Which procedure is most effective for maintaining continuity and security during a Prisma Access data plane software upgrade?
Answer(s): A
The best practice for Prisma Access data plane upgrades involves backing up configurations, scheduling upgrades during off-peak hours, and using a phased approach to minimize disruption and maintain continuity. As per the Palo Alto Networks documentation:"To minimize disruptions, it is recommended to perform Prisma Access upgrades during non- business hours and in a phased manner, starting with less critical sites to validate the process before moving to critical locations. Backup configurations and validate the system's readiness to avoid data loss and maintain service continuity."(Source: Prisma Access Best Practices)
An NGFW administrator is updating PAN-OS on company data center firewalls managed by Panoram
Answer(s): D
The firewall must be running a PAN-OS version that is supported by Panorama. This means that Panorama must be running the same or a newer PAN-OS version as the one being installed on the firewalls to maintain compatibility."Before you upgrade the firewall, ensure that Panorama is running the same or a later PAN-OS version than the firewall. Panorama must always be at the same or a higher version to maintain compatibility."(Source: Panorama Admin Guide Upgrade Process)
In which two applications can Prisma Access threat logs for mobile user traffic be reviewed? (Choose two.)
Answer(s): B,C
Threat logs for Prisma Access mobile users can be reviewed in both Strata Cloud Manager (SCM) and Strata Logging Service. Prisma Cloud and service connection firewalls are not directly tied to mobile user traffic logs."Prisma Access logs are available in the Strata Cloud Manager and can also be sent to the Strata Logging Service for detailed analysis and threat visibility."(Source: Prisma Access Administration Guide)
Which two tools can be used to configure Cloud NGFWs for AWS? (Choose two.)
Answer(s): C,D
Cloud NGFW for AWS can be configured using Panorama for centralized management, as well as the AWS management console for native integration and configuration."You can configure Cloud NGFW for AWS using Panorama for centralized security management, or directly through the AWS management console to deploy and manage security services for your AWS resources."(Source: Cloud NGFW for AWS Guide)
Using Prisma Access, which solution provides the most security coverage of network protocols for the mobile workforce?
Answer(s): B
Client-based VPN solutions like GlobalProtect provide full coverage for the mobile workforce by extending the enterprise security stack to remote endpoints. It establishes a secure tunnel, allowing consistent security policies across the enterprise perimeter and the mobile workforce."GlobalProtect is a client-based VPN that provides secure, consistent protection for mobile users by extending the security capabilities of Prisma Access to remote endpoints, covering all network protocols."(Source: GlobalProtect Admin Guide)
Which two prerequisites must be evaluated when decrypting internet-bound traffic? (Choose two.)
When implementing SSL Forward Proxy decryption for outbound traffic, two key challenges that must be evaluated are:Incomplete certificate chains: This occurs when the firewall cannot validate the entire certificate chain for a site, which may cause decryption failures.Certificate pinning: Applications like banking apps may use certificate pinning to prevent MITM (man-in-the-middle) attacks, and these applications will break if SSL Forward Proxy is used."When decrypting outbound SSL traffic, you must consider incomplete certificate chains, which can cause decryption to fail if the firewall cannot validate the entire chain. Also, be aware of certificate pinning in applications that prevents decryption by rejecting forged certificates."(Source: Palo Alto Networks Decryption Concepts)
Which firewall attribute can an engineer use to simplify rule creation and automatically adapt to changes in server roles or security posture based on log events?
Dynamic Address Groups enable the firewall to automatically adjust security policies based on tags assigned dynamically (via log events, API, etc.). This eliminates the need for manual updates to policies when server roles or IPs change."Dynamic Address Groups allow you to create policies that automatically adapt to changes in the environment. These groups are populated dynamically based on tags, enabling automated security policy updates without manual intervention."(Source: Dynamic Address Groups)
How does a firewall behave when SSL Inbound Inspection is enabled?
SSL Inbound Inspection allows the firewall to decrypt incoming encrypted traffic to internal servers (e.g., web servers) by acting as a man-in-the-middle (MITM). The firewall uses the private key of the server to decrypt the session and apply security policies before re-encrypting the traffic."SSL Inbound Inspection requires you to import the server's private key and certificate into the firewall. The firewall then acts as a man-in-the-middle (MITM) to decrypt inbound sessions from external clients to internal servers for inspection."(Source: SSL Inbound Inspection)
Share your comments for Palo Alto Networks NetSec-Pro exam with other users:
i love this thank you i need
question # 142: data governance is not one of the deliverables in the document and content management context diagram.
most answers not correct here
what % of questions do we get in the real exam?
i just want to tell you. i took my microsoft az-104 exam and passed it. your program was awesome. i especially liked your detailed questions and answers and practice tests that made me well-prepared for the exam. thanks to this website!!!
all the best
very usefull document
nice and helpful questions
i found the questions helpful
q 105 . ans is d
i have interest to get a sybase iq dba certification
want to pass exm.
are the answers correct?
good morning, could you please upload this exam again, i need it to test my knowledge in sd-wan with version 7.0.
very nice question
i have learning disability and this exam dumps allowed me to focus on the actual questions and not worry about notes and the those other study materials.
165 should be apt
please upload the dumps, real need of them
any recent feeedback?
question number 2 is indicating you are giving proper questions. observe and change properly.
passed today.40% questions were new.litwere case study,lots of new questions on afd,ratelimit,tm,lb,app gatway.got 2 set series of questions which are not present here.questions on azure cyclecloud, no.of vnet/vms required for implimentation,blueprints assignment/management group etc
practice test
want the dumps for emc content management server programming(cmsp)
brilliant and helpful
q75. azure files is pass
very helpful
thank you for these questions. it helped a lot.
how do i get the h12-724 dumps
nice data dumps
answers are correct
good explanation
hi team just want to know if there is any update version of the exam 350-401
helpful on 2017 scrum guide
planning to attempt for the exam.