Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
All Vendors
  2. Home
  3. Exams
  4. Palo Alto Networks
  5. NetSec-Analyst

Free Palo Alto Networks NetSec-Analyst Exam Questions (page: 8)

Page 8 of 48
PDF with 372 Questions

Which statement is true regarding a Prevention Posture Assessment?

  1. The Security Policy Adoption Heatmap component filters the information by device groups, serial numbers, zones, areas of architecture, and other categories
  2. It provides a set of questionnaires that help uncover security risk prevention gaps across all areas of network and security architecture
  3. It provides a percentage of adoption for each assessment area
  4. It performs over 200 security checks on Panorama/firewall for the assessment

Answer(s): B



Which five Zero Trust concepts does a Palo Alto Networks firewall apply to achieve an integrated approach to prevent threats? (Choose five.)

  1. User identification
  2. Filtration protection
  3. Vulnerability protection
  4. Antivirus
  5. Application identification
  6. Anti-spyware

Answer(s): A,C,D,E,F



The PowerBall Lottery has reached a high payout amount and a company has decided to help employee morale by allowing employees to check the number, but doesn't want to unblock the gambling URL category.

Which two methods will allow the employees to get to the PowerBall Lottery site without the company unlocking the gambling URL category? (Choose two.)

  1. Add all the URLs from the gambling category except powerball.com to the block list and then set the action for the gambling category to allow.
  2. Manually remove powerball.com from the gambling URL category.
  3. Add *.powerball.com to the allow list
  4. Create a custom URL category called PowerBall and add *.powerball.com to the category and set the action to allow.

Answer(s): C,D



Which service protects cloud-based applications such as Dropbox and Salesforce by administering permissions and scanning files for sensitive information?

  1. Aperture
  2. AutoFocus
  3. Parisma SaaS
  4. GlobalProtect

Answer(s): C



Which administrator receives a global notification for a new malware that infects hosts. The infection will result in the infected host attempting to contact and command-and-control (C2) server.

Which security profile components will detect and prevent this threat after the firewall`s signature database has been updated?

  1. antivirus profile applied to outbound security policies
  2. data filtering profile applied to inbound security policies
  3. data filtering profile applied to outbound security policies
  4. vulnerability profile applied to inbound security policies

Answer(s): C



Which update option is not available to administrators?

  1. New Spyware Notifications
  2. New URLs
  3. New Application Signatures
  4. New Malicious Domains
  5. New Antivirus Signatures

Answer(s): B



A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone.
What configuration-changes should the Firewall-admin make?

  1. Create a custom-service-object called SERVICE-SSH for destination-port-TCP-22. Create a security- rule between zone USERS and OUTSIDE to allow traffic from any source IP-address to any destination IP-address for SERVICE-SSH
  2. Create a security-rule that allows traffic from zone USERS to OUTSIDE to allow traffic from any source IP-address to any destination IP-address for application SSH
  3. In addition to option a, a custom-service-object called SERVICE-SSH-RETURN that contains source- port-TCP-22 should be created. A second security-rule is required that allows traffic from zone OUTSIDE to USERS for SERVICE-SSH-RETURN for any source-IP-address to any destination-Ip-address
  4. In addition to option c, an additional rule from zone OUTSIDE to USERS for application SSH from any source-IP-address to any destination-IP-address is required to allow the return-traffic from the SSH-servers to reach the server-admin

Answer(s): B



How often does WildFire release dynamic updates?

  1. every 5 minutes
  2. every 15 minutes
  3. every 60 minutes
  4. every 30 minutes

Answer(s): A



Viewing page 8 of 48
Viewing questions 57 - 64 out of 372 questions



Post your Comments and Discuss Palo Alto Networks NetSec-Analyst exam prep with other Community members:

NetSec-Analyst Exam Discussions & Posts