Special Summer Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Paloalto Networks PSE-Strata-Pro-24 Palo Alto Networks Systems Engineer Professional - Hardware Firewall Exam Practice Test

Page: 1 / 6
Total 60 questions

Palo Alto Networks Systems Engineer Professional - Hardware Firewall Questions and Answers

Question 1

What does Policy Optimizer allow a systems engineer to do for an NGFW?

Options:

A.

Recommend best practices on new policy creation

B.

Show unused licenses for Cloud-Delivered Security Services (CDSS) subscriptions and firewalls

C.

Identify Security policy rules with unused applications

D.

Act as a migration tool to import policies from third-party vendors

Question 2

Which two actions should a systems engineer take when a customer is concerned about how to remain aligned to Zero Trust principles as they adopt additional security features over time? (Choose two)

Options:

A.

Turn on all licensed Cloud-Delivered Security Services (CDSS) subscriptions in blocking mode for all policies.

B.

Apply decryption where possible to inspect and log all new and existing traffic flows.

C.

Use the Best Practice Assessment (BPA) tool to measure progress toward Zero Trust principles.

D.

Use the Policy Optimizer tool to understand security rules allowing users to bypass decryption.

Question 3

A systems engineer (SE) successfully demonstrates NGFW managed by Strata Cloud Manager (SCM) to a company. In the resulting planning phase of the proof of value (POV), the CISO requests a test that shows how the security policies are either meeting, or are progressing toward meeting, industry standards such as Critical Security Controls (CSC), and how the company can verify that it is effectively utilizing the functionality purchased.

During the POV testing timeline, how should the SE verify that the POV will meet the CISO's request?

Options:

A.

Near the end, pull a Security Lifecycle Review (SLR) in the POV and create a report for the customer.

B.

At the beginning, work with the customer to create custom dashboards and reports for any information required, so reports can be pulled as needed by the customer.

C.

Near the end, the customer pulls information from these SCM dashboards: Best Practices, CDSS Adoption, and NGFW Feature Adoption.

D.

At the beginning, use PANhandler golden images that are designed to align to compliance and toturning on the features for the CDSS subscription being tested.

Question 4

In addition to Advanced DNS Security, which three Cloud-Delivered Security Services (CDSS) subscriptions utilize inline machine learning (ML)? (Choose three)

Options:

A.

Enterprise DLP

B.

Advanced URL Filtering

C.

Advanced WildFire

D.

Advanced Threat Prevention

E.

IoT Security

Question 5

What is used to stop a DNS-based threat?

Options:

A.

DNS proxy

B.

Buffer overflow protection

C.

DNS tunneling

D.

DNS sinkholing

Question 6

A prospective customer has provided specific requirements for an upcoming firewall purchase, including the need to process a minimum of 200,000 connections per second while maintaining at least 15 Gbps of throughput with App-ID and Threat Prevention enabled.

What should a systems engineer do to determine the most suitable firewall for the customer?

Options:

A.

Upload 30 days of customer firewall traffic logs to the firewall calculator tool on the Palo Alto Networks support portal.

B.

Download the firewall sizing tool from the Palo Alto Networks support portal.

C.

Use the online product configurator tool provided on the Palo Alto Networks website.

D.

Use the product selector tool available on the Palo Alto Networks website.

Question 7

Which two statements clarify the functionality and purchase options for Palo Alto Networks AIOps for NGFW? (Choose two.)

Options:

A.

It is offered in two license tiers: a commercial edition and an enterprise edition.

B.

It is offered in two license tiers: a free version and a premium version.

C.

It uses telemetry data to forecast, preempt, or identify issues, and it uses machine learning (ML) to adjust and enhance the process.

D.

It forwards log data to Advanced WildFire to anticipate, prevent, or identify issues, and it uses machine learning (ML) to refine and adapt to the process.

Question 8

A systems engineer should create a profile that blocks which category to protect a customer from ransomware URLs by using Advanced URL Filtering?

Options:

A.

Ransomware

B.

High Risk

C.

Scanning Activity

D.

Command and Control

Question 9

A large global company plans to acquire 500 NGFWs to replace its legacy firewalls and has a specific requirement for centralized logging and reporting capabilities.

What should a systems engineer recommend?

Options:

A.

Combine Panorama for firewall management with Palo Alto Networks' cloud-based Strata Logging Service to offer scalability for the company's logging and reporting infrastructure.

B.

Use Panorama for firewall management and to transfer logs from the 500 firewalls directly to a third-party SIEM for centralized logging and reporting.

C.

Highlight the efficiency of PAN-OS, which employs AI to automatically extract critical logs and generate daily executive reports, and confirm that the purchase of 500 NGFWs is sufficient.

D.

Deploy a pair of M-1000 log collectors in the customer data center, and route logs from all 500 firewalls to the log collectors for centralized logging and reporting.

Question 10

What are two methods that a NGFW uses to determine if submitted credentials are valid corporate credentials? (Choose two.)

Options:

A.

Group mapping

B.

LDAP query

C.

Domain credential filter

D.

WMI client probing

Question 11

A company with a large Active Directory (AD) of over 20,000 groups has user roles based on group membership in the directory. Up to 1,000 groups may be used in Security policies. The company has limited operations personnel and wants to reduce the administrative overhead of managing the synchronization of the groups with their firewalls.

