Palo Alto Networks NetSec-Architect - Palo Alto Networks Network Security Architect Exam
Page: 1 / 9
Total 45 questions
Question #1 (Topic: Exam A)
A technology company is deploying its own AI applications on a Google Kubernetes Engine (GKE) cluster. The development team is concerned about protecting the complex, microservices-based AI stack from both internal and external threats: such as data poisoning and lateral movement between containerized components.
Which solution should be proposed to address these concerns?
Which solution should be proposed to address these concerns?
A. AI Access Security with Advanced URL Filtering
B. AI Access Security with App-ID Cloud Engine
C. Prisma AIRS Network Intercept
D. Prisma AIRS API Intercept
Answer: C
Question #2 (Topic: Exam A)
An architect is reviewing a use case with the following requirements:
Visibility on the health of an end user's path for the five most critical applications
Metrics on the impact of endpoint health for application
Centralized call quality analytics from Zoom video conferencing solution
Insights into the supporting protocols, such as DNS
Support 600 users on Windows desktops in a single sales office
Which solution should be recommended to meet these requirements?
Visibility on the health of an end user's path for the five most critical applications
Metrics on the impact of endpoint health for application
Centralized call quality analytics from Zoom video conferencing solution
Insights into the supporting protocols, such as DNS
Support 600 users on Windows desktops in a single sales office
Which solution should be recommended to meet these requirements?
A. Remote networks with ADEM enabled and an ION device
B. GlobalProtect with a Prisma Access portal configured and ADEM enabled
C. Prisma SD-WAN using the native application dashboard and link quality monitoring
D. Prisma Browser or the Prisma Browser extension with RUM metrics
Answer: A
Question #3 (Topic: Exam A)
A large organization uses Palo Alto Networks VM-Series firewalls deployed across multiple availability zones in Microsoft Azure. These are managed by an Azure Virtual Machine Scale Set (VMSS) and integrated with an Azure Load Balancer for high availability (HA) traffic inspection within a Transit VNet.
The security team needs to perform a critical PAN-OS software upgrade across the entire fleet of firewalls with the requirement of minimal application downtime.
Following Palo Alto Networks best practices for highly available cloud deployments, what is the recommended approach for safely performing this software upgrade with the least downtime?
The security team needs to perform a critical PAN-OS software upgrade across the entire fleet of firewalls with the requirement of minimal application downtime.
Following Palo Alto Networks best practices for highly available cloud deployments, what is the recommended approach for safely performing this software upgrade with the least downtime?
A. Update the image in an Azure VMSS and then initiate an upgrade of the instances
B. Configure Azure Load Balancer probes to handle the health check failover during upgrades
C. Provision a new, parallel VMSS with the new PAN-OS version, validate it, and redirect traffic from the old VMSS to the new one
D. Use Azure Update Manager to push the PAN-OS upgrade package directly to all firewall instances simultaneously during a scheduled maintenance window
Answer: C
Question #4 (Topic: Exam A)
A global organization has fully adopted Prisma Access to provide security for its mobile workforce and remote offices, and user identity is managed in Okta. The security team wants to create consistent Security policies that grant access to specific SaaS applications based on a users' departments, regardless of whether they work from home or a from branch office connected via an SD-WAN device
Which architecture ensures that consistent user-to-group mapping is available to Prisma Access for policy enforcement in this use case?
Which architecture ensures that consistent user-to-group mapping is available to Prisma Access for policy enforcement in this use case?
A. Install the Palo Alto Networks User-ID agent and configure it to sync user information from Okta to Prisma Access
B. Deploy Panorama to manage Prisma Access and configure it to pull user and group information from Okta via the Cloud Identity Engine
C. Configure SAML federation between Prisma Access and Okta to provide user identity for every web request
D. Configure each remote office SD-WAN device and each user’s GlobalProtect client to query Okta directly for user information
Answer: B
Question #5 (Topic: Exam A)
An organization wants to migrate to an SSE model using Prisma Access for hybrid workforce connectivity. Following bandwidth analysis, network engineers have identified high-bandwidth requirements (>2 Gbps) sustained throughput to the data center for privately hosted applications (e.g., three tier applications active FTP and SMB file servers, EDR toolsets).
Business continuity for the organization requires the ability to use multiple cloud providers for private-application connectivity, ensuring no single cloud provider outage can disrupt operations. The network operations team has expressed concerns about migrating to SSE with legacy routing technical debt noting multiple redistribution protocols in place across the environment.
Which two network connectivity methods will meet the business requirements to access private applications from Prisma Access? (Choose two.)
Business continuity for the organization requires the ability to use multiple cloud providers for private-application connectivity, ensuring no single cloud provider outage can disrupt operations. The network operations team has expressed concerns about migrating to SSE with legacy routing technical debt noting multiple redistribution protocols in place across the environment.
Which two network connectivity methods will meet the business requirements to access private applications from Prisma Access? (Choose two.)
A. ZTNA Connectors
B. Colo-Connect
C. Cloud gateways
D. Service connections
Answer: BD
