Palo Alto Networks NetSec-Generalist - Palo Alto Networks - Network Security Generalist Exam
Page: 2 / 12
Total 60 questions
Question #6 (Topic: Exam A)
What is the primary role of Advanced DNS Security in protecting against DNS-based threats?
A. It replaces traditional DNS servers with more reliable and secure ones.
B. It centralizes all DNS management and simplifies policy creation.
C. It automatically redirects all DNS traffic through encrypted tunnels.
D. It uses machine learning (ML) to detect and block malicious domains in real-time.
Answer: D
Question #7 (Topic: Exam A)
When a firewall acts as an application-level gateway (ALG), what does it require in order to establish a connection?
A. Pinholes
B. Dynamic IP and Port (DIPP)
C. Session Initiation Protocol (SIP)
D. Payload
Answer: A
Question #8 (Topic: Exam A)
In which mode should an ION device be configured at a newly acquired site to allow site traffic to be audited without steering traffic?
A. Access
B. Control
C. Disabled
D. Analytics
Answer: D
Question #9 (Topic: Exam A)
A company has an ongoing initiative to monitor and control IT-sanctioned SaaS applications. To be successful, it will require configuration of decryption policies, along with data filtering and URL Filtering Profiles used in Security policies.
Based on the need to decrypt SaaS applications, which two steps are appropriate to ensure
success? (Choose two.)
Based on the need to decrypt SaaS applications, which two steps are appropriate to ensure
success? (Choose two.)
A. Validate which certificates will be used to establish trust.
B. Configure SSL Forward Proxy.
C. Create new self-signed certificates to use for decryption.
D. Configure SSL Inbound Inspection.
Answer: AB
Question #10 (Topic: Exam A)
A firewall administrator wants to segment the network traffic and prevent noncritical assets from being able to access critical assets on the network.
Which action should the administrator take to ensure the critical assets are in a separate zone from the noncritical assets?
Which action should the administrator take to ensure the critical assets are in a separate zone from the noncritical assets?
A. Create a deny Security policy with "any" set for both the source and destination zones.
B. Create an allow Security policy with "any" set for both the source and destination zones.
C. Logically separate physical and virtual interfaces to control the traffic that passes across the interface.
D. Assign a single interface to multiple security zones.
Answer: C
