Palo Alto Networks NetSec-Generalist - Palo Alto Networks - Network Security Generalist Exam
Page: 1 / 12
Total 60 questions
Question #1 (Topic: Exam A)
Which Cloud-Delivered Security Services (CDSS) solution is required to configure and enable Advanced DNS Security?
A. Advanced WildFire
B. Enterprise SaaS Security
C. Advanced Threat Prevention
D. Advanced URL Filtering
Answer: C
Question #2 (Topic: Exam A)
Which statement best demonstrates a fundamental difference between Content-ID and traditional network security methods?
A. Content-ID inspects traffic at the application layer to provide real-time threat protection.
B. Content-ID focuses on blocking malicious IP addresses and ports.
C. Traditional methods provide comprehensive application layer inspection.
D. Traditional methods block specific applications using signatures.
Answer: A
Question #3 (Topic: Exam A)
Based on the image below, which source IP address will be seen in the data filtering logs of the Cloud NGFW for AWS with the default rulestack settings?
A. 10.1.1.3
B. 20.10.10.16
C. 20.10.10.15
D. 10.1.1.2
Answer: C
Question #4 (Topic: Exam A)
A network administrator is using DNAT to map two servers to one public IP address. Traffic will be directed to a specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and Host B (10.1.1.101) receives SSH traffic.
Which two sets of Security policy rules will accomplish this configuration? (Choose two.)
A. Source: Untrust (Any)
Destination: Untrust
Application(s): web-browsing
Action: allow B. Source: Untrust (Any)
Destination: Trust
Application(s): web-browsing, ssh
Action: allow C. Source: Untrust (Any)
Destination: DMZ
Application(s): web-browsing
Action: allow D. Source: Untrust (Any)
Destination: DMZ
Application(s): ssh
Action: allow
Destination: Untrust
Application(s): web-browsing
Action: allow B. Source: Untrust (Any)
Destination: Trust
Application(s): web-browsing, ssh
Action: allow C. Source: Untrust (Any)
Destination: DMZ
Application(s): web-browsing
Action: allow D. Source: Untrust (Any)
Destination: DMZ
Application(s): ssh
Action: allow
Answer: CD
Question #5 (Topic: Exam A)
Which two configurations are required when creating deployment profiles to migrate a perpetual VM-Series firewall to a flexible VM? (Choose two.)
A. Choose "Fixed vCPU Models" for configuration type.
B. Allocate the same number of vCPUs as the perpetual VM.
C. Deploy virtual Panorama for management.
D. Allow only the same security services as the perpetual VM.
Answer: AB
