Palo Alto Networks - Network Security Generalist v1.0

Page:    1 / 4   
Exam contains 60 questions
Expand All

How does Panorama improve reporting capabilities of an organization's next-generation firewall deployment?

  • A. By aggregating and analyzing logs from multiple firewalls
  • B. By automating all Security policy creations for multiple firewalls
  • C. By pushing out all firewall policies from a single physical appliance
  • D. By replacing the need for individual firewall deployment


Answer : A

What are two ways to create an App-ID for unknown applications? (Choose two.)

  • A. Provide a packet capture to Palo Alto Networks and request an App-ID.
  • B. Create a custom application by using signatures.
  • C. Create a security profile that maps the signature to the unknown application.
  • D. Use WildFire API to map signatures to the unknown application.


Answer : AB

A network security engineer wants to forward Strata Logging Service data to tools used by the Security Operations Center (SOC) for further investigation.
In which best practice step of Palo Alto Networks Zero Trust does this fit?

  • A. Implementation
  • B. Report and Maintenance
  • C. Map and Verify Transactions
  • D. Standards and Designs


Answer : B

When a user works primarily from a remote location but reports to the corporate office several times a month, what does GlobalProtect use to determine if the user should connect to an internal gateway?

  • A. ICMP ping to Panorama management interface
  • B. User login credentials
  • C. External host detection
  • D. Reverse DNS lookup of preconfigured host IP


Answer : C

After a Best Practice Assessment (BPA) is complete, it is determined that dynamic updates for Cloud-Delivered Security Services (CDSS) used by company branch offices do not match recommendations. The snippet used for dynamic updates is currently set to download and install updates weekly.
Knowing these devices have the Precision AI bundle, which two statements describe how the settings need to be adjusted in the snippet? (Choose two.)

  • A. Applications and threats should be updated daily.
  • B. Antivirus should be updated daily.
  • C. WildFire should be updated every five minutes.
  • D. URL filtering should be updated hourly.


Answer : AC

Which two pieces of information are needed prior to deploying server certificates from a trusted third-party certificate authority (CA) to GlobalProtect components? (Choose two.)

  • A. Encrypted private key and certificate (PKCS12)
  • B. Subject Alternative Name (SAN)
  • C. Certificate and key files
  • D. Passphrase for private key


Answer : BC

How many places will a firewall administrator need to create and configure a custom data loss prevention (DLP) profile across Prisma Access and the NGFW?

  • A. One
  • B. Two
  • C. Three
  • D. Four


Answer : A

Which Panorama centralized management feature allows native and third-party integrations to monitor VM-Series NGFW logs and objects?

  • A. Plugin
  • B. Template
  • C. Device Group
  • D. Log Forwarding profile


Answer : A

In conjunction with Advanced URL Filtering, which feature can be enabled after username-to-IP mapping is set up?

  • A. Host information profile (HIP)
  • B. Credential phishing prevention
  • C. Client probing
  • D. Indexed data matching


Answer : B

Which action must a firewall administrator take to incorporate custom vulnerability signatures into current Security policies?

  • A. Create custom objects.
  • B. Download WildFire updates.
  • C. Download threat updates.
  • D. Create custom policies.


Answer : D

Which two policies in Strata Cloud Manager (SCM) will ensure the personal data of employees remains private while enabling decryption for mobile users in Prisma Access? (Choose two.)

  • A. SSH Decryption
  • B. SSL Inbound Inspection
  • C. SSL Forward Proxy
  • D. No Decryption


Answer : CD

Why would an enterprise architect use a Zero Trust Network Access (ZTNA) connector instead of a service connection for private application access?

  • A. It controls traffic from the mobile endpoint to any of the organization's internal resources.
  • B. It functions as the attachment point for IPSec-based connections to remote site or branch networks.
  • C. It supports traffic sourced from on-premises or public cloud-based resources to mobile users and remote networks.
  • D. It automatically discovers private applications and suggests Security policy rules for them.


Answer : D

Which firewall attribute can an engineer use to simplify rule creation and automatically adapt to changes in server roles or security posture based on log events?

  • A. Dynamic Address Groups
  • B. Dynamic User Groups
  • C. Predefined IP addresses
  • D. Address objects


Answer : A

A company uses Prisma Access to provide secure connectivity for mobile users to access its corporate-sanctioned Google Workspace and wants to block access to all unsanctioned Google Workspace environments.
What would an administrator configure in the snippet to achieve this goal?

  • A. Dynamic Address Groups
  • B. Tenant restrictions
  • C. Dynamic User Groups
  • D. URL category


Answer : B

Which two cloud deployment high availability (HA) options would cause a firewall administrator to use Cloud NGFW? (Choose two.)

  • A. Automated autoscaling
  • B. Terraform to automate HA
  • C. Dedicated vNIC for HA
  • D. Deployed with load balancers


Answer : AD

Page:    1 / 4   
Exam contains 60 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy