NetSec-Analyst Exam Question 6

A Network Security Analyst is tasked with auditing a Panorama configuration. They need to identify all security policies that utilize a specific custom application signature, regardless of which Device Group or virtual system (vsys) they reside in. Which Panorama feature and command set would be most efficient for this task?
  • NetSec-Analyst Exam Question 7

    A network security analyst is investigating erratic packet forwarding behavior on a Palo Alto Networks firewall running advanced threat prevention services. Some legitimate traffic flows are experiencing severe latency or being dropped, while others are processed normally. The firewall's data plane CPU utilization is consistently low, and traffic logs show no explicit denies, but session end reasons indicate 'aged-out' or 'session-limit'. A 'debug dataplane packet-diag' output for an affected flow shows the packet reaching the 'flow_lookup' stage but then appears to get stuck or re-evaluated endlessly without being forwarded. Which of the following is the most obscure and difficult to diagnose misconfiguration or state that could cause this behavior?
  • NetSec-Analyst Exam Question 8

    A newly acquired subsidiary operates its own legacy firewall system, separate from the parent company's Palo Alto Networks infrastructure. The parent company's security mandate is to onboard the subsidiary into the central Panorama management and apply standardized security profiles. Before migration, the security team needs to understand the subsidiary's current traffic patterns, identify all applications in use, and discover any potential vulnerabilities or misconfigurations. Post-migration, they need to validate that the new policies are correctly enforced and that no critical services are disrupted. How would a Network Security Analyst use the integrated capabilities of Command Center, Activity Insights, and Policy Optimizer throughout this migration lifecycle?
  • NetSec-Analyst Exam Question 9

    A company has implemented a new VoIP system that uses UDP/5060 (SIP) and UDP/10000-20000 (RTP). Initially, App-ID correctly identified these as 'sip' and 'rtp'. However, after a recent software update on the VoIP servers, the RTP traffic, while still using the same port range, is now being identified as 'unknown-udp' due to subtle changes in its header or payload. This is causing inconsistent QOS and security policy enforcement. Which of the following is the most effective approach to ensure correct identification of the RTP traffic while minimizing false positives?
  • NetSec-Analyst Exam Question 10

    An organization is migrating its cloud applications from a public internet connection to a dedicated AWS Direct Connect link through a Palo Alto Networks firewall. To achieve this, all traffic to AWS public IP ranges (e.g., EC2, S3) from the internal network must be forwarded over the Direct Connect interface (ethernet1/3) with a specific next-hop router. Other internet-bound traffic should continue using the primary internet uplink (ethernet1/1 ). Which of the following PBF actions are critical to ensure that if the Direct Connect link fails, the AWS-bound traffic automatically fails over to the primary internet uplink without manual intervention?