C Certs Club
Home
Oracle SAP Microsoft Cisco CompTIA Fortinet Salesforce Nutanix Linux Foundation Amazon View All Vendors →
Login Register

Palo Alto Networks NetSec-Pro - Palo Alto Networks Certified Network Security Professional Certification Exam

Download Exam View Entire Exam
Page: 2 / 2
Question #6 (Topic: Demo Questions)

What statuses may appear when devices are added to the controller’s Devices inventory list?

A.
Unclaimed indicates that the device is available in the inventory, but has not been claimed.
B.
Offline indicates that the device is not yet communicating with the Prisma SD-WAN controller.
C.
Online-Restricted means that the device is communicating with the Prisma SD-WAN controller, but has not yet been claimed.
D.
Decommissioned indicates that the device is permanently deleted from the controller.
Correct Answer: A, B, C
Explanation:
Prisma SD-WAN device inventory can show statuses such as Unclaimed , Offline , and Online-Restricted to indicate onboarding and communication state.

[Reference:https://docs.paloaltonetworks.com/prisma-sd-wan/, ]
Question #7 (Topic: Demo Questions)

Which component of NGFW is supported in active/passive design but not in active/active design?

A.
Single floating IP address
B.
Using a DHCP client
C.
Route-based redundancy
D.
Configuring ARP load-sharing on Layer 3
Correct Answer: A
Explanation:
Single floating IP address (also known as a floating IP or shared IP) is supported only in an active/passive HA pair. In active/active HA, both firewalls are forwarding traffic simultaneously and thus do not share a single floating IP.
“In active/passive HA, a single floating IP address is used for seamless failover. Active/active HA requires separate IP addresses and does not support a single floating IP.”
(Source: Active/Passive vs. Active/Active HA)
This simplifies failover in active/passive deployments by using a single shared IP that moves to the active peer upon failover.
Question #8 (Topic: Demo Questions)

Which two security services are required for configuration of NGFW Security policies to protect against malicious and misconfigured domains? (Choose two.)

A.
Advanced Threat Prevention
B.
SaaS Security
C.
Advanced WildFire
D.
Advanced DNS Security
Correct Answer: A, D
Explanation:
Protecting against malicious and misconfigured domains requires two critical services:
Advanced Threat Prevention
Provides signature-based and advanced analysis to identify threats, including DNS-based attacks.
“Advanced Threat Prevention enables the NGFW to detect and prevent exploits and malware-based communications, including those leveraging DNS.”
(Source: Advanced Threat Prevention)
Advanced DNS Security
Specifically designed to detect and sinkhole malicious and misconfigured DNS queries.
“DNS Security uses real-time intelligence to block DNS-based threats, protect against data exfiltration, and automatically sinkhole suspicious domain lookups.”
(Source: DNS Security)
By combining these services in security policies, NGFWs ensure robust protection against domain-based threats and misconfigurations.
Download Exam
« Prev Page: 2 / 2
Next Page