Paloalto Networks NetSec-Generalist Übungsprüfungen
Zuletzt aktualisiert am 26.04.2025- Prüfungscode: NetSec-Generalist
- Prüfungsname: Palo Alto Networks Network Security Generalist
- Zertifizierungsanbieter: Paloalto Networks
- Zuletzt aktualisiert am: 26.04.2025
What is the most efficient way in Strata Cloud Manager (SCM) to apply a Security policy to all ten firewalls in one data center?
- A . Create the Security policy on each firewall individually.
- B . Set the configuration scope to "Global" and create the Security policy.
- C . Create the Security policy at any configuration scope, then clone it to the ten firewalls.
- D . Create a folder that groups the ten firewalls together, then create the Security policy at that configuration scope.
Which step is necessary to ensure an organization is using the inline cloud analysis features in its Advanced Threat Prevention subscription?
- A . Configure Advanced Threat Prevention profiles with default settings and only focus on high-risk traffic to avoid affecting network performance.
- B . Enable SSL decryption in Security policies to inspect and analyze encrypted traffic for threats.
- C . Update or create a new anti-spyware security profile and enable the appropriate local deep – learning models.
- D . Disable anti-spyware to avoid performance impacts and rely solely on external threat intelligence.
Which action must a firewall administrator take to incorporate custom vulnerability signatures into current Security policies?
- A . Create custom objects.
- B . Download WildFire updates.
- C . Download threat updates.
- D . Create custom policies.
In conjunction with Advanced URL Filtering, which feature can be enabled after usemame-to-IP mapping is set up?
- A . Host information profile (HIP)
- B . Credential phishing prevention
- C . Client probing
- D . Indexed data matching
At a minimum, which action must be taken to ensure traffic coming from outside an organization to the DMZ can access the DMZ zone for a company using private IP address space?
- A . Configure static NAT for all incoming traffic.
- B . Create NAT policies on post-NAT addresses for all traffic destined for DMZ.
- C . Configure NAT policies on the pre-NAT addresses and post-NAT zone.
- D . Create policies only for pre-NAT addresses and any destination zone.
A company has an ongoing initiative to monitor and control IT-sanctioned SaaS applications. To be successful, it will require configuration of decryption policies, along with data filtering and URL Filtering Profiles used in Security policies.
Based on the need to decrypt SaaS applications, which two steps are appropriate to ensure success? (Choose two.)
- A . Validate which certificates will be used to establish trust.
- B . Configure SSL Forward Proxy.
- C . Create new self-signed certificates to use for decryption.
- D . Configure SSL Inbound Inspection.
Which two content updates can be pushed to next-generation firewalls from Panorama? (Choose two.)
- A . GlobalProtect data file
- B . WildFire
- C . Advanced URL Filtering
- D . Applications and threats
Which two configurations are required when creating deployment profiles to migrate a perpetual VM-Series firewall to a flexible VM? (Choose two.)
- A . Choose "Fixed vCPU Models" for configuration type.
- B . Allocate the same number of vCPUs as the perpetual VM.
- C . Deploy virtual Panorama for management.
- D . Allow only the same security services as the perpetual VM.
When a user works primarily from a remote location but reports to the corporate office several times a month, what does GlobalProtect use to determine if the user should connect to an internal gateway?
- A . ICMP ping to Panorama management interface
- B . User login credentials
- C . External host detection
- D . Reverse DNS lookup of preconfigured host IP
What is the primary role of Advanced DNS Security in protecting against DNS-based threats?
- A . It replaces traditional DNS servers with more reliable and secure ones.
- B . It centralizes all DNS management and simplifies policy creation.
- C . It automatically redirects all DNS traffic through encrypted tunnels.
- D . It uses machine learning (ML) to detect and block malicious domains in real-time.