NetSec-Analyst Exam Question 36

A security analyst is investigating a suspicious outbound connection from an IoT smart light bulb, which normally only communicates with its cloud controller. The firewall logs show traffic initiated from the light bulb's IP address (192.168.5.10) to an external IP (203.0.113.5) on TCP port 4444. The existing IoT security profile for the 'Smart-Home-IoT' device group, to which the light bulb belongs, is configured to allow only HTTPS traffic to 'iot.vendorcloud.com'. Which of the following is the MOST likely reason for this connection being allowed, assuming no explicit 'deny all' rule is present for the IoT zone after the allowed traffic?
  • NetSec-Analyst Exam Question 37

    A Palo Alto Networks administrator is configuring a decryption profile for an internal network segment. The security policy requires that all outbound TLS traffic destined for financial institutions (identified by a custom URL category 'Financial_Sites') must be decrypted, while traffic to healthcare providers (identified by 'Healthcare_Sites') must remain undecrypted due to privacy regulations. All other unclassified TLS traffic should be subject to SSL Forward Proxy decryption with a block action if decryption fails. Which combination of decryption profile settings and security policy rules will achieve this, assuming a Decryption Profile 'Financial_Decryption' (Forward Proxy, Block on failure) and 'No_Decryption' profiles exist?
  • NetSec-Analyst Exam Question 38

    A financial institution has a requirement to send all traffic originating from the 'Finance' security zone, destined for external banking APIs (known IP ranges), through a dedicated, high-throughput internet link. Simultaneously, all other internet traffic from the 'Finance' zone should use the standard, lower-cost internet uplink. A PBF rule is configured as follows:

    After deployment, users in the 'Finance' zone report that some API traffic is still going over the standard link. What is the most probable cause for this misbehavior?
  • NetSec-Analyst Exam Question 39

    An internal messaging application, 'SecureChat', developed in-house, uses a custom TLS implementation on TCP/4444. App-Ld identifies it as 'ssl-generic' or 'unknown-tcp'. The security team wants to classify this as 'secure-chat' (a custom application) to apply a specific decryption profile and advanced threat prevention. They've identified that the application always originates from a specific source network block (10.10.10.0/24) and connects to a backend server farm (172.16.1.0/24). Which of the following statements regarding the implementation and implications of an Application Override for 'SecureChat' are TRUE?
  • NetSec-Analyst Exam Question 40

    A Security Administrator wants to implement a policy to block all file transfers (upload and download) on web-based email applications (e.g., Gmail, Outlook Web Access) for non-HR users, while HR users should have unrestricted file transfer access. Additionally, for all web-based email traffic, regardless of user or application, all malicious files detected by WildFire should be blocked. Which set of configurations and policy rules best achieves this?