Practice Free NetSec-Architect Exam Online Questions
A global manufacturing organization has a strategic plan for rapid growth through mergers and acquisitions Several components the organization has purchased are deemed large deployments with existing IP address schemas and allocations that conflict with the parent organization. The manufacturing organization needs access to the resources before a re-IP initiative can be completed. All of the deployments include a variety of IoT devices Leadership requires protection of vulnerable assets and identification of any known CVEs associated with the IoT devices. The governance, risk and compliance (GRC) team requires comprehensive non-repudiable logs to identify all IoT devices reporting "Critical (9 0+) CVE scores" for mandatory remediation. Throughput needs to exceed the current 1 Gbps trending rate, and with expected growth will soon scale to 5 Gbps.
Segmentation is a mandatory requirement with enclaves based on region, device type, and function.
A firewall has been configured in tap mode for visibility into the traffic for profiling Inconsistencies in the profiling have been observed with a mix of behaviors.
What are two possible root causes for the behavior? (Choose two.)
- A . The devices are deployed behind a NAT device
- B . Asymmetric routing is providing visibility into TX but not RX traffic
- C . Hard coded MAC addresses cannot be properly profiled
- D . MAC spoofing is occurring on the network
An organization uses Microsoft Entra ID and wants to strictly enforce a requirement that remote users accessing highly sensitive SaaS applications can only do so when originating from Prisma Browser.
Which unique identifier must be configured within the Entra ID Conditional Access policy to effectively confirm and enforce that the access request is specifically originating from Prisma Browser and preventing standard web browsers from circumventing the Zero Trust Network Access (ZTNA) control?
- A . List of known egress IP addresses associated with Prisma Browser’s cloud proxy infrastructure
- B . Unique device token or Device-ID issued by Prisma Browser and validated by Entra ID
- C . Certificate thumbprint of Prisma Browser’s secure workspace key used for session encryption
- D . GlobalProtect mobile application installed on the user’s endpoint
Which factor must be taken into consideration when determining whether an NGFW edge architecture or a SASE architecture is appropriate to recommend to a customer planning to implement a Zero Trust Network Access (ZTNA) solution?
- A . ZTNA requires User-ID and Group-ID information that is not available in Prisma SD-WAN
- B . ZTNA can be implemented regardless of the whether an NGFW or SASE solution is selected
- C . ZTNA revolves around an agent on the endpoint and does not influence the overall NGFW or SASE architecture
- D . ZTNA is a component of SASE and can only be implemented with Prisma Access