NetSec-Analyst Exam Question 46

A Palo Alto Networks firewall is configured with User-ID and integrated with Active Directory. The network team reports that users from the 'Guest Wi-Fi' network are occasionally accessing internal resources. The current security policy allows 'Guest_Wi-Fi' users only to specific internet sites. Investigation reveals that the Guest Wi-Fi SSID is configured to assign IPs from a different subnet than the corporate network, but the User-ID mapping is still showing internal corporate users mapped to some Guest Wi-Fi IPs due to cached logins or session sharing. How would you prevent 'Guest_Wi-Fi' users, regardless of their User-ID mapping, from accessing internal resources while maintaining their internet access?
  • NetSec-Analyst Exam Question 47

    A Palo Alto Networks firewall is configured with IPSec VPN tunnels to multiple branch offices. Users in a specific branch office are reporting intermittent connectivity issues to resources in the main data center. 'show vpn flow' on the main data center firewall shows the VPN tunnel state as 'Up', but the 'Rx Bytes' and 'Tx Bytes' are not incrementing for traffic from the affected branch. 'show log traffic direction equal reverse' on the main firewall also shows no matching traffic for the branch network's return path. What is the MOST complex and difficult-to-diagnose underlying network issue that could cause this scenario?
  • NetSec-Analyst Exam Question 48

    You are managing a Palo Alto Networks firewall and need to allow access to an internal SSH server (10.0.5.22, TCP/22) from a specific partner's public IP address (20.20.20.20). However, due to port conflicts, the partner will be connecting to your public IP (203.0.113.50) on an alternate port, TCP/2222. You must configure a Destination NAT policy for this. Additionally, you want to log successful NAT translations and identify the original source and destination IPs, as well as the translated IPs and ports in the traffic logs. Which of the following configurations for the NAT policy and associated logging is correct and most informative?
  • NetSec-Analyst Exam Question 49

    A large e-commerce platform is experiencing intermittent slowdowns during peak shopping hours. Analysis shows a surge in new TCP connections from various source IPs, many of which appear to be legitimate but are overwhelming the server's connection table. The security team suspects a sophisticated SYN flood attack that mimics legitimate traffic. Which of the following DoS protection profile settings, when applied to the relevant security rule, would be most effective in mitigating this specific type of attack without significantly impacting legitimate user experience, and why?
  • NetSec-Analyst Exam Question 50

    Consider a large enterprise with multiple regional data centers and branch offices. They are deploying SD-WAN with Palo Alto Networks firewalls. The security team mandates that all Internet-bound traffic from branch offices must first be inspected by a centralized security stack (e.g., NGFW cluster, SWG) located in Region A Data Center, before exiting to the Internet. However, internal branch-to-branch communication should be routed directly over the optimal SD-WAN path without hair-pinning through a data center. All traffic types have their own application-specific SLA requirements. Which of the following policy constructs are essential and correctly ordered to satisfy these requirements?