Free Palo Alto Networks Certified Network Security Professional Exam NetSec-Pro Exam Practice Test

Which security profile provides real-time protection against threat actors who exploit the misconfigurations of DNS infrastructure and redirect traffic to malicious domains?

• Antivirus
• URL Filtering
• Vulnerability Protection
• Anti-spyware

Which two features can a network administrator use to troubleshoot the issue of a Prisma Access mobile user who is unable to access SaaS applications? (Choose two.)

• SaaS Application Risk Portal
• Capacity Analyzer
• GlobalProtect logs
• Autonomous Digital Experience Manager (ADEM) console

When configuring Security policies on VM-Series firewalls, which set of actions will ensure the most comprehensive Security policy enforcement?

• Configure port-based policies, check threat logs weekly, conduct software updates annually, and enable decryption.
• Configure policies using User-ID and App-ID, enable decryption, apply appropriate security profiles to rules, and update regularly with dynamic updates.
• Configure all default policies provided by the firewall, use Policy Optimizer, and adjust security rules after an incident occurs.
• Configure a block policy for all malicious inbound traffic, configure an allow policy for all outbound traffic, and update regularly with dynamic updates.

Which two prerequisites must be evaluated when decrypting internet-bound traffic? (Choose two.)

• RADIUS profile
• Incomplete certificate chains
• Certificate pinning
• SAML certificate

What must be configured to successfully onboard a Prisma Access remote network using Strata Cloud Manager (SCM)?

• Cloud Identity Engine
• Autonomous Digital Experience Manager (ADEM)
• GlobalProtect agent
• IPSec termination node

In a distributed enterprise implementing Prisma SD-WAN, which configuration element should be implemented first to ensure optimal traffic flow between remote sites and headquarters?

• Deploy redundant ION devices at each location.
• Implement dynamic path selection using real-time performance metrics.
• Configure static routes between all the branch offices.
• Enable split tunneling for all branch locations.

A network administrator obtains Palo Alto Networks Advanced Threat Prevention and Advanced DNS Security subscriptions for edge NGFWs and is setting up security profiles. Which step should be included in the initial configuration of the Advanced DNS Security service?

• Create a decryption policy rule to decrypt DNS-over-TLS / port 853 traffic.
• Create overrides for all company owned FQDNs.
• Configure DNS Security signature policy settings to sinkhole malicious DNS queries.
• Enable Advanced Threat Prevention with default settings and only focus on high-risk traffic.

Which two components of a Security policy, when configured, allow third-party contractors access to internal applications outside business hours? (Choose two.)

• App-ID
• Service
• User-ID
• Schedule

Which set of practices should be implemented with Cloud Access Security Broker (CASB) to ensure robust data encryption and protect sensitive information in SaaS applications?

• Do not enable encryption for data-at-rest to improve performance.
• Use default encryption keys provided by the SaaS provider.
• Perform annual encryption key rotations.
• Enable encryption for data-at-rest and in transit, regularly update encryption keys, and use strong encryption algorithms.

How do Cloud NGFW instances get created when using AWS centralized deployments?

• Cloud NGFW is placed in a vWAN with a virtual hub.
• They replace the internet gateway service.
• Selected VPCs will have Cloud NGFW workloads added to them.
• A security VPC will be created as transit gateways to push all traffic through the area.