Pre-Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dumps65

Paloalto Networks PSE-Strata Dumps

Page: 1 / 14
Total 137 questions

Palo Alto Networks System Engineer Professional - Strata Questions and Answers

Question 1

A customer has business-critical applications that rely on the general web-browsing application. Which security profile can help prevent drive-by-downloads while still allowing web-browsing traffic?

Options:

A.

File Blocking Profile

B.

DoS Protection Profile

C.

URL Filtering Profile

D.

Vulnerability Protection Profile

Question 2

What are two presales selling advantages of using Expedition? (Choose two.)

Options:

A.

map migration gaps to professional services statement of Works (SOWs)

B.

streamline & migrate to Layer7 policies using Policy Optimizer

C.

reduce effort to implement policies based on App-ID and User-ID

D.

easy migration process to move to Palo Alto Networks NGFWs

Question 3

What are three sources of malware sample data for the Threat Intelligence Cloud? (Choose three)

Options:

A.

Next-generation firewalls deployed with WildFire Analysis Security Profiles

B.

WF-500 configured as private clouds for privacy concerns

C.

Correlation Objects generated by AutoFocus

D.

Third-party data feeds such as partnership with ProofPomt and the Cyber Threat Alliance

E.

Palo Alto Networks non-firewall products such as Traps and Prisma SaaS

Question 4

When HTTP header logging is enabled on a URL Filtering profile, which attribute-value can be logged?

Options:

A.

X-Forwarded-For

B.

HTTP method

C.

HTTP response status code

D.

Content type

Question 5

In an HA pair running Active/Passive mode, over which interface do the dataplanes communicate?

Options:

A.

HA3

B.

HA1

C.

HA2

D.

HA4

Question 6

Which built-in feature of PAN-OS allows the NGFW administrator to create a policy that provides autoremediation for anomalous user behavior and malicious activity while maintaining user visibility?

Options:

A.

Dynamic user groups (DUGS)

B.

tagging groups

C.

remote device User-ID groups

D.

dynamic address groups (DAGs)

Question 7

A customer is looking for an analytics tool that uses the logs on the firewall to detect actionable events on the network. They require something to automatically process a series of related threat events that, when combined, indicate a likely compromised host on their network or some other higher level conclusion. They need to pinpoint the area of risk, such as compromised hosts on the network, allows you to assess the risk and take action to prevent exploitation of network resources.

Which feature of PAN-OS can you talk about to address their requirement to optimize their business outcomes?

Options:

A.

The Automated Correlation Engine

B.

Cortex XDR and Cortex Data Lake

C.

WildFire with API calls for automation

D.

3rd Party SIEM which can ingest NGFW logs and perform event correlation

Question 8

Prisma SaaS provides which two SaaS threat prevention capabilities? (Choose two)

Options:

A.

shellcode protection

B.

file quarantine

C.

SaaS AppID signatures

D.

WildFire analysis

E.

remote procedural call (RPC) interrogation

Question 9

Which three settings must be configured to enable Credential Phishing Prevention? (Choose three.)

Options:

A.

define an SSL decryption rulebase

B.

enable User-ID

C.

validate credential submission detection

D.

enable App-ID

E.

define URL Filtering Profile

Question 10

What are two benefits of the sinkhole Internet Protocol (IP) address that DNS Security sends to the client in place of malicious IP addresses? (Choose two.)

Options:

A.

The client communicates with it instead of the malicious IP address

B.

It represents the remediation server that the client should visit for patching

C.

It will take over as the new DNS resolver for that client and prevent further DNS requests from occurring in the meantime

D.

In situations where the internal DNS server is between the client and the firewall, it gives the firewall the ability to identify the clients who originated the query to the malicious domain

Question 11

Access to a business site is blocked by URL Filtering inline machine learning (ML) and

considered as a false-positive.

How should the site be made available?

Options:

A.

Disable URL Filtering inline ML

B.

Create a custom URL category and add it to the Security policy

C.

Create a custom URL category and add it on exception of the inline ML profile

D.

Change the action of real-time detection category on URL filtering profile

Question 12

Decryption port mirroring is now supported on which platform?

Options:

A.

all hardware-based and VM-Series firewalls with the exception of VMware NSX. Citrix SDX, or public cloud hypervisors

B.

in hardware only

C.

only one the PA-5000 Series and higher

D.

all hardware-based and VM-Series firewalls regardless of where installed

Question 13

Which profile or policy should be applied to protect against port scans from the internet?

Options:

A.

Interface management profile on the zone of the ingress interface

B.

Zone protection profile on the zone of the ingress interface

C.

An App-ID security policy rule to block traffic sourcing from the untrust zone

D.

Security profiles to security policy rules for traffic sourcing from the untrust zone

Question 14

Which CLI allows you to view the names of SD-WAN policy rules that send traffic to the specified virtual SD-WAN interface, along with the performance metrics?

A)

as

B)

as

C)

as

D)

as

Options:

A.

