Palo Alto Networks NetSec-Pro - Palo Alto Networks Certified Network Security Professional Certification Exam
Question #1 (Topic: Demo Questions)
Using Prisma Access, which solution provides the most security coverage of network protocols for the mobile workforce?
Correct Answer: B
Explanation:
Client-based VPN solutions like Global Protect provide full coverage for the mobile workforce by extending the enterprise security stack to remote endpoints. It establishes a secure tunnel, allowing consistent security policies across the enterprise perimeter and the mobile workforce. “Global Protect is a client-based VPN that provides secure, consistent protection for mobile users by extending the security capabilities of Prisma Access to remote endpoints, covering all network protocols.” (Source: Global Protect Admin Guide)
Question #2 (Topic: Demo Questions)
Which two tools can be used to configure Cloud NGFWs for AWS? (Choose two.)
Correct Answer: C, D
Explanation:
Cloud NGFW for AWS can be configured using Panorama for centralized management, as well as the AWS management console for native integration and configuration. “You can configure Cloud NGFW for AWS using Panorama for centralized security management, or directly through the AWS management console to deploy and manage security services for your AWS resources.” (Source: Cloud NGFW for AWS Guide)
Question #3 (Topic: Demo Questions)
In which two applications can Prisma Access threat logs for mobile user traffic be reviewed? (Choose two.)
Correct Answer: B, C
Explanation:
Threat logs for Prisma Access mobile users can be reviewed in both Strata Cloud Manager (SCM) and Strata Logging Service. Prisma Cloud and service connection firewalls are not directly tied to mobile user traffic logs. “Prisma Access logs are available in the Strata Cloud Manager and can also be sent to the Strata Logging Service for detailed analysis and threat visibility.” (Source: Prisma Access Administration Guide)
Question #4 (Topic: Demo Questions)
Where can you view the block logs when upload of a PE file is restricted?
Correct Answer: C
Explanation:
When uploads are blocked by a Data Filtering profile, the firewall records the event in Data Filtering logs .
When uploads are blocked by a Data Filtering profile, the firewall records the event in Data Filtering logs .
[Reference:https://docs.paloaltonetworks.com/pan-os/, ]
Question #5 (Topic: Demo Questions)
Which set of attributes is used by IoT Security to identify and classify appliances on a network when determining Device-ID?
Correct Answer: B
Explanation:
IoT Security uses MAC address , device manufacturer , and OS information to identify and classify devices via Device-ID.