A security analyst needs to inspect outbound encrypted web traffic from internal users so that malware hidden inside HTTPS sessions can be analyzed.
Which decryption type should be deployed?
A. SSL Inbound InspectionAn analyst is investigating why an App-ID for a custom application is showing as "unknown-tcp" in the Traffic logs. The application is running on port 8080.
What is the most likely cause of this identification failure?
A. The firewall does not have a signature for the proprietary application.An analyst needs to create a security rule to allow access to a specific web application that identifies itself as "web-browsing" but uses a custom, non-standard port of TCP 9000.
Which configuration ensures the App-ID engine can still inspect this traffic?
A. Change the Service to "application-default."Which Strata Cloud Manager (SCM) feature provides a consolidated view of all high-priority security incidents across a global network, including those from firewalls and Prisma Access?
A. Activity InsightsWhich type of Security profile is required to prevent a "Brute Force" attack on a management portal or server by monitoring the rate of connection attempts?
A. Antivirus ProfileAn analyst wants to ensure that any traffic from the "Guest-Zone" to the "Internal-Zone" is always inspected, even if there is no explicit security rule defined.
Which default behavior should the analyst be aware of?
A. Intrazone-default rules allow traffic by default.In Panorama, which feature allows an analyst to group multiple Template Stacks together to push a common set of network configurations to a large number of firewalls simultaneously?
A. Device GroupsAn administrator wants to allow outbound access to a sanctioned SaaS application only on the ports normally used by that application, while still relying on App-ID for identification.
Which Service setting should be used in the Security policy rule?
A. anyAn analyst is configuring a "WildFire Analysis Profile."
Which file types can be sent to the WildFire cloud for sandbox analysis?
A. Only .exe and .msi files.An analyst needs to configure a NAT policy to allow internal users to access the internet. The company only has one public IP address available on the firewall's outside interface.
Which NAT type should be used?
A. Static IPNowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PAN-NSA exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.