Option

B.

Option

C.

Option

D.

Option

Question 15

Which four steps of the cyberattack lifecycle does the Palo Alto Networks Security Operating Platform prevent? (Choose four.)

Options:

A.

breach the perimeter

B.

weaponize vulnerabilities

C.

lateral movement

D.

exfiltrate data

E.

recon the target

F.

deliver the malware

Question 16

A packet that is already associated with a current session arrives at the firewall.

What is the flow of the packet after the firewall determines that it is matched with an existing session?

Options:

A.

it is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through a single stream-based content inspection engine before egress.

B.

It is sent through the slow path for further inspection. If subject to content inspection, it will pass through a single stream-based content inspection engines before egress

C.

It is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through multiple content inspection engines before egress

D.

It is sent through the slow path for further inspection. If subject to content inspection, it will pass through multiple content inspection engines before egress

Question 17

A customer is designing a private data center to host their new web application along with a separate headquarters for users.

Which cloud-delivered security service (CDSS) would be recommended for the headquarters only?

Options:

A.

Threat Prevention

B.

DNS Security

C.

WildFire

D.

Advanced URL Filtering (AURLF)

Question 18

in which step of the Palo Alto Networks Five-Step Zero Trust Methodology would an organization's critical data, applications, assets, and services (DAAS) be identified?

Options:

A.

Step 4. Create the Zero Trust policy.

B.

Step 2: Map the transaction flows.

C.

Step 3. Architect a Zero Trust network.

D.

Step 1: Define the protect surface

Question 19

Which three components are specific to the Query Builder found in the Custom Report creation dialog of the firewall? (Choose three.)

Options:

A.

Connector

B.

Database

C.

Recipient

D.

Operator

E.

Attribute

F.

Schedule

Question 20

When having a customer pre-sales call, which aspects of the NGFW should be covered?

Options:

A.

The NGFW simplifies your operations through analytics and automation while giving you consistent protection through exceptional visibility and control across the data center, perimeter, branch, mobile and cloud networks

B.

The Palo Alto Networks-developed URL filtering database, PAN-DB provides high-performance local caching for maximum inline performance on URL lookups, and offers coverage against malicious URLs and IP addresses. As WildFire identifies unknown malware, zero-day exploits, and advanced persistent threats (APTs), the PAN-DB database is updated with information on malicious URLs so that you can block malware downloads and disable Command and Con

C.

The NGFW creates tunnels that allow users/systems to connect securely over a public network, as if they were connecting over a local area network (LAN). To set up a VPN tunnel you need a pair of devices that can authenticate each other and encrypt the flow of information between them The devices can be a pair of Palo Alto Networks firewalls, or a Palo Alto Networks firewall along with a VPN-capable device from another vendor

D.

Palo Alto Networks URL Filtering allows you to monitor and control the sites users can access, to prevent phishing attacks by controlling the sites to which users can submit valid corporate credentials, and to enforce safe search for search engines like Google and Bing

Question 21

Match the functions to the appropriate processing engine within the dataplane.

as

Options:

Question 22

Which CLI command allows visibility into SD-WAN events such as path Selection and path quality measurements?

Options:

A.

>show sdwan path-monitor stats vif

B.

>show sdwan session distribution policy-name

C.

>show sdwan connection all

D.

>show sdwan event

Question 23

For customers with high bandwidth requirements for Service Connections, what two limitations exist when onboarding multiple Service Connections to the same Prisma Access location servicing a single

Datacenter? (Choose two.)

Options:

A.

Network segments in the Datacenter need to be advertised to only one Service Connection

B.

The customer edge device needs to support policy-based routing with symmetric return functionality

C.

The resources in the Datacenter will only be able to reach remote network resources that share the same region

D.

A maximum of four service connections per Datacenter are supported with this topology

Question 24

Which two components must be configured within User-ID on a new firewall that has been implemented? (Choose two.)

Options:

A.

User Mapping

B.

Proxy Authentication

C.

Group Mapping

D.

802.1X Authentication

Question 25

As you prepare to scan your Amazon S3 account, what enables Prisma service permission to access Amazon S3?

Options:

A.

access key ID

B.

secret access key

C.

administrative Password

D.

AWS account ID

Question 26

What are two benefits of using Panorama for a customer who is deploying virtual firewalls to secure data center traffic? (Choose two.)

Options:

A.

It can provide the Automated Correlation Engine functionality, which the virtual firewalls do not support.

B.

It can monitor the virtual firewalls' physical hosts and Vmotion them as necessary

C.

It can automatically create address groups for use with KVM.

D.

It can bootstrap the virtual firewalls for dynamic deployment scenarios.

Question 27

Which solution informs a customer concerned about zero-day targeted attacks whether an attack is specifically targeted at its property?

Options:

A.

AutoFocus

B.

Panorama Correlation Report

C.

Cortex XSOAR Community edition

D.

