CertsTopics Logo

Labour Day Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Paloalto Networks PSE-Strata Dumps

Page: 1 / 5
Total 139 questions
Get PSE-Strata Full Access Download PSE-Strata PDF

Palo Alto Networks System Engineer Professional - Strata Questions and Answers

Question 1

What can be applied to prevent users from unknowingly downloading malicious file types from the internet?

Options:

A.

A vulnerability profile to security policy rules that deny general web access

B.

An antivirus profile to security policy rules that deny general web access

C.

A zone protection profile to the untrust zone

D.

A file blocking profile to security policy rules that allow general web access

Question 2

Decryption port mirroring is now supported on which platform?

Options:

A.

all hardware-based and VM-Series firewalls with the exception of VMware NSX. Citrix SDX, or public cloud hypervisors

B.

in hardware only

C.

only one the PA-5000 Series and higher

D.

all hardware-based and VM-Series firewalls regardless of where installed

Question 3

What three Tabs are available in the Detailed Device Health on Panorama for hardware-based firewalls? (Choose three.)

Options:

A.

Errors

B.

Environments

C.

Interfaces

D.

Mounts

E.

Throughput

F.

Sessions

G.

Status

Question 4

What are two core values of the Palo Alto Network Security Operating Platform? (Choose two.}

Options:

A.

prevention of cyber attacks

B.

safe enablement of all applications

C.

threat remediation

D.

defense against threats with static security solution

Question 5

When the Cortex Data Lake is sized for Prisma Access mobile users, what is a valid log size range you would use per day. per user?

Options:

A.

1500 to 2500 bytes

B.

10MB to 30 MB

C.

1MB to 5 MB

D.

100MB to 200 MB

Question 6

A customer with a legacy firewall architecture is focused on port and protocol level security, and has heard that next generation firewalls open all ports by default. What is the appropriate rebuttal that positions the value of a NGFW over a legacy firewall?

Options:

A.

Palo Alto Networks keep ports closed by default, only opening ports after understanding the application request, and then opening only the application-specified ports.

B.

Palo Alto Networks does not consider port information, instead relying on App-ID signatures that do not reference ports.

C.

Default policies block all interzone traffic. Palo Alto Networks empowers you to control applications by default ports or a configurable list of approved ports on a per-policy basis.

D.

Palo Alto Networks NGFW protects all applications on all ports while leaving all ports opened by default.

Question 7

In PAN-OS 10.0 and later, DNS Security allows policy actions to be applied based on which three domains? (Choose three.)

Options:

A.

grayware

B.

command and control (C2)

C.

benign

D.

government

E.

malware

Question 8

WildFire subscription supports analysis of which three types? (Choose three.)

Options:

A.

GIF

B.

7-Zip

C.

Flash

D.

RPM

E.

ISO

F.

DMG

Question 9

Which two steps are required to configure the Decryption Broker? (Choose two.)

Options:

A.

reboot the firewall to activate the license

B.

activate the Decryption Broker license

C.

enable SSL Forward Proxy decryption

D.

enable a pair of virtual wire interfaces to forward decrypted traffic

Question 10

A Fortune 500 customer has expressed interest in purchasing WildFire; however, they do not want to send discovered malware outside of their network.

Which version of WildFire will meet this customer’s requirements?

Options:

A.

WildFire Private Cloud

B.

WildFire Government Cloud

C.

WildFire Secure Cloud

D.

WildFire Public Cloud

Question 11

Which two features are found in a Palo Alto Networks NGFW but are absent in a legacy firewall product? (Choose two.)

Options:

A.

Traffic is separated by zones

B.

Policy match is based on application

C.

Identification of application is possible on any port

D.

Traffic control is based on IP port, and protocol

Question 12

In which two ways can PAN-OS software consume MineMeld outputs? (Choose two.)

Options:

A.

TXT

B.

API

C.

CSV

D.

EDL

Question 13

Which three features are used to prevent abuse of stolen credentials? (Choose three.)

Options:

A.

multi-factor authentication

B.

URL Filtering Profiles

C.

WildFire Profiles

D.

Prisma Access

E.

SSL decryption rules

Question 14

Which three items contain information about Command-and-Control (C2) hosts? (Choose three.)

Options:

A.

Threat logs

B.

WildFire analysis reports

C.

Botnet reports

D.

Data filtering logs

E.

SaaS reports

Question 15

As you prepare to scan your Amazon S3 account, what enables Prisma service permission to access Amazon S3?

Options:

A.

access key ID

B.

secret access key

C.

administrative Password

D.

AWS account ID

Question 16

Which three categories are identified as best practices in the Best Practice Assessment tool? (Choose three.)

Options:

A.

use of decryption policies

B.

measure the adoption of URL filters. App-ID. User-ID

C.

use of device management access and settings

D.

expose the visibility and presence of command-and-control sessions

E.

identify sanctioned and unsanctioned SaaS applications

Question 17

Which Security profile on the Next-Generation Firewall (NGFW) includes Signatures to protect against brute force attacks?

Options:

A.

Vulnerability Protection profile

B.

Antivirus profile

C.

URL Filtering profile

D.

Anti-Spyware profile

Question 18

Which statement is true about Deviating Devices and metrics?

Options:

A.

A metric health baseline is determined by averaging the health performance for a given metric over seven days plus the standard deviation

B.

Deviating Device Tab is only available with a SD-WAN Subscription

C.

An Administrator can set the metric health baseline along with a valid standard deviation

D.

Deviating Device Tab is only available for hardware-based firewalls

Question 19

in which step of the Palo Alto Networks Five-Step Zero Trust Methodology would an organization's critical data, applications, assets, and services (DAAS) be identified?

Options:

A.

Step 4. Create the Zero Trust policy.

B.

Step 2: Map the transaction flows.

C.

Step 3. Architect a Zero Trust network.

D.

Step 1: Define the protect surface

Question 20

Which proprietary technology solutions will allow a customer to identify and control traffic sources regardless of internet protocol (IP) address or network segment?

Options:

A.

User ID and Device-ID

B.

Source-D and Network.ID

C.

Source ID and Device-ID

D.

User-ID and Source-ID

Page: 1 / 5
Total 139 questions
Get PSE-Strata Full Access Download PSE-Strata PDF