Palo Alto Networks Security Operations Generalist 認定 SecOps-Generalist 試験問題:

1. A security administrator is configuring a Security Policy rule on a Palo Alto Networks Strata NGFW to allow outbound web traffic from the internal network. They need to apply comprehensive security inspection to this traffic. Which type of configuration object is attached to a Security Policy rule to apply specific security engines like Threat Prevention, Antivirus, URL Filtering, and File Blocking?

A) Network Zones
B) Service Objects
C) NAT Policy rules
D) Security Profiles
E) Application Filters

2. A security team is monitoring IoT device behavior using Palo Alto Networks IoT Security. They receive an alert indicating a 'Medium' severity behavioral anomaly from a smart building sensor, specifically related to unexpected outbound communication to a public IP address. To investigate this alert thoroughly, which of the following actions or information sources integrated with the IoT Security platform would be most helpful? (Select all that apply)

A) Examining User-ID logs to identify the user who initiated the communication from the smart building sensor.
B) Viewing the specific anomaly details within the IoT Security portal, including the time of the event, the involved device, and the nature of the unexpected communication.
C) Checking Threat logs in Cortex Data Lake/Panorama to see if any known malicious signatures were triggered by the anomalous communication from the sensor.
D) Correlating the anomaly alert with Traffic logs in Cortex Data Lake/Panorama, filtering for the specific IoT device's IP address and the time of the anomaly, to see the full session details (destination IPlport, application ID).
E) Reviewing the device profile information in the IoT Security portal to understand the expected communication patterns and known vulnerabilities of that specific sensor model.

3. An administrator is reviewing traffic logs on a Palo Alto Networks NGFW and sees sessions attributed to various Device-ID categories (e.g., 'Windows Desktop', 'Android Mobile', 'IP Camera', 'Unknown Device'). Where does the firewall obtain the information used to classify sessions into these Device-ID categories?

A) From endpoint agents installed on the devices.
B) By querying an external asset management database via API.
C) From passive analysis of network traffic, including DHCP information, HTTP headers, and TCP/IP stack fingerprinting.
D) From static assignments manually configured by the administrator for each IP address.
E) Through integration with Active Directory or LDAP.

4. A security team is investigating an alert from their Palo Alto Networks NGFW indicating a critical severity vulnerability exploit attempt against an internal server. The alert references a specific CVE ID and signature name. Which of the following capabilities or integrations, provided or enhanced by the Advanced Threat Prevention CDSS, contribute to the firewall's ability to detect and prevent such zero-day or rapidly evolving exploit attempts? (Select all that apply)

A) Leveraging machine learning models in the cloud to identify new or mutated exploit techniques.
B) Blocking the exploit attempt based solely on matching the application's default port and protocol in the security policy.
C) Rapid and automated delivery of new exploit signatures from the cloud service in response to emerging threats.
D) Analysis of traffic flows for behavioral anomalies and exploit-like patterns that don't match known signatures.
E) Identifying malicious domains or IPs associated with the exploit source via dynamic threat intelligence feeds integrated into the Threat Prevention profile.

5. An organization has deployed Palo Alto Networks IoT Security and integrated it with their Strata NGFW. The IoT Security platform has identified a group of 'Smart Thermostats' on the network segment. The security team wants to create a policy on the NGFW to allow these devices to communicate only with their vendor's cloud update server on HTTPS (port 443) and block all other outbound communication. Which type of security policy rule criteria is specifically enabled by the IoT Security integration to represent the group of discovered thermostats?

A) A static Address Group containing the known IP addresses of the thermostats.
B) A User-ID mapping for the thermostats to an IoT user group.
C) A URL Category created for the vendor's update server domain.
D) A dynamic Address Group based on the 'Smart Thermostats' device category provided by the IoT Security subscription.
E) A custom Application signature for the thermostat's communication protocol.

質問と回答：