What is the recommended architecture to synchronize the company's AD with Palo Alto Networks firewalls?

Options:

A.

Configure a group mapping profile with custom filters for LDAP attributes that are mapped to the user roles.

B.

Configure a group mapping profile, without a filter, to synchronize all groups.

C.

Configure a group mapping profile with an include group list.

D.

Configure NGFWs to synchronize with the AD after deploying the Cloud Identity Engine (CIE) and agents.

Question 12

A prospective customer wants to validate an NGFW solution and seeks the advice of a systems engineer (SE) regarding a design to meet the following stated requirements:

"We need an NGFW that can handle 72 Gbps inside of our core network. Our core switches only have up to 40 Gbps links available to which new devices can connect. We cannot change the IP address structure of the environment, and we need protection for threat prevention, DNS, and perhaps sandboxing."

Which hardware and architecture/design recommendations should the SE make?

Options:

A.

PA-5445 or larger to cover the bandwidth need and the link types; Architect aggregate interface groups in Layer-2 or virtual wire mode that include 2 x 40Gbps interfaces on both sides of the path.

B.

PA-5430 or larger to cover the bandwidth need and the link types; Architect aggregate interface groups in Layer-3 mode that include 40Gbps interfaces on both sides of the path.

C.

PA-5445 or larger to cover the bandwidth need and the link types; Architect aggregate interface groups in Layer-3 mode that include 40Gbps interfaces on both sides of the path.

D.

PA-5430 or larger to cover the bandwidth need and the link types; Architect aggregate interface groups in Layer-2 or virtual wire mode that include 2 x 40Gbps interfaces on both sides of the path.

Question 13

According to a customer’s CIO, who is upgrading PAN-OS versions, “Finding issues and then engaging with your support people requires expertise that our operations team can better utilize elsewhere on more valuable tasks for the business.” The upgrade project was initiated in a rush because the company did not have the appropriate tools to indicate that their current NGFWs werereaching capacity.

Which two actions by the Palo Alto Networks team offer a long-term solution for the customer? (Choose two.)

Options:

A.

Recommend that the operations team use the free machine learning-powered AIOps for NGFW tool.

B.

Suggest the inclusion of training into the proposal so that the operations team is informed and confident in working on their firewalls.

C.

Inform the CIO that the new enhanced security features they will gain from the PAN-OS upgrades will fix any future problems with upgrading and capacity.

D.

Propose AIOps Premium within Strata Cloud Manager (SCM) to address the company’s issues from within the existing technology.

Question 14

A customer claims that Advanced WildFire miscategorized a file as malicious and wants proof, because another vendor has said that the file is benign.

How could the systems engineer assure the customer that Advanced WildFire was accurate?

Options:

A.

Review the threat logs for information to provide to the customer.

B.

Use the WildFire Analysis Report in the log to show the customer the malicious actions the file took when it was detonated.

C.

Open a TAG ticket for the customer and allow support engineers to determine the appropriate action.

D.

Do nothing because the customer will realize Advanced WildFire is right.

Question 15

When a customer needs to understand how Palo Alto Networks NGFWs lower the risk of exploitation by newly announced vulnerabilities known to be actively attacked, which solution and functionality delivers the most value?

Options:

A.

Advanced URL Filtering uses machine learning (ML) to learn which malicious URLs are being utilized by the attackers, then block the resulting traffic.

B.

Advanced Threat Prevention's command injection and SQL injection functions use inline deep learning against zero-day threats.

C.

Single Pass Architecture and parallel processing ensure traffic is efficiently scanned against any enabled Cloud-Delivered Security Services (CDSS) subscription.

D.

WildFire loads custom OS images to ensure that the sandboxing catches any activity that would affect the customer's environment.

Question 16

While responding to a customer RFP, a systems engineer (SE) is presented the question, "How do PANW firewalls enable the mapping of transactions as part of Zero Trust principles?" Which two narratives can the SE use to respond to the question? (Choose two.)

Options:

A.

Emphasize Zero Trust as an ideology, and that the customer decides how to align to Zero Trust principles.

B.

Reinforce the importance of decryption and security protections to verify traffic that is not malicious.

C.

Explain how the NGFW can be placed in the network so it has visibility into every traffic flow.

D.

Describe how Palo Alto Networks NGFW Security policies are built by using users, applications, and data objects.

Question 17

Which technique is an example of a DNS attack that Advanced DNS Security can detect and prevent?

Options:

A.

High entropy DNS domains

B.

Polymorphic DNS

C.

CNAME cloaking

D.

DNS domain rebranding

Question 18

Which use case is valid for Palo Alto Networks Next-Generation Firewalls (NGFWs)?

Options:

A.

Code-embedded NGFWs provide enhanced internet of things (IoT) security by allowing PAN-OS code to be run on devices that do not support embedded virtual machine (VM) images.

B.

Serverless NGFW code security provides public cloud security for code-only deployments that do not leverage virtual machine (VM) instances or containerized services.

C.

IT/OT segmentation firewalls allow operational technology resources in plant networks to securely interface with IT resources in the corporate network.

D.

PAN-OS GlobalProtect gateways allow companies to run malware and exploit prevention modules on their endpoints without installing endpoint agents.

Page: 1 / 6
Total 60 questions