New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Paloalto Networks PSE-Strata Palo Alto Networks System Engineer Professional - Strata Exam Practice Test

Page: 1 / 14
Total 137 questions

Palo Alto Networks System Engineer Professional - Strata Questions and Answers

Question 1

Which two components must be configured within User-ID on a new firewall that has been implemented? (Choose two.)

Options:

A.

User Mapping

B.

Proxy Authentication

C.

Group Mapping

D.

802.1X Authentication

Question 2

A packet that is already associated with a current session arrives at the firewall.

What is the flow of the packet after the firewall determines that it is matched with an existing session?

Options:

A.

it is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through a single stream-based content inspection engine before egress.

B.

It is sent through the slow path for further inspection. If subject to content inspection, it will pass through a single stream-based content inspection engines before egress

C.

It is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through multiple content inspection engines before egress

D.

It is sent through the slow path for further inspection. If subject to content inspection, it will pass through multiple content inspection engines before egress

Question 3

Which three features are used to prevent abuse of stolen credentials? (Choose three.)

Options:

A.

multi-factor authentication

B.

URL Filtering Profiles

C.

WildFire Profiles

D.

Prisma Access

E.

SSL decryption rules

Question 4

Which solution informs a customer concerned about zero-day targeted attacks whether an attack is specifically targeted at its property?

Options:

A.

AutoFocus

B.

Panorama Correlation Report

C.

Cortex XSOAR Community edition

D.

Cortex XDR Prevent

Question 5

Which two features are key in preventing unknown targeted attacks? (Choose two)

Options:

A.

nighty botnet report

B.

App-ID with the Zero Trust model

C.

WildFire Cloud threat analysis

D.

Single Pass Parallel Processing (SP3)

Question 6

What is the basis for purchasing Cortex XDR licensing?

Options:

A.

volume of logs being processed based on Datalake purchased

B.

number of nodes and endpoints providing logs

C.

unlimited licenses

D.

number of NGFWs

Question 7

Which three signature-based Threat Prevention features of the firewall are informed by intelligence from the Threat Intelligence Cloud? (Choose three.)

Options:

A.

Vulnerability protection

B.

Anti-Spyware

C.

Anti-Virus

D.

Botnet detection

E.

App-ID protection

Question 8

The need for a file proxy solution, virus and spyware scanner, a vulnerability scanner, and HTTP decoder for URL filtering is handled by which component in the NGFW?

Options:

A.

First Packet Processor

B.

Stream-based Signature Engine

C.

SIA (Scan It All) Processing Engine

D.

Security Processing Engine

Question 9

A company has deployed the following

• VM-300 firewalls in AWS

• endpoint protection with the Traps Management Service

• a Panorama M-200 for managing its VM-Series firewalls

• PA-5220s for its internet perimeter,

• Prisma SaaS for SaaS security.

Which two products can send logs to the Cortex Data Lake? (Choose two).

Options:

A.

Prisma SaaS

B.

Traps Management Service

C.

VM-300 firewalls

D.

Panorama M-200 appliance

Question 10

A customer is looking for an analytics tool that uses the logs on the firewall to detect actionable events on the network. They require something to automatically process a series of related threat events that, when combined, indicate a likely compromised host on their network or some other higher level conclusion. They need to pinpoint the area of risk, such as compromised hosts on the network, allows you to assess the risk and take action to prevent exploitation of network resources.

Which feature of PAN-OS can you talk about to address their requirement to optimize their business outcomes?

Options:

A.

The Automated Correlation Engine

B.

Cortex XDR and Cortex Data Lake

C.

WildFire with API calls for automation

D.

3rd Party SIEM which can ingest NGFW logs and perform event correlation

Question 11

For customers with high bandwidth requirements for Service Connections, what two limitations exist when onboarding multiple Service Connections to the same Prisma Access location servicing a single

Datacenter? (Choose two.)

Options:

A.

Network segments in the Datacenter need to be advertised to only one Service Connection

B.

The customer edge device needs to support policy-based routing with symmetric return functionality

C.

The resources in the Datacenter will only be able to reach remote network resources that share the same region

D.

A maximum of four service connections per Datacenter are supported with this topology

Question 12

Which three of the following actions must be taken to enable Credential Phishing Prevention? (Choose three.)

Options:

A.

Enable User Credential Detection

B.

Enable User-ID

C.

Define a Secure Sockets Layer (SSL) decryption rule base

D.

Enable App-ID

E.

