Palo Alto Networks NetSec-Analyst - Palo Alto Networks Certified Network Security Analyst Exam
Page: 2 / 10
Total 50 questions
Question #6 (Topic: Exam A)
A security administrator wants to determine which action a URL Filtering profile will take on the URL "www.chatgpt.com." The firewall has a custom URL object with "www.chatgpt.com/" as a member called "Permitted-AI." The URL "www.chatgpt.com" is also categorized as "Artificial-Intelligence, " "Computer-and-Internet-Info," and "Low-Risk." The URL Filtering profile has the
following in descending order:
• Artificial-Intelligence set to continue
• Computer-and-Internet-Info set to block
• Low-Risk set to alert
• Permitted-AI set to allow
Which action will the URL Filtering profile take when traffic matches the "www.chatgpt.com" URL on a rule with this profile attached?
following in descending order:
• Artificial-Intelligence set to continue
• Computer-and-Internet-Info set to block
• Low-Risk set to alert
• Permitted-AI set to allow
Which action will the URL Filtering profile take when traffic matches the "www.chatgpt.com" URL on a rule with this profile attached?
A. Continue
B. Alert
C. Allow
D. Block
Answer: C
Question #7 (Topic: Exam A)
In an environment with SSL Forward Proxy decryption policies and applications that use certificate pinning, which configuration step is essential to prevent application failures due to strict certificate validation?
A. Increase the key length of the SSL Forward Proxy certificate to enhance security.
B. Enable SSL/TLS 1.3 to ensure compatibility with modern applications.
C. Use a wildcard certificate to bypass certificate validation issues.
D. Create SSL decryption exclusions for applications that use certificate pinning.
Answer: D
Question #8 (Topic: Exam A)
When configuring SSL Inbound Inspection for a public-facing web server, what must be installed as a critical certificate management step to ensure decryption of the SSL connection?
A. Certificate generated by an internal CA server and session-specific certificates on the firewall.
B. Self-signed certificate on the firewall to protect the identity of the server.
C. Public key wildcard certificate on the firewall to decrypt all inbound traffic.
D. Web server certificate and corresponding private key on the firewall.
Answer: D
Question #9 (Topic: Exam A)
A security administrator is building out Decryption policies and wants to decrypt according to Palo Alto Networks best practices.
Which URL categories should the administrator add to the policies?
Which URL categories should the administrator add to the policies?
A. Proxy avoidance and anonymizers, ransomware unknown, web-based email, web advertisements, and not resolved.
B. Online storage and backup web-based email web hosting, personal sites and blogs, content delivery networks, and high-risk URL.
C. AI website generator, Command and Control, compromised website, encrypted DNS, and dynamic DNS.
D. Newly registered domains, internet communications and telephony, high-risk URL, insufficient content, hacking, and grayware.
Answer: D
Question #10 (Topic: Exam A)
When a company has a private list of allowed URLs for its users, what can be used to force the NGFWs to securely access the external dynamic list server using username/password?
A. Basic HTTP authentication
B. SAML
C. OpenID Connect
D. LDAP
Answer: A
