Palo Alto Networks Certified Network Security Professional NetSec-Pro Exam Practice Test

Answer : D

To create custom Prisma Access reports within SCM, you first configure a dashboard that aggregates the relevant logs and analytics. This allows you to define the data points you want to include.

''Dashboards in SCM can be customized to include Prisma Access data sources, enabling you to create and generate reports that meet specific business and security requirements.''

(Source: SCM Dashboards and Reporting)

Once configured, you can export the dashboard as a custom report.

''Use the dashboard's data visualization to create custom reports for Prisma Access, which can be exported as PDFs for distribution.''

(Source: SCM Report Customization)

Answer : B, C

When implementing SSL Forward Proxy decryption for outbound traffic, two key challenges that must be evaluated are:

Incomplete certificate chains: This occurs when the firewall cannot validate the entire certificate chain for a site, which may cause decryption failures.

Certificate pinning: Applications like banking apps may use certificate pinning to prevent MITM (man-in-the-middle) attacks, and these applications will break if SSL Forward Proxy is used.

''When decrypting outbound SSL traffic, you must consider incomplete certificate chains, which can cause decryption to fail if the firewall cannot validate the entire chain. Also, be aware of certificate pinning in applications that prevents decryption by rejecting forged certificates.''

(Source: Palo Alto Networks Decryption Concepts)

Answer : B, C

Threat logs for Prisma Access mobile users can be reviewed in both Strata Cloud Manager (SCM) and Strata Logging Service. Prisma Cloud and service connection firewalls are not directly tied to mobile user traffic logs.

''Prisma Access logs are available in the Strata Cloud Manager and can also be sent to the Strata Logging Service for detailed analysis and threat visibility.''

(Source: Prisma Access Administration Guide)

Answer : A

The best practice for Prisma Access data plane upgrades involves backing up configurations, scheduling upgrades during off-peak hours, and using a phased approach to minimize disruption and maintain continuity. As per the Palo Alto Networks documentation:

''To minimize disruptions, it is recommended to perform Prisma Access upgrades during non-business hours and in a phased manner, starting with less critical sites to validate the process before moving to critical locations. Backup configurations and validate the system's readiness to avoid data loss and maintain service continuity.''

(Source: Prisma Access Best Practices)

Answer : C

Heartbeat polling is a core HA function to monitor connectivity between HA peers, leveraging ICMP pings to determine link health and availability.

''Heartbeat Polling uses ICMP pings to verify the connectivity and health of the HA peers. If heartbeat polling fails, the firewall considers the peer to be down and may initiate failover.''

(Source: HA Link and Path Monitoring)

If ICMP pings fail, checking heartbeat polling logs helps identify if link or path monitoring triggers the failover.

Answer : B

In Prisma Access, the interzone security policy rule is available and plays a crucial role in controlling traffic between zones.

''You can configure an interzone rule to control traffic that flows between different zones in Prisma Access, enabling granular security policy enforcement.''

(Source: Prisma Access Security Policies)

This ensures comprehensive control of traffic crossing security boundaries in the cloud-delivered architecture.

Answer : B

IoT Security uses MAC address, device manufacturer, and OS information to identify and classify devices via Device-ID.

''IoT Security uses passive network traffic analysis to fingerprint devices based on the MAC address, manufacturer, and operating system to ensure accurate classification.''

(Source: IoT Security Device-ID and Classification)

These attributes provide a robust, manufacturer-agnostic method to fingerprint IoT devices.