Define a uniform resource locator (URL) Filtering profile

Question 13

Which two new file types are supported on the WF-500 in PAN-OS 9? (Choose two)

Options:

A.

ELF

B.

7-Zip

C.

Zip

D.

RAR

Question 14

A client chooses to not block uncategorized websites.

Which two additions should be made to help provide some protection? (Choose two.)

Options:

A.

A URL filtering profile with the action set to continue for unknown URL categories to security policy rules that allow web access

B.

A data filtering profile with a custom data pattern to security policy rules that deny uncategorized websites

C.

A file blocking profile attached to security policy rules that allow uncategorized websites to help reduce the risk of drive by downloads

D.

A security policy rule using only known URL categories with the action set to allow

Question 15

Which four steps of the cyberattack lifecycle does the Palo Alto Networks Security Operating Platform prevent? (Choose four.)

Options:

A.

breach the perimeter

B.

weaponize vulnerabilities

C.

lateral movement

D.

exfiltrate data

E.

recon the target

F.

deliver the malware

Question 16

Which three items contain information about Command-and-Control (C2) hosts? (Choose three.)

Options:

A.

Threat logs

B.

WildFire analysis reports

C.

Botnet reports

D.

Data filtering logs

E.

SaaS reports

Question 17

A customer requires an analytics tool with the following attributes:

- Uses the logs on the firewall to detect actionable events on the network

- Automatically processes a series of related threat events that, when combines, indicate a likely comprised host on the network

- Pinpoints the area of risk and allows for assessment of the risk to action can be taken to prevent exploitation of network resources

Which feature of PAN-OS will address these requirements?

Options:

A.

WildFire with application program interface (API) calls for automation

B.

Third-party security information and event management (SIEM) which can ingest next-generation firewall (NGFW) logs

C.

Automated correlation engine (ACE)

D.

Cortex XDR and Cortex Data Lake

Question 18

A customer is starting to understand their Zero Trust protect surface using the Palo Alto Networks Zero Trust reference architecture.

What are two steps in this process? (Choose two.)

Options:

A.

Validate user identities through authentication

B.

Gain visibility of and control over applications and functionality in the traffic flow using a port and protocol firewall

C.

Categorize data and applications by levels of sensitivity

D.

Prioritize securing the endpoints of privileged users because if non-privileged user endpoints are exploited, the impact will be minimal due to perimeter controls

Question 19

How do you configure the rate of file submissions to WildFire in the NGFW?

Options:

A.

based on the purchased license uploaded

B.

QoS tagging

C.

maximum number of files per minute

D.

maximum number of files per day

Question 20

In which two cases should the Hardware offering of Panorama be chosen over the Virtual Offering? (Choose two.)

Options:

A.

Dedicated Logger Mode is required

B.

Logs per second exceed 10,000

C.

Appliance needs to be moved into data center

D.

Device count is under 100

Question 21

As you prepare to scan your Amazon S3 account, what enables Prisma service permission to access Amazon S3?

Options:

A.

access key ID

B.

secret access key

C.

administrative Password

D.

AWS account ID

Question 22

Which two configuration elements can be used to prevent abuse of stolen credentials? (Choose two.)

Options:

A.

WildFire analysis

B.

Dynamic user groups (DUGs)

C.

Multi-factor authentication (MFA)

D.

URL Filtering Profiles

Question 23

A price-sensitive customer wants to prevent attacks on a Windows Virtual Server. The server will max out at 100Mbps but needs to have 45.000 sessions to connect to multiple hosts within a data center

Which VM instance should be used to secure the network by this customer?

Options:

A.

VM-200

B.

VM-100

C.

VM-50

D.

VM-300

Question 24

Which of the following statements is valid with regard to Domain Name System (DNS) sinkholing?

Options:

A.

it requires the Vulnerability Protection profile to be enabled

B.

DNS sinkholing signatures are packaged and delivered through Vulnerability Protection updates

C.

infected hosts connecting to the Sinkhole Internet Protocol (IP) address can be identified in the traffic logs

D.

It requires a Sinkhole license in order to activate

Question 25

What will best enhance security of a production online system while minimizing the impact for the existing network?

Options:

A.

Layer 2 interfaces

B.

active / active high availability (HA)

C.

Virtual wire

D.

virtual systems

Question 26

What two types of certificates are used to configure SSL Forward Proxy? (Сhoose two.)

Options:

A.

Enterprise CA-signed certificates

B.

Self-Signed certificates

C.

Intermediate certificates

D.

Private key certificates

Question 27

Which three categories are identified as best practices in the Best Practice Assessment tool? (Choose three.)

