Free Network Security AnalystPractice Test

A network administrator needs to create an address object that represents a range of IP addresses from 192.168.10.50 to 192.168.10.100. Which address object type should be used?

An organization wants to create a security policy that allows access to multiple web servers located at 10.1.1.10, 10.1.1.11, and 10.1.1.12. What is the BEST practice approach for configuring this policy?

A security analyst is troubleshooting why a security policy is not being hit as expected. The Traffic logs show sessions matching a different rule. What tool should be used to determine which security policy will match specific traffic before it actually traverses the firewall?

Which statement accurately describes the default behavior of security policies on Palo Alto Networks firewalls?

An administrator needs to create a service object for a custom application that uses TCP port 8443. What is the correct configuration approach?

A company has a security policy that allows web-browsing from the trust zone to the untrust zone. Users report they cannot access any websites. Traffic logs show sessions are being denied. What is the MOST likely cause?

In Strata Cloud Manager, which administrative role has the ability to create and modify security policies but cannot add or remove other administrators?

A network administrator wants to ensure that all HTTPS traffic to a specific server is decrypted for inspection, but traffic to banking websites should not be decrypted. What configuration approach should be used?

An organization needs to create dynamic address groups that automatically include servers based on tags assigned during VM creation in their cloud environment. Which feature enables this functionality?

What is the primary advantage of using Strata Cloud Manager compared to traditional on-premises firewall management?

A security team needs to block command-and-control (C2) traffic from compromised hosts. Which security subscription service is specifically designed to identify and block C2 communications?

An administrator notices that a security rule allowing SSH access from any source to a DMZ server appears above a more restrictive rule that should limit SSH access to specific management IPs. What is the impact of this configuration?

Which object type should be used when an administrator needs to reference multiple applications such as facebook-base, facebook-chat, and facebook-posting in a single security policy rule?

In Strata Cloud Manager, an administrator needs to push configuration changes to multiple firewalls simultaneously. What is the correct workflow to accomplish this?

A company discovers that an unknown executable file bypassed their security controls. They want to send this file to Palo Alto Networks for analysis to generate new protection signatures. Which security service provides this capability?

An administrator is configuring a security policy and needs to log traffic at the start of a session rather than waiting for the session to end. However, they are concerned about the performance impact. What is the recommended approach?

A network administrator needs to create an address object for a web server whose IP address changes periodically but has a consistent DNS name of www.example.com. What is the BEST object type to use?

An organization has multiple security policies allowing different applications to various zones. During a security audit, they need to identify which policies have not matched any traffic in the past 90 days. Which feature should they use?

In Strata Cloud Manager, an administrator needs to configure device groups to apply common policies across multiple firewalls in different regions while maintaining region-specific customizations. What is the recommended approach?

A security administrator wants to configure a policy that blocks file downloads with specific file types (such as .exe and .dll) from web-browsing and SSL applications. What is the BEST way to accomplish this?