Network Security Questions
Practice questions for Network Security topic in Palo Alto Networks Certified Cybersecurity Practitioner. 38 questions covering this domain.
Which firewall type filters individual packets without tracking session state?
A company wants users to reach only authorized private applications rather than joining the whole network. Which approach fits best?
A data center team wants to limit east-west movement if one workload is compromised. Which design approach should they use?
Which network security approach provides least-privileged application access without relying on implicit network trust?
A device filters traffic by packet fields but does not know whether packets belong to an established session. Which firewall type is this?
A legacy VPN gives remote users broad network reach, and leadership wants app-specific least-privileged access. Which approach should replace the broa...
A rule based only on TCP port allows both approved and risky applications. Which control best addresses the application-identification gap?
The security team needs an inline control that can block exploit attempts as traffic passes. Which technology applies?
Traffic is using port 443, but the team must control the actual application and user. Which control fits best?
The team cannot detect threats hidden in outbound HTTPS unless traffic can be inspected under policy. Which capability is needed?
Malware is delivered over encrypted web sessions, and policy allows inspection for managed users. Which capability enables detection inside that traff...
A protection method catches known patterns but misses a modified or unknown attack. Which limitation is being shown?
Which technology inspects traffic inline and blocks malicious activity?
A compromised workload can communicate freely with peer systems. Which design change best reduces the blast radius?
Users need real-time protection against newly created phishing pages. Which Palo Alto Networks service is most aligned?
A branch requires an encrypted tunnel to another site over an untrusted network. Which technology should be selected?
A security team wants to identify malicious domains during DNS lookups before connections complete. Which service applies?
Which approach divides an environment into smaller protected segments to restrict lateral movement?
Which firewall type identifies applications, users, and content instead of relying only on ports?
A campus edge requires a physical NGFW appliance in a bare-metal network design. Which deployment option fits?
Sign in to see all 38 questions
Create a free account to browse all questions — completely free during our launch phase.