NetSec Analyst 시험 - Paloalto Networks실제시험문제와 답 - 60문항

Question No : 1

When using SD-WAN templates in Panorama, which benefit is achieved?

A.Centralized configuration of SD-WAN policies
B.Built-in malware signature updates
C.Automatic SSL decryption bypass
D.On-demand firewall upgrades

정답:
Explanation:
Panorama allows administrators to centrally push SD-WAN templates and policies across multiple firewalls. This simplifies scaling in large environments. Malware updates and SSL decryption are separate functions, not related to SD-WAN templates.

Question No : 2

Which SD-WAN object defines the criteria for choosing the best path for an application?

A.Path Quality Profile
B.Log Forwarding Profile
C.Data Filtering Profile
D.Device Group

정답:
Explanation:
Path Quality Profiles define thresholds for latency, jitter, and loss. Traffic steering policies reference these profiles to determine the optimal path. Other profiles like Log Forwarding or Data Filtering are unrelated to WAN link selection.

Question No : 3

Which two link health parameters can be configured in an SD-WAN profile?

A.Latency
B.CPU Utilization
C.Jitter
D.Session Table Size

정답:
Explanation:
SD-WAN profiles track network conditions using latency, jitter, and packet loss metrics. CPU utilization and session table size are firewall resource metrics, not SD-WAN path selection criteria.

Question No : 4

What is the purpose of an SD-WAN profile in Palo Alto Networks firewalls?

A.Define traffic distribution rules across multiple WAN links
B.Encrypt inter-branch VPN traffic
C.Create URL filtering categories for WAN traffic
D.Monitor endpoint compliance

정답:
Explanation:
SD-WAN profiles enable link selection and traffic steering across multiple WAN paths based on metrics like jitter, latency, and loss. They don’t handle encryption (VPN), URL filtering, or endpoint compliance.

Question No : 5

Which two actions can be enforced by DoS Protection Profiles?

A.Block IP
B.SYN Cookies
C.File Blocking
D.URL Filtering

정답:
Explanation:
DoS profiles provide SYN cookie insertion and source IP blocking to stop attackers. File blocking and URL filtering are unrelated, as they apply to application and web traffic controls, not volumetric attack handling.

Question No : 6

A customer requires protection against volumetric floods on their public web server.
Which feature should be applied?

A.DoS Protection Profile
B.Data Filtering Profile
C.Antivirus Profile
D.SD-WAN Policy

정답:
Explanation:
DoS Protection Profiles mitigate floods by defining thresholds and response mechanisms for SYN, UDP, or ICMP floods. Antivirus or Data Filtering cannot prevent volumetric attacks, and SD-WAN policies are unrelated to DoS mitigation.

Question No : 7

Which DoS Protection Profile setting limits the number of concurrent connections to a service?

A.SYN Cookies
B.Max Concurrent Sessions
C.Random Early Drop
D.Aggressive Aging

정답:
Explanation:
The Max Concurrent Sessions setting enforces a threshold on simultaneous connections. This prevents resource exhaustion from DoS attacks. SYN Cookies mitigate SYN floods, Random Early Drop applies to QoS, and Aggressive Aging is related to session timeout.

Question No : 8

IoT security profiles help administrators in which two ways?

A.Identifying unmanaged IoT devices
B.Blocking malicious IoT traffic
C.Encrypting IoT traffic
D.Providing IoT patch management

정답:
Explanation:
IoT security profiles allow classification of connected devices and enforce behavioral security to prevent attacks. They don’t provide encryption or patch management. Instead, they focus on visibility and anomaly detection in IoT ecosystems.

Question No : 9

Which two options are available when defining Data Filtering rules?

A.Predefined data patterns
B.File size thresholds
C.Regular expressions
D.Certificate validation

정답:
Explanation:
Data Filtering uses predefined patterns (e.g., credit card, SSNs) and custom regex to detect sensitive data. File size thresholds are part of File Blocking, while certificate validation belongs to SSL/TLS decryption profiles.

Question No : 10

Which profile ensures that sensitive data such as credit card numbers are not transmitted in clear text?

A.Antivirus Profile
B.Data Filtering Profile
C.Decryption Profile
D.File Blocking Profile

정답:
Explanation:
Data Filtering profiles detect and block sensitive information patterns like credit cards, SSNs, or custom regex patterns. Antivirus protects against malware, while Decryption is for SSL inspection. File Blocking enforces restrictions on file types but not data content.

Question No : 11

When configuring a Log Forwarding Profile, which two destinations can be selected?

A.Email Server
B.SNMP Manager
C.Panorama
D.DNS Server

정답:
Explanation:
Log Forwarding Profiles can send logs to Panorama, syslog, email, or HTTP servers for integration with monitoring tools. SNMP and DNS servers are not valid logging destinations. This flexibility allows alignment with SIEMs or monitoring policies.

Question No : 12

Which feature allows administrators to forward firewall logs to an external SIEM solution?

A.Log Forwarding Profile
B.Decryption Profile
C.Data Filtering Profile
D.Custom Object

정답:
Explanation:
Log Forwarding Profiles define which log types (traffic, threat, system, etc.) are forwarded to external destinations like SIEMs or syslog servers. This is critical for centralized monitoring. Decryption and Data Filtering profiles serve different purposes.

Question No : 13

Which two actions can be taken when applying a custom URL category to a policy?

A.Alert
B.Drop
C.Allow
D.Encrypt

정답:
Explanation:
Custom URL categories can be enforced through security policy actions like allow, block, or alert. Encryption is handled by decryption policies, not URL filtering. Drop is not a direct action in URL
filtering but rather a firewall packet action.

Question No : 14

You need to create a custom object to block access to “gambling” websites not included in default categories.
What type of custom object would you configure?

A.Application Override
B.Custom URL Category
C.Security Profile Group
D.Data Pattern

정답:
Explanation:
Custom URL categories let administrators define site lists outside PAN-DB’s predefined categories. This ensures that specific business-defined URLs can be blocked or allowed. Data Patterns are used for DLP, not web traffic classification.

Question No : 15

Which two object types can be defined within an External Dynamic List (EDL)?

A.FQDN
B.IP Address
C.Custom Data Patterns
D.URL

정답:
Explanation:
EDLs support IP addresses, URLs, and domain-based indicators. They are highly useful for integrating with threat intelligence feeds. FQDN objects and custom data patterns are managed separately and cannot be directly used in an EDL.

Paloalto Networks NetSec Analyst 시험