viewing questions 25 - 32 out of 372 questions



Post your Comments and Discuss Palo Alto Networks NetSec-Analyst exam prep with other Community members:

NetSec-Analyst Exam Discussions & Posts