Palo Alto Networks Certified Network Security Analyst v1.0

Page:    1 / 4   
Exam contains 50 questions
Expand All

Following a configuration change, the management interface of a PA-Series NGFW becomes unreachable, and no data plane interface is configured with a management profile.
Which troubleshooting step will help identify recent changes?

  • A. Log into an alternate management port and review the commit history via the PAN-OS GUI to pinpoint changes affecting the management interface.
  • B. Access the device via the serial console and use the CLI command show config diff to compare the running configuration with a saved backup.
  • C. Access the device via the serial console and use the CLI command show config audit info to identify recent configuration changes.
  • D. Export a named configuration snapshot and compare it manually using a text editor from the remote management portal.


Answer : C

Which aspect of a network’s current health does the Strata Cloud Manager (SCM) Device Health dashboard provide?

  • A. Health trends based on which CVEs are not remediated.
  • B. Health score based on current physical hardware issues detected.
  • C. Health score based on security profile feature adoption.
  • D. Health trends for firewalls filtered by how long the issue has been experienced.


Answer : C

After a new firewall is added and connected to Panorama, an attempt to push the template configuration encounters the error "template configuration administratively disabled."
What must be done to resolve this error?

  • A. On Panorama, under the Panorama tab → Administrators, verify that the account has the permission to change template configurations.
  • B. On Panorama, under the Panorama tab → Templates, ensure the firewall is selected under the template stack.
  • C. On the firewall, under Commit Locks, check that no commit is locked by another administrator.
  • D. On the firewall, under Device tab → Setup → Panorama Settings, confirm that the device and network template are enabled.


Answer : D

Which log type should be checked first using Log Viewer when a user reports being unable to access a specific website?

  • A. Firewall/URL
  • B. Firewall/Traffic
  • C. Firewall/Threat
  • D. Firewall/DNS Security


Answer : B

What is the most granular method for ensuring that traffic to a firewall’s public IP address on the public interface is translated to the private IP address of the web server?

  • A. Create one NAT policy, ensure the policy has original packet destination IP as the public IP address and translated packet destination IP as the private IP address, and mark Bi-directional as "Yes."
  • B. Create one NAT policy, set the source address to the public IP address and destination address to the private IP address, and ensure Bi-directional is checked.
  • C. Create two static NAT policies, ensure one policy has original packet destination IP as the public IP address and translated packet destination IP as the private IP address, ensure the other policy has original packet source IP as the private IP address and the translated packet source IP as the public IP address.
  • D. Create one NAT policy, ensure the policy has original packet source IP as the private IP address and the translated packet source IP as the public IP address, and mark Bi-directional as "Yes."


Answer : A

What are two valid pattern types in a Data Filtering profile? (Choose two.)

  • A. Custom Dictionary
  • B. Proximity Pattern
  • C. File Properties
  • D. Regular Expression


Answer : BD

A security manager asks for automated guidance on several OS security advisories released by Palo Alto Networks.
Which steps can be taken on Strata Cloud Manager (SCM) to respond to the request?

  • A. Insights → Activity Insights → Threats, add a filter for threat category, review the logs, generate a weekly report.
  • B. Dashboard → PAN-OS CVEs, select the CVEs to review, generate upgrade recommendations.
  • C. Insights → Application Experience → Application Domains, add a filter for usage source, generate a weekly report.
  • D. Dashboard → Security Posture Insights, set time range to past 90 days, look at regressing scores in particular, generate a weekly report.


Answer : B

Which CLI command will provide an overview of the CPU resources consumed by the data plane of a Palo Alto Networks firewall?

  • A. show system state
  • B. show system resources
  • C. show running resource-monitor
  • D. show running statistics


Answer : C

A malware incident involving compromised internal hosts communicating with a command-and-control (C2) server has been resolved. In response, the C2 IP address is blocked.
Which two actions using the Log Viewer will ensure the incident has been fully mitigated? (Choose two.)

  • A. Build and save a custom filter based on the affected endpoints and continue to monitor for suspicious traffic from the endpoints.
  • B. Review the authentication alerts on the affected devices.
  • C. Review the audit alerts and check for integrity protection alerts on the affected devices.
  • D. Continue to monitor for traffic going to the C2 server's IP address.


Answer : AD

Two unique IP addresses are flooding a company website with SYN flood packets and causing slow performance.
What is the most efficient method using DoS Protection profiles to mitigate this attack and minimize disruption to legitimate traffic?

  • A. Apply a classified DoS Protection profile to limit the number of SYN packets from the identified IP addresses. Set the action to SYN Cookies.
  • B. Apply an aggregate DoS Protection profile to limit the number of SYN packets from the identified IP addresses. Set the action to SYN Cookies.
  • C. Apply a classified DoS Protection profile to limit the number of SYN packets from the identified IP addresses Set the action to Random Early Drop.
  • D. Apply an aggregate DoS Protection profile to limit the number of SYN packets from the identified IP addresses. Set the action to Random Early Drop.


Answer : A

A firewall analyst must enforce HIP checks using previously created HIP profiles.
Where in the relevant Security policy rule does the analyst add the HIP profile for remote users?

  • A. Source device
  • B. Source address
  • C. Source user
  • D. Actions


Answer : A

A firewall administrator implementing Palo Alto Networks best practices on the company firewall reviews NGFW alerts in Strata Cloud Manager (SCM) and determines that one alert does not apply to this environment.
If the administrator has no intention to resolve the underlying issue, what is the appropriate next step?

  • A. Click "Copilot” in the top right, and ask the Copilot to make an exception for the NGFW alert.
  • B. Change the NGFW alert priority to "Not Set."
  • C. Assign the NGFW alert to the "Dismiss" user.
  • D. Open the NGFW alert and click "Suppress" under "Actions."


Answer : D

What is a benefit of using Strata Cloud Manager (SCM) snippets in Security policy deployment?

  • A. They eliminate the need for any manual configuration to Security policies.
  • B. They enable real-time firewall monitoring for network anomalies.
  • C. They allow reusable policy components that can be applied to multiple firewalls and folders.
  • D. They automatically adjust firewall configurations based on traffic patterns.


Answer : C

A Palo Alto Networks NGFW for a high-security environment is being configured and requires a security profile group that includes vulnerability protection.
When configuring the action based on the severity of the threat types, what does Palo Alto Networks recommend?

  • A. Use action "allow" for critical high, and medium vulnerabilities.
  • B. Use action "alert" for critical, high, and medium vulnerabilities.
  • C. Use action "default" for critical, high, and medium vulnerabilities.
  • D. Use action "reset-both" for critical, high, and medium vulnerabilities.


Answer : C

What is the order of processing when both Policy Based Forwarding (PBF) policies and routing table entries are involved?

  • A. The firewall evaluates the routing table that is using the longest prefix match and then applies any matching PBF rule to override the next-hop.
  • B. The firewall evaluates PBF policies first; if a packet matches a PBF rule, the specified next-hop in that rule overrides the routing table.
  • C. The firewall performs a simultaneous evaluation of both PBF policies and the routing table, and then it chooses the route with the lowest metric.
  • D. The firewall evaluates static routes, then dynamic routes, and then it applies PBF policies to adjust the next-hop.


Answer : B

Page:    1 / 4   
Exam contains 50 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy