Labour Day Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Activedumpsnet Logo
  1. Home
  2. Paloalto Networks
  3. PSE-Strata Professional | PSE-Strata Professional
  4. PSE-Strata - Palo Alto Networks System Engineer Professional - Strata

Paloalto Networks PSE-Strata Palo Alto Networks System Engineer Professional - Strata Exam Practice Test

Page: 1 / 14
Total 139 questions
Get PSE-Strata Full Access Download PSE-Strata PDF

Palo Alto Networks System Engineer Professional - Strata Questions and Answers

Question 1

What helps avoid split brain in active / passive high availability (HA) pair deployment?

Options:

A.

Enable preemption on both firewalls in the HA pair.

B.

Use a standard traffic interface as the HA3 link.

C.

Use the management interface as the HA1 backup link

D.

Use a standard traffic interface as the HA2 backup

Question 2

In which two cases should the Hardware offering of Panorama be chosen over the Virtual Offering? (Choose two.)

Options:

A.

Dedicated Logger Mode is required

B.

Logs per second exceed 10,000

C.

Appliance needs to be moved into data center

D.

Device count is under 100

Question 3

As you prepare to scan your Amazon S3 account, what enables Prisma service permission to access Amazon S3?

Options:

A.

access key ID

B.

secret access key

C.

administrative Password

D.

AWS account ID

Question 4

Match the WildFire Inline Machine Learning Model to the correct description for that model.

Question # 4

Options:

Question 5

Which two components must be configured within User-ID on a new firewall that has been implemented? (Choose two.)

Options:

A.

User Mapping

B.

Proxy Authentication

C.

Group Mapping

D.

802.1X Authentication

Question 6

Prisma SaaS provides which two SaaS threat prevention capabilities? (Choose two)

Options:

A.

shellcode protection

B.

file quarantine

C.

SaaS AppID signatures

D.

WildFire analysis

E.

remote procedural call (RPC) interrogation

Question 7

A customer is starting to understand their Zero Trust protect surface using the Palo Alto Networks Zero Trust reference architecture.

What are two steps in this process? (Choose two.)

Options:

A.

Validate user identities through authentication

B.

Gain visibility of and control over applications and functionality in the traffic flow using a port and protocol firewall

C.

Categorize data and applications by levels of sensitivity

D.

Prioritize securing the endpoints of privileged users because if non-privileged user endpoints are exploited, the impact will be minimal due to perimeter controls

Question 8

Which three actions should be taken before deploying a firewall evaluation unt in a customer environment? (Choose three.)

Options:

A.

Request that the customer make part 3978 available to allow the evaluation unit to communicate with Panorama

B.

Inform the customer that a SPAN port must be provided for the evaluation unit, assuming a TAP mode deployment.

C.

Upgrade the evaluation unit to the most current recommended firmware, unless a demo of the upgrade process is planned.

D.

Set expectations for information being presented in the Security Lifecycle Review (SLR) because personal user information will be made visible

E.

Reset the evaluation unit to factory default to ensure that data from any previous customer evaluation is removed

Question 9

Which two features are found in a Palo Alto Networks NGFW but are absent in a legacy firewall product? (Choose two.)

Options:

A.

Traffic is separated by zones

B.

Policy match is based on application

C.

Identification of application is possible on any port

D.

Traffic control is based on IP port, and protocol

Question 10

What will a Palo Alto Networks next-generation firewall (NGFW) do when it is unable to retrieve a DNS verdict from the DNS cloud service in the configured lookup time?

Options:

A.

allow the request and all subsequent responses

B.

temporarily disable the DNS Security function

C.

block the query

D.

discard the request and all subsequent responses

Question 11

What is the recommended way to ensure that firewalls have the most current set of signatures for up-to-date protection?

Options:

A.

Run a Perl script to regularly check for updates and alert when one is released

B.

Monitor update announcements and manually push updates to Crewall

C.

Store updates on an intermediary server and point all the firewalls to it

D.

Use dynamic updates with the most aggressive schedule required by business needs

Question 12

The ability to prevent users from resolving internet protocol (IP) addresses to malicious, grayware, or newly registered domains is provided by which Security service?

Options:

A.

WildFire

B.

DNS Security

C.

Threat Prevention

D.

loT Security

Question 13

Which three methods used to map users to IP addresses are supported in Palo Alto Networks firewalls? (Choose three.)

Options:

A.

eDirectory monitoring

B.

Client Probing

C.

SNMP server

D.

TACACS

E.

Active Directory monitoring

F.

Lotus Domino

G.

RADIUS

Question 14

A price-sensitive customer wants to prevent attacks on a Windows Virtual Server. The server will max out at 100Mbps but needs to have 45.000 sessions to connect to multiple hosts within a data center

Which VM instance should be used to secure the network by this customer?

Options:

A.

VM-200

B.

VM-100

C.

VM-50

D.

VM-300

Question 15

A customer has business-critical applications that rely on the general web-browsing application. Which security profile can help prevent drive-by-downloads while still allowing web-browsing traffic?

Options:

A.

File Blocking Profile

B.

DoS Protection Profile

C.

URL Filtering Profile

D.

Vulnerability Protection Profile

Question 16

Which Security profile on the Next-Generation Firewall (NGFW) includes Signatures to protect against brute force attacks?

Options:

A.

Vulnerability Protection profile

B.

Antivirus profile

C.

URL Filtering profile

D.

Anti-Spyware profile

Question 17

A customer with a fully licensed Palo Alto Networks firewall is concerned about threats based on domain generation algorithms (DGAS).

Which Security profile is used to configure Domain Name Security (DNS) to Identity and block

previously unknown DGA-based threats in real time?

Options:

A.

URL Filtering profile

B.

WildFire Analysis profile

C.

Vulnerability Protection profile

D.

Anti-Spyware profile

Question 18

A service provider has acquired a pair of PA-7080s for its data center to secure its customer base's traffic. The server provider's traffic is largely generated by smart phones and averages 6.000,000 concurrent sessions.

Which Network Processing Card should be recommended in the Bill of Materials?

Options:

A.

PA-7000-20GQ-NPC

B.

PA-7000-40G-NPC

C.

PA-7000-20GQXM-NPC

D.

PA-7000-20G-NPC

Question 19

A customer requests that a known spyware threat signature be triggered based on a rate of occurrence, for example, 10 hits in 5 seconds.

How is this goal accomplished?

Options:

A.

Create a custom spyware signature matching the known signature with the time attribute

B.

Add a correlation object that tracks the occurrences and triggers above the desired threshold

C.

Submit a request to Palo Alto Networks to change the behavior at the next update

D.

Configure the Anti-Spyware profile with the number of rule counts to match the occurrence frequency

Question 20

A company has deployed the following

• VM-300 firewalls in AWS

• endpoint protection with the Traps Management Service

• a Panorama M-200 for managing its VM-Series firewalls

• PA-5220s for its internet perimeter,

• Prisma SaaS for SaaS security.

Which two products can send logs to the Cortex Data Lake? (Choose two).

Options:

A.

Prisma SaaS

B.

Traps Management Service

C.

VM-300 firewalls

D.

Panorama M-200 appliance

Load More PSE-Strata Questions 
Page: 1 / 14
Total 139 questions
Get PSE-Strata Full Access Download PSE-Strata PDF