Which log type is the most useful for identifying if a user is repeatedly attempting to visit an " Unauthorized " website category that is being blocked by a security profile?
Correct Answer: B
Explanation:
Comprehensive and Detailed 150 to 250 words of Explanation From Palo Alto Networks Network Security Analyst Knowledge: While Traffic Logs show that a connection was denied, the URL Filtering Log provides the specific context required to understand why it was denied. It explicitly lists the URL being visited, the specific URL category (e.g., adult or gambling), and the action taken by the profile. For a Network Security Analyst, monitoring this log is a core objective for identifying potential " insider threats " or users who require additional security training. If a host is generating hundreds of " block " entries for high-risk categories in a short period, it could indicate that the device is infected with malware that is attempting to " call home " to a malicious site or that a user is actively trying to bypass security controls.
Question 2
A company wants to ensure that its internal web server is only accessible from the internet on port 443, but the server is actually listening on port 8443. Which NAT configuration should be used?
Correct Answer: B
Explanation:
Comprehensive and Detailed 150 to 250 words of Explanation From Palo Alto Networks Network Security Analyst Knowledge: To allow external access to an internal server while hiding the server ' s actual listening port, the analyst must configure Destination NAT (DNAT) with Port Translation . In this configuration, the " Original Packet " is defined with a destination of the firewall ' s public IP on port 443 . The " Translated Packet " is then configured to redirect that traffic to the server ' s internal private IP on port 8443 . This allows the server to remain " cloaked " on its non-standard port, while users on the internet can connect using a standard web port. This objective is critical for policy management, as it allows for flexible network design and improves security by obscuring the internal service details from external scans.
Demo Practice Mode
You are viewing only the questions marked as Demo.