Summer Sale 60% Special Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best60

Paloalto Networks PSE-Strata Palo Alto Networks System Engineer Professional - Strata Exam Practice Test

Page: 1 / 14
Total 139 questions

Palo Alto Networks System Engineer Professional - Strata Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$48  $119.99

PDF Study Guide

  • Product Type: PDF Study Guide
$42  $104.99
Question 1

An administrator wants to justify the expense of a second Panorama appliance for HA of the management layer.

The customer already has multiple M-100s set up as a log collector group. What are two valid reasons for deploying Panorama in High Availability? (Choose two.)

Options:

A.

Control of post rules

B.

Control local firewall rules

C.

Ensure management continuity

D.

Improve log collection redundancy

Question 2

What are three considerations when deploying User-ID? (Choose three.)

Options:

A.

Specify included and excluded networks when configuring User-ID

B.

Only enable User-ID on trusted zones

C.

Use a dedicated service account for User-ID services with the minimal permissions necessary

D.

User-ID can support a maximum of 15 hops

E.

Enable WMI probing in high security networks

Question 3

Which component is needed for a large-scale deployment of NGFWs with multiple Panorama Management Servers?

Options:

A.

M-600 appliance

B.

Panorama Interconnect plugin

C.

Panorama Large Scale VPN (LSVPN) plugin

D.

Palo Alto Networks Cluster license

Question 4

When the Cortex Data Lake is sized for Traps Management Service, which two factors should be considered? (Choose two.)

Options:

A.

retention requirements

B.

Traps agent forensic data

C.

the number of Traps agents

D.

agent size and OS

Question 5

Within the Five-Step Methodology of Zero Trust, in which step would application access and user access be defined?

Options:

A.

Step 3: Architect a Zero Trust Network

B.

Step 5. Monitor and Maintain the Network

C.

Step 4: Create the Zero Trust Policy

D.

Step 1: Define the Protect Surface

E.

Step 2 Map the Protect Surface Transaction Flows

Question 6

What is the key benefit of Palo Alto Networks Single Pass Parallel Processing design?

Options:

A.

There are no benefits other than slight performance upgrades

B.

It allows Palo Alto Networks to add new functions to existing hardware

C.

Only one processor is needed to complete all the functions within the box

D.

It allows Palo Alto Networks to add new devices to existing hardware

Question 7

Which two configuration elements can be used to prevent abuse of stolen credentials? (Choose two.)

Options:

A.

WildFire analysis

B.

Dynamic user groups (DUGs)

C.

Multi-factor authentication (MFA)

D.

URL Filtering Profiles

Question 8

A customer is concerned about zero-day targeted attacks against its intellectual property.

Which solution informs a customer whether an attack is specifically targeted at them?

Options:

A.

Traps TMS

B.

AutoFocus

C.

Panorama Correlation Report

D.

Firewall Botnet Report

Question 9

What action would address the sub-optimal traffic path shown in the figure?

Key:

RN - Remote Network

SC - Service Connection

MU GW - Mobile User Gateway

Options:

A.

Onboard a Service Connection in the Americas region

B.

Remove the Service Connection in the EMEA region

C.

Onboard a Service Connection in the APAC region

D.

Onboard a Remote Network location in the EMEA region

Question 10

What is the default behavior in PAN-OS when a 12 MB portable executable (PE) fe is forwarded to the WildFire cloud service?

Options:

A.

PE File is not forwarded.

B.

Flash file is not forwarded.

C.

PE File is forwarded

D.

Flash file is forwarded

Question 11

Decryption port mirroring is now supported on which platform?

Options:

A.

all hardware-based and VM-Series firewalls with the exception of VMware NSX. Citrix SDX, or public cloud hypervisors

B.

in hardware only

C.

only one the PA-5000 Series and higher

D.

all hardware-based and VM-Series firewalls regardless of where installed

Question 12

In PAN-OS 10.0 and later, DNS Security allows policy actions to be applied based on which three domains? (Choose three.)

Options:

A.

grayware

B.

command and control (C2)

C.

benign

D.

government

E.

malware

Question 13

A prospective customer currently uses a firewall that provides only Layer 4

inspection and protections. The customer sees traffic going to an external destination, port 53, but cannot determine what Layer 7 application traffic is going over that port

Which capability of PAN-OS would address the customer's lack of visibility?

Options:

A.

Device ID, because it will give visibility into which devices are communicating with external destinations over port 53

B.

single pass architecture (SPA), because it will improve the performance of the Palo Alto Networks Layer 7 inspection

C.

User-ID, because it will allow the customer to see which users are sending traffic to external destinations over port 53

D.

App-ID, because it will give visibility into what exact applications are being run over that port and allow the customer to block unsanctioned applications using port 53

Question 14

Which three new script types can be analyzed in WildFire? (Choose three.)

Options:

A.

VBScript

B.

JScript

C.

MonoScript

D.

PythonScript

E.

PowerShell Script

Question 15

The Palo Ao Networks Cloud Identity Engino (CIE) includes which service that supports identity Providers (ldP)?

Options:

A.

Directory Sync and Cloud Authentication Service that support IdP ung SAML 2.0 and OAuth2

B.

Cloud Authentication Service that supports IdP using SAML 2.0 and OAuth2

C.

Directory Sync and Cloud Authentication Service that support IdP ng SAML 2.0

D.

Directory Sync that supports IdP using SAML 2.0

Question 16

What will best enhance security of a production online system while minimizing the impact for the existing network?

Options:

A.

Layer 2 interfaces

B.

active / active high availability (HA)

C.

Virtual wire

D.

virtual systems

Question 17

WildFire subscription supports analysis of which three types? (Choose three.)

Options:

A.

GIF

B.

7-Zip

C.

Flash

D.

RPM

E.

ISO

F.

DMG

Question 18

A customer is designing a private data center to host their new web application along with a separate headquarters for users.

Which cloud-delivered security service (CDSS) would be recommended for the headquarters only?

Options:

A.

Threat Prevention

B.

DNS Security

C.

WildFire

D.

Advanced URL Filtering (AURLF)

Question 19

What three Tabs are available in the Detailed Device Health on Panorama for hardware-based firewalls? (Choose three.)

Options:

A.

Errors

B.

Environments

C.

Interfaces

D.

Mounts

E.

Throughput

F.

Sessions

G.

Status

Question 20

What are the three possible verdicts in WildFire Submissions log entries for a submitted sample? (Choose four.)

Options:

A.

Benign

B.

Spyware

C.

Malicious

D.

Phishing

E.

Grayware

Page: 1 / 14
Total 139 questions