Options:

A.

use of decryption policies

B.

measure the adoption of URL filters. App-ID. User-ID

C.

use of device management access and settings

D.

expose the visibility and presence of command-and-control sessions

E.

identify sanctioned and unsanctioned SaaS applications

Question 28

Which filtering criterion is used to determine users to be included as members of a dynamic user group (DUG)?

Options:

A.

Security policy rule

B.

Tag

C.

Login ID

D.

IP address

Question 29

Which Security profile on the Next-Generation Firewall (NGFW) includes Signatures to protect against brute force attacks?

Options:

A.

Vulnerability Protection profile

B.

Antivirus profile

C.

URL Filtering profile

D.

Anti-Spyware profile

Question 30

A potential customer requires an NGFW solution which enables high-throughput, low-latency network security, all while incorporating unprecedented features and technology. They need a solution that solves the performance problems that plague today's security infrastructure.

Which aspect of the Palo Alto Networks NGFW capabilities can you highlight to help them address the requirements?

Options:

A.

SP3 (Single Pass Parallel Processing)

B.

GlobalProtect

C.

Threat Prevention

D.

Elastic Load Balancers

Question 31

When HTTP header logging is enabled on a URL Filtering profile, which attribute-value can be logged?

Options:

A.

X-Forwarded-For

B.

HTTP method

C.

HTTP response status code

D.

Content type

Question 32

Which selection must be configured on PAN-OS External Dynamic Lists to support MineMeld indicators?

Options:

A.

Prototype

B.

Inputs

C.

Class

D.

Feed Base URL

Question 33

An Administrator needs a PDF summary report that contains information compiled from existing reports based on data for the Top five(5) in each category Which two timeframe options are available to send this report? (Choose two.)

Options:

A.

Daily

B.

Monthly

C.

Weekly

D.

Bi-weekly

Question 34

What is an advantage of having WildFire machine learning (ML) capability Inline on the firewall?

Options:

A.

It eliminates of the necessity for dynamic analysis in the cloud

B.

It enables the firewall to block unknown malicious files in real time and prevent patient zero without disrupting business productivity

C.

It is always able to give more accurate verdicts than the cloud ML analysis reducing false positives and false negatives

D.

It improves the CPU performance of content inspection

Question 35

A Fortune 500 customer has expressed interest in purchasing WildFire; however, they do not want to send discovered malware outside of their network.

Which version of WildFire will meet this customer’s requirements?

Options:

A.

WildFire Private Cloud

B.

WildFire Government Cloud

C.

WildFire Secure Cloud

D.

WildFire Public Cloud

Question 36

Which profile or policy should be applied to protect against port scans from the internet?

Options:

A.

Interface management profile on the zone of the ingress interface

B.

Zone protection profile on the zone of the ingress interface

C.

An App-ID security policy rule to block traffic sourcing from the untrust zone

D.

Security profiles to security policy rules for traffic sourcing from the untrust zone

Question 37

In PAN-OS 10.0 and later, DNS Security allows policy actions to be applied based on which three domains? (Choose three.)

Options:

A.

grayware

B.

command and control (C2)

C.

benign

D.

government

E.

malware

Question 38

How often are the databases for Anti-virus. Application, Threats, and WildFire subscription updated?

Options:

A.

Anti-virus (weekly): Application (daily). Threats (weekly), WildFire (5 minutes)

B.

Anti-virus (weekly), Application (daily), Threats (daily), WildFire (5 minutes)

C.

Anti-virus (daily), Application (weekly), Threats (weekly), WildFire (5 minutes)

D.

Anti-virus (daily), Application (weekly), Threats (daily), WildFire (5 minutes)

Question 39

What is the recommended way to ensure that firewalls have the most current set of signatures for up-to-date protection?

Options:

A.

Run a Perl script to regularly check for updates and alert when one is released

B.

Monitor update announcements and manually push updates to Crewall

C.

Store updates on an intermediary server and point all the firewalls to it

D.

Use dynamic updates with the most aggressive schedule required by business needs

Question 40

How frequently do WildFire signatures move into the antivirus database?

Options:

A.

every 24 hours

B.

every 12 hours

C.

once a week

D.

every 1 hour

Question 41

Which two features are found in a Palo Alto Networks NGFW but are absent in a legacy firewall product? (Choose two.)

Options:

A.

Traffic is separated by zones

B.

Policy match is based on application

C.

Identification of application is possible on any port

D.

Traffic control is based on IP port, and protocol

Page: 1 / 14
Total 137 questions