Cortex XDR Prevent

Question 28

Which component is needed for a large-scale deployment of NGFWs with multiple Panorama Management Servers?

Options:

A.

M-600 appliance

B.

Panorama Interconnect plugin

C.

Panorama Large Scale VPN (LSVPN) plugin

D.

Palo Alto Networks Cluster license

Question 29

A customer requests that a known spyware threat signature be triggered based on a rate of occurrence, for example, 10 hits in 5 seconds.

How is this goal accomplished?

Options:

A.

Create a custom spyware signature matching the known signature with the time attribute

B.

Add a correlation object that tracks the occurrences and triggers above the desired threshold

C.

Submit a request to Palo Alto Networks to change the behavior at the next update

D.

Configure the Anti-Spyware profile with the number of rule counts to match the occurrence frequency

Question 30

Which two network events are highlighted through correlation objects as potential security risks? (Choose two.)

Options:

A.

Identified vulnerability exploits

B.

Launch of an identified malware executable file

C.

Endpoints access files from a removable drive

D.

Suspicious host behavior

Question 31

A price-sensitive customer wants to prevent attacks on a Windows Virtual Server. The server will max out at 100Mbps but needs to have 45.000 sessions to connect to multiple hosts within a data center

Which VM instance should be used to secure the network by this customer?

Options:

A.

VM-200

B.

VM-100

C.

VM-50

D.

VM-300

Question 32

An administrator wants to justify the expense of a second Panorama appliance for HA of the management layer.

The customer already has multiple M-100s set up as a log collector group. What are two valid reasons for deploying Panorama in High Availability? (Choose two.)

Options:

A.

Control of post rules

B.

Control local firewall rules

C.

Ensure management continuity

D.

Improve log collection redundancy

Question 33

How frequently do WildFire signatures move into the antivirus database?

Options:

A.

every 24 hours

B.

every 12 hours

C.

once a week

D.

every 1 hour

Question 34

Which three actions should be taken before deploying a firewall evaluation unt in a customer environment? (Choose three.)

Options:

A.

Request that the customer make part 3978 available to allow the evaluation unit to communicate with Panorama

B.

Inform the customer that a SPAN port must be provided for the evaluation unit, assuming a TAP mode deployment.

C.

Upgrade the evaluation unit to the most current recommended firmware, unless a demo of the upgrade process is planned.

D.

Set expectations for information being presented in the Security Lifecycle Review (SLR) because personal user information will be made visible

E.

Reset the evaluation unit to factory default to ensure that data from any previous customer evaluation is removed

Question 35

Which two types of security chains are supported by the Decryption Broker? (Choose two.)

Options:

A.

virtual wire

B.

transparent bridge

C.

Layer 3

D.

Layer 2

Question 36

Which statement applies to Palo Alto Networks Single Pass Parallel Processing (SP3)?

Options:

A.

It processes each feature in a separate single pass with additional performance impact for each enabled feature.

B.

Its processing applies only to security features and does not include any networking features.

C.

It processes all traffic in a single pass with no additional performance impact for each enabled feature.

D.

It splits the traffic and processes all security features in a single pass and all network features in a separate pass

Question 37

What are the three possible verdicts in WildFire Submissions log entries for a submitted sample? (Choose four.)

Options:

A.

Benign

B.

Spyware

C.

Malicious

D.

Phishing

E.

Grayware

Question 38

An SE is preparing an SLR report for a school and wants to emphasize URL filtering capabilities because the school is concerned that its students are accessing inappropriate websites. The URL categories being chosen by default in the report are not highlighting these types of websites. How should the SE show the customer the firewall can detect that these websites are being accessed?

Options:

A.

Create a footnote within the SLR generation tool

B.

Edit the Key-Findings text to list the other types of categories that may be of interest

C.

Remove unwanted categories listed under 'High Risk' and use relevant information

D.

Produce the report and edit the PDF manually

Question 39

Which three methods used to map users to IP addresses are supported in Palo Alto Networks firewalls? (Choose three.)

Options:

A.

eDirectory monitoring

B.

Client Probing

C.

SNMP server

D.

TACACS

E.

Active Directory monitoring

F.

Lotus Domino

G.

RADIUS

Question 40

What are three key benefits of the Palo Alto Networks platform approach to security? (Choose three)

Options:

A.

operational efficiencies due to reduction in manual incident review and decrease in mean time to resolution (MTTR)

B.

improved revenue due to more efficient network traffic throughput

C.

Increased security due to scalable cloud delivered security Services (CDSS)

D.

Cost savings due to reduction in IT management effort and device

Question 41

What is the recommended way to ensure that firewalls have the most current set of signatures for up-to-date protection?

Options:

A.

Run a Perl script to regularly check for updates and alert when one is released

B.

Monitor update announcements and manually push updates to Crewall

C.

Store updates on an intermediary server and point all the firewalls to it

D.

Use dynamic updates with the most aggressive schedule required by business needs

Page: 1 / 14
Total 137 questions