최신 Network Security Generalist NetSec-Architect 무료샘플문제:

1. A network experiences encrypted threats bypassing inspection. What is the BEST mitigation?

A) Block all HTTPS
B) Use static routes
C) Disable logging
D) Enable SSL decryption

2. An organization with offices throughout the world has an SD-WAN solution in which all traffic is backhauled to a central set of data centers. Many of the offices have IoT / OT devices. Which IoT Security requirement must be taken into consideration by the security architect when determining which Zero Trust network solution will help this organization evolve its security architecture?

A) All DHCP requests must traverse the Prisma SD-WAN fabric for IoT / OT detection.
B) The organization must have local NGFW for enforcement.
C) Either a Prisma SD-WAN ION or an NGFW device must be present for accurate IoT / OT detection.
D) A local sensor must be deployed as either an agent on the DHCP server or as a container on the virtual infrastructure.

3. A global manufacturing organization has a strategic plan for rapid growth through mergers and acquisitions Several components the organization has purchased are deemed large deployments with existing IP address schemas and allocations that conflict with the parent organization. The manufacturing organization needs access to the resources before a re-IP initiative can be completed.
All of the deployments include a variety of IoT devices Leadership requires protection of vulnerable assets and identification of any known CVEs associated with the IoT devices. The governance, risk and compliance (GRC) team requires comprehensive non-repudiable logs to identify all IoT devices reporting "Critical (9 0+) CVE scores" for mandatory remediation.
Throughput needs to exceed the current 1 Gbps trending rate, and with expected growth will soon scale to 5 Gbps.
Segmentation is a mandatory requirement with enclaves based on region, device type, and function.
Which architectural component ensures the IoT storage, integrity, and non-repudiation of this granular risk data for auditing purposes?

A) Strata Logging Service for cloud storage of the security logs and device telemetry
B) Panorama log collector using its local database with a 90-day retention policy
C) GlobalProtect agent to collect device posture and to locally log all critical CVE scores
D) NGFW's session table, which is encrypted with the master key

4. A multinational organization has a large worldwide remote user base. This user base consists of several persona types with distinct requirements and concerns regarding the adoption of a Zero Trust Network Access (ZTNA) solution.
- Developers have a requirement to temporarily bypass security controls for business purposes, but the security team sees this as a potential risk. The developers commonly access development servers onsite in private data centers and public cloud. These development applications use web (HTTP/HTTPS), API, RPC, and SMB-based applications.
- Sales staff travel regularly and connect to the network via many different types of connections, but they are generally limited to SaaS-based web applications. They often complain about performance when any agent is installed and want the ability to temporarily disable these agents.
Data exfiltration and insider risk have been identified as the primary threats for this class of user.
- Executives have concerns about being high-value targets. Security must be consistent across the multiple endpoint types, including mobile and desktop devices. The executive team members have indicated that their primary objective is to ensure that the solution is responsive and easy to troubleshoot.
Which solution should be suggested to mitigate the security risk and meet the concerns of the sales team?

A) Migrate end users to Prisma Browser for all work applications and apply data protection rules to all enterprise applications
B) Automate uploads of files to the Enterprise DLP submissions portal so all files undergo data inspection regardless of connectivity method
C) Provide end users scoped access to Strata Cloud Manager (SCM) and require them to configure split tunneling for applications they need to bypass
D) Use the standalone WildFire Agent on the endpoint to maintain security for large and unknown file downloads

5. A global manufacturing organization has a strategic plan for rapid growth through mergers and acquisitions Several components the organization has purchased are deemed large deployments with existing IP address schemas and allocations that conflict with the parent organization. The manufacturing organization needs access to the resources before a re-IP initiative can be completed.
All of the deployments include a variety of IoT devices Leadership requires protection of vulnerable assets and identification of any known CVEs associated with the IoT devices. The governance, risk and compliance (GRC) team requires comprehensive non-repudiable logs to identify all IoT devices reporting "Critical (9 0+) CVE scores" for mandatory remediation.
Throughput needs to exceed the current 1 Gbps trending rate, and with expected growth will soon scale to 5 Gbps.
Segmentation is a mandatory requirement with enclaves based on region, device type, and function.
A firewall has been configured in tap mode for visibility into the traffic for profiling Inconsistencies in the profiling have been observed with a mix of behaviors.
What are two possible root causes for the behavior? (Choose two.)

A) MAC spoofing is occurring on the network
B) Asymmetric routing is providing visibility into TX but not RX traffic
C) Hard coded MAC addresses cannot be properly profiled
D) The devices are deployed behind a NAT device

질문과 대답: