Palo Alto Networks Network Security Analyst PDF Dumps

Prévia do material em texto

Download Valid NetSec Analyst Exam Dumps for Best Preparation
1 / 4
Exam : NetSec Analyst
Title :
https://www.passcert.com/NetSec-Analyst.html
Palo Alto Networks Network
Security Analyst
Download Valid NetSec Analyst Exam Dumps for Best Preparation
2 / 4
1.Which two components can be combined into a Security Profile Group for easier policy application?
A. Antivirus
B. Application Override
C. Anti-Spyware
D. Authentication Policy
Answer: A, C
Explanation:
Security Profile Groups allow administrators to bundle profiles like Antivirus, Anti-Spyware, Vulnerability
Protection, URL Filtering, and File Blocking. This ensures consistent enforcement across rules without
assigning profiles individually. Application Override and Authentication Policy are separate constructs, not
security profiles.
2.A Security Profile is applied to a policy rule.
At what stage of traffic processing is the profile enforced?
A. After routing decision
B. Before session creation
C. After App-ID and Content-ID inspection
D. During NAT translation
Answer: C
Explanation:
Security Profiles are enforced after App-ID and Content-ID inspection. This ensures that signatures, URL
filtering, or anti-malware checks apply only after the application is correctly identified. NAT and routing
decisions occur earlier, so profiles cannot be applied at those stages.
3.Which two security profiles would you configure to detect command-and-control traffic?
A. URL Filtering
B. Anti-Spyware
C. Antivirus
D. Data Filtering
Answer: A, B
Explanation:
Command-and-control traffic is often associated with malicious domains or IPs. Anti-Spyware detects C2
signatures, while URL Filtering blocks access to known malicious categories. Antivirus focuses on
malware payloads, and Data Filtering handles sensitive information rather than C2 detection.
4.When creating a decryption profile, which two checks can be enforced on SSL/TLS traffic?
A. Block expired certificates
B. Restrict key exchange algorithms
C. Enforce file blocking
D. Detect brute-force login attempts
Answer: A, B
Explanation:
Decryption profiles define how SSL/TLS traffic is handled. Administrators can enforce certificate validity
checks and restrict weak algorithms to prevent unsafe encryption. File blocking and brute-force detection
Download Valid NetSec Analyst Exam Dumps for Best Preparation
3 / 4
are handled by other security profiles, not decryption profiles.
5.Which of the following describes an External Dynamic List (EDL)?
A. A static IP list imported from Panorama
B. A firewall-managed list of local subnets
C. A dynamic list retrieved from an external source
D. A custom log forwarding filter
Answer: C
Explanation:
An EDL allows firewalls to consume IPs, URLs, or domains from external threat feeds in real time. This
provides flexibility in blocking malicious indicators without manual updates. Unlike static lists, EDLs
refresh periodically from defined sources.
6.Which two object types can be defined within an External Dynamic List (EDL)?
A. FQDN
B. IP Address
C. Custom Data Patterns
D. URL
Answer: B, D
Explanation:
EDLs support IP addresses, URLs, and domain-based indicators. They are highly useful for integrating
with threat intelligence feeds. FQDN objects and custom data patterns are managed separately and
cannot be directly used in an EDL.
7.You need to create a custom object to block access to “gambling” websites not included in default
categories.
What type of custom object would you configure?
A. Application Override
B. Custom URL Category
C. Security Profile Group
D. Data Pattern
Answer: B
Explanation:
Custom URL categories let administrators define site lists outside PAN-DB’s predefined categories. This
ensures that specific business-defined URLs can be blocked or allowed. Data Patterns are used for DLP,
not web traffic classification.
8.Which two actions can be taken when applying a custom URL category to a policy?
A. Alert
B. Drop
C. Allow
D. Encrypt
Answer: A, C
Explanation:
Download Valid NetSec Analyst Exam Dumps for Best Preparation
4 / 4
Custom URL categories can be enforced through security policy actions like allow, block, or alert.
Encryption is handled by decryption policies, not URL filtering. Drop is not a direct action in URL
filtering but rather a firewall packet action.
9.Which feature allows administrators to forward firewall logs to an external SIEM solution?
A. Log Forwarding Profile
B. Decryption Profile
C. Data Filtering Profile
D. Custom Object
Answer: A
Explanation:
Log Forwarding Profiles define which log types (traffic, threat, system, etc.) are forwarded to external
destinations like SIEMs or syslog servers. This is critical for centralized monitoring. Decryption and Data
Filtering profiles serve different purposes.
10.When configuring a Log Forwarding Profile, which two destinations can be selected?
A. Email Server
B. SNMP Manager
C. Panorama
D. DNS Server
Answer: A, C
Explanation:
Log Forwarding Profiles can send logs to Panorama, syslog, email, or HTTP servers for integration with
monitoring tools. SNMP and DNS servers are not valid logging destinations. This flexibility allows
alignment with SIEMs or monitoring policies.
11.Which profile ensures that sensitive data such as credit card numbers are not transmitted in clear text?
A. Antivirus Profile
B. Data Filtering Profile
C. Decryption Profile
D. File Blocking Profile
Answer: B
Explanation:
Data Filtering profiles detect and block sensitive information patterns like credit cards, SSNs, or custom
regex patterns. Antivirus protects against malware, while Decryption is for SSL inspection. File Blocking
enforces restrictions on file types but not data content.