Certs Vault
See all results for ""
Home Exams
CRISC ISACA CISSP ISC2 200-301 Cisco SY0-701 CompTIA AZ-104 Microsoft AI-900 Microsoft AIGP IAPP 1Z0-1067-26 Oracle View All Exams →
Sign in Create account

Palo Alto Networks Certified Network Security Professional NetSec-Pro Exam Questions

Preparing for the NetSec-Pro exam is simple with Certs Vault. We offer easy-to-understand study materials that help you learn the most important exam topics. You can study using our PDF questions, practice online with a real exam-style test, or use the desktop practice software. Choose the study method that works best for you and prepare at your own pace.

At Certs Vault, we keep our NetSec-Pro practice questions up to date. Whenever the exam syllabus or objectives change, we update our study materials so you always learn the latest topics. This helps you save time, avoid outdated content, and feel more confident when you take your exam.

Download Exam View Entire Exam
Page: 2 / 2
Question #6 (Topic: Demo Questions)

What statuses may appear when devices are added to the controller’s Devices inventory list?

A.
Unclaimed indicates that the device is available in the inventory, but has not been claimed.
B.
Offline indicates that the device is not yet communicating with the Prisma SD-WAN controller.
C.
Online-Restricted means that the device is communicating with the Prisma SD-WAN controller, but has not yet been claimed.
D.
Decommissioned indicates that the device is permanently deleted from the controller.
Correct Answer: A, B, C
Explanation:
Prisma SD-WAN device inventory can show statuses such as Unclaimed , Offline , and Online-Restricted to indicate onboarding and communication state.

[Reference:https://docs.paloaltonetworks.com/prisma-sd-wan/, ]
Question #7 (Topic: Demo Questions)

Which component of NGFW is supported in active/passive design but not in active/active design?

A.
Single floating IP address
B.
Using a DHCP client
C.
Route-based redundancy
D.
Configuring ARP load-sharing on Layer 3
Correct Answer: A
Explanation:
Single floating IP address (also known as a floating IP or shared IP) is supported only in an active/passive HA pair. In active/active HA, both firewalls are forwarding traffic simultaneously and thus do not share a single floating IP.
“In active/passive HA, a single floating IP address is used for seamless failover. Active/active HA requires separate IP addresses and does not support a single floating IP.”
(Source: Active/Passive vs. Active/Active HA)
This simplifies failover in active/passive deployments by using a single shared IP that moves to the active peer upon failover.
Question #8 (Topic: Demo Questions)

Which two security services are required for configuration of NGFW Security policies to protect against malicious and misconfigured domains? (Choose two.)

A.
Advanced Threat Prevention
B.
SaaS Security
C.
Advanced WildFire
D.
Advanced DNS Security
Correct Answer: A, D
Explanation:
Protecting against malicious and misconfigured domains requires two critical services:
Advanced Threat Prevention
Provides signature-based and advanced analysis to identify threats, including DNS-based attacks.
“Advanced Threat Prevention enables the NGFW to detect and prevent exploits and malware-based communications, including those leveraging DNS.”
(Source: Advanced Threat Prevention)
Advanced DNS Security
Specifically designed to detect and sinkhole malicious and misconfigured DNS queries.
“DNS Security uses real-time intelligence to block DNS-based threats, protect against data exfiltration, and automatically sinkhole suspicious domain lookups.”
(Source: DNS Security)
By combining these services in security policies, NGFWs ensure robust protection against domain-based threats and misconfigurations.
Download Exam
« Prev Page: 2 / 2
Next Page