NetSec-Analyst Exam Question 1

A global financial institution utilizes Strata Cloud Manager (SCM) to manage thousands of Palo Alto Networks firewalls. Due to strict regulatory compliance requirements (e.g., PCI DSS, GDPR), they need to ensure that all policy changes are peer-reviewed and logged with detailed audit trails. Furthermore, they want to automate the rollback of any erroneous policy deployments. Which SCM features, combined with external processes, would best achieve these objectives?
  • NetSec-Analyst Exam Question 2

    An IoT smart building system uses BACnet/IP for HVAC control. The security team discovers a device sending unauthorized 'Write Property' requests to BACnet objects that control critical ventilation fans, potentially disrupting air quality. They have identified the rogue device's MAC address and IP address, but its type (vendor/model) is not yet fully classified by Device-ID. How can the Palo Alto Networks NGFW be configured, leveraging IoT security concepts, to immediately block these specific 'Write Property' requests from this rogue device, while allowing legitimate BACnet traffic from authorized devices?
  • NetSec-Analyst Exam Question 3

    A large e-commerce platform uses an internal REST API service on TCP/443 for microservices communication. While it uses TLS, App-ID often misidentifies it as 'web-browsing' or 'ssl', preventing granular policy enforcement based on the actual API application. The security team wants to classify this traffic as 'internal-rest-api' (a custom application) and apply a custom URL Filtering profile that blocks only specific API endpoints, not general web browsing. They also need to ensure that this override does not affect legitimate 'web- browsing' traffic to external sites over TCP/443. Which configuration strategy should be employed?
  • NetSec-Analyst Exam Question 4

    A large enterprise has implemented GlobalProtect and is leveraging Host Information Profile (HIP) for endpoint compliance. A new compliance requirement dictates that no user should be able to access the internal 'Sensitive SharePoint' site unless their device has the latest antivirus definitions and the endpoint security agent is running. All other internal resources should remain accessible even if the HIP check fails, but without the 'Sensitive SharePoint' access. Describe the policy configuration strategy to achieve this granular access control.
  • NetSec-Analyst Exam Question 5

    During a breach investigation, a Network Security Analyst needs to retroactively search for specific malicious file hashes (MD5) that might have been downloaded or uploaded through the firewall within the last 30 days. These hashes were not known at the time of the initial traffic. The Incidents and Alerts page currently shows no alerts related to these hashes. Which of the following approaches is the MOST efficient and effective to perform this retrospective analysis using Palo Alto Networks tools, including Log Viewer and potentially other integrated services?