Exam NetSec-Generalist Palo Alto Networks Network Security Generalist

Question 11

At a minimum, which action must be taken to ensure traffic coming from outside an organization to the DMZ can access the DMZ zone for a company using private IP address space?

A.

Configure static NAT for all incoming traffic.

B.

Create NAT policies on post-NAT addresses for all traffic destined for DMZ.

C.

Configure NAT policies on the pre-NAT addresses and post-NAT zone.

D.

Create policies only for pre-NAT addresses and any destination zone.

Show Answer Comment (0)

Suggested answer: B

asked 18/02/2025

Thomas Kringel

42 questions

Question 12

A company uses Prisma Access to provide secure connectivity for mobile users to access its corporate-sanctioned Google Workspace and wants to block access to all unsanctioned Google Workspace environments.

What would an administrator configure in the snippet to achieve this goal?

A.

Dynamic Address Groups

B.

Tenant restrictions

C.

Dynamic User Groups

D.

URL category

Show Answer Comment (0)

Suggested answer: B

asked 18/02/2025

ERIK BURDETT

50 questions

Question 13

Which two cloud deployment high availability (HA) options would cause a firewall administrator to use Cloud NGFW? (Choose two.)

A.

Automated autoscaling

B.

Terraform to automate HA

C.

Dedicated vNIC for HA

D.

Deployed with load balancers

Show Answer Comment (0)

Question 14

A company currently uses Prisma Access for its mobile users. A use case is discovered in which mobile users will need to access an internal site, but there is no existing network communication between the mobile users and the internal site.

Which Prisma Access functionality needs to be deployed to enable routing between the mobile users and the internal site?

A.

Interconnect license

B.

Service connection

C.

Autonomous Digital Experience Manager (ADEM)

D.

Security processing node

Show Answer Comment (0)

Suggested answer: B

asked 18/02/2025

Hassene SAADI

45 questions

Question 15

How are content updates downloaded and installed for Cloud NGFWs?

A.

Through the management console

B.

Through Panorama

C.

Automatically

D.

From the Customer Support Portal

Show Answer Comment (0)

Question 16

Which Cloud-Delivered Security Services (CDSS) solution is required to configure and enable Advanced DNS Security?

A.

Advanced WildFire

B.

Enterprise SaaS Security

C.

Advanced Threat Prevention

D.

Advanced URL Filtering

Show Answer Comment (0)

Question 17

What is the main security benefit of adding a CN-Series firewall to an existing VM-Series firewall deployment when the customer is using containers?

A.

It provides perimeter threat detection and inspection outside the container itself.

B.

It prevents lateral threat movement within the container itself.

C.

It monitors and logs traffic outside the container itself.

D.

It enables core zone segmentation within the container itself.

Show Answer Comment (0)

Suggested answer: B

asked 18/02/2025

Michele Valvason

44 questions

Question 18

An IT security administrator is maintaining connectivity and security between on-premises infrastructure, private cloud, and public cloud environments in Strata Cloud Manager (SCM).

Which set of practices must be implemented to effectively manage certificates and ensure secure communication across these segmented environments?

Become a Premium Member for full access