NetSec-Analyst Exam Question 96

A Palo Alto Networks firewall is configured with an External Dynamic List (EDL) sourced from an internal web server. The web server is located in a different security zone. Which of the following security policy rules must be in place to allow the firewall to successfully fetch updates for this EDL?
  • NetSec-Analyst Exam Question 97

    A Palo Alto Networks firewall configured as an active/passive HA pair is experiencing split-brain scenarios, where both firewalls briefly become active, causing network disruption. Packet captures on the HA interfaces show intermittent high latency and packet loss. The 'HA Link Monitoring' and 'Path Monitoring' are configured. Which of the following is the most likely, yet often overlooked, cause of this complex HA instability?
  • NetSec-Analyst Exam Question 98

    A secure healthcare network leverages Palo Alto Networks NGFWs to protect critical medical IoT devices (IoMT) like infusion pumps and patient monitors. These devices communicate using proprietary protocols over TCP. The security team has identified that some of these devices are attempting to establish undocumented SSH connections to external IP addresses, likely due to a compromise. The challenge is that the NGFW's 'Application-ID' correctly identifies the proprietary IoMT application, but it also identifies the rogue SSH connection from the same device . How can the security policy, leveraging IoT security profiles, be configured to allow the legitimate IoMT proprietary application while blocking the specific SSH connection from the compromised device without disrupting essential medical operations?
  • NetSec-Analyst Exam Question 99

    Consider the following XML snippet representing a partial SD-WAN template configuration in Panorama for a new branch template stack:

    Which of the following statements accurately describe the implications or missing crucial components for this SD-WAN template to effectively manage application-specific traffic with performance objectives, specifically for a VoIP' application?
  • NetSec-Analyst Exam Question 100

    Consider a scenario where a Palo Alto Networks firewall is used to secure access to a critical internal web application that uses a custom header for authentication, e.g., 'X-Auth-Token: [TOKEN VALUE]'. To enhance security, the organization wants to implement a custom vulnerability signature that detects attempts to bypass this authentication by submitting requests with a missing or malformed 'X-Auth- Token' header. Which of the following PCRE (Perl Compatible Regular Expressions) patterns for a custom vulnerability signature would effectively detect both a completely missing 'X-Auth-Token' header and an 'X-Auth-Token' header that is present but followed by an empty string or only whitespace, specifically when targeting HTTP POST requests to '/api/vl/secure_resource'? Assume the signature 'Location' is 'http-post-request-headers' and 'Scope' is 'transaction'.