Pre-Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netbudy65

PSE-Strata Palo Alto Networks System Engineer Professional - Strata Questions and Answers

Questions 4

What are two core values of the Palo Alto Network Security Operating Platform? (Choose two.}

Options:

A.

prevention of cyber attacks

B.

safe enablement of all applications

C.

threat remediation

D.

defense against threats with static security solution

Buy Now
Questions 5

Which statement applies to Palo Alto Networks Single Pass Parallel Processing (SP3)?

Options:

A.

It processes each feature in a separate single pass with additional performance impact for each enabled feature.

B.

Its processing applies only to security features and does not include any networking features.

C.

It processes all traffic in a single pass with no additional performance impact for each enabled feature.

D.

It splits the traffic and processes all security features in a single pass and all network features in a separate pass

Buy Now
Questions 6

Which built-in feature of PAN-OS allows the NGFW administrator to create a policy that provides autoremediation for anomalous user behavior and malicious activity while maintaining user visibility?

Options:

A.

Dynamic user groups (DUGS)

B.

tagging groups

C.

remote device User-ID groups

D.

dynamic address groups (DAGs)

Buy Now
Questions 7

The need for a file proxy solution, virus and spyware scanner, a vulnerability scanner, and HTTP decoder for URL filtering is handled by which component in the NGFW?

Options:

A.

First Packet Processor

B.

Stream-based Signature Engine

C.

SIA (Scan It All) Processing Engine

D.

Security Processing Engine

Buy Now
Questions 8

Which three signature-based Threat Prevention features of the firewall are informed by intelligence from the Threat Intelligence Cloud? (Choose three.)

Options:

A.

Vulnerability protection

B.

Anti-Spyware

C.

Anti-Virus

D.

Botnet detection

E.

App-ID protection

Buy Now
Questions 9

In Panorama, which three reports or logs will help identify the inclusion of a host source in a command-and-control (C2) incident? (Choose three.)

Options:

A.

SaaS reports

B.

data filtering logs

C.

WildFire analysis reports

D.

threat logs

E.

botnet reports

Buy Now
Questions 10

Which two email links, contained in SMTP and POP3, can be submitted from WildFire analysis with a WildFire subscription? (Choose two.)

Options:

A.

FTP

B.

HTTPS

C.

RTP

D.

HTTP

Buy Now
Questions 11

WildFire can discover zero-day malware in which three types of traffic? (Choose three)

Options:

A.

SMTP

B.

HTTPS

C.

FTP

D.

DNS

E.

TFTP

Buy Now
Questions 12

A customer is starting to understand their Zero Trust protect surface using the Palo Alto Networks Zero Trust reference architecture.

What are two steps in this process? (Choose two.)

Options:

A.

Validate user identities through authentication

B.

Gain visibility of and control over applications and functionality in the traffic flow using a port and protocol firewall

C.

Categorize data and applications by levels of sensitivity

D.

Prioritize securing the endpoints of privileged users because if non-privileged user endpoints are exploited, the impact will be minimal due to perimeter controls

Buy Now
Questions 13

Which two types of security chains are supported by the Decryption Broker? (Choose two.)

Options:

A.

virtual wire

B.

transparent bridge

C.

Layer 3

D.

Layer 2

Buy Now
Questions 14

What are three considerations when deploying User-ID? (Choose three.)

Options:

A.

Specify included and excluded networks when configuring User-ID

B.

Only enable User-ID on trusted zones

C.

Use a dedicated service account for User-ID services with the minimal permissions necessary

D.

User-ID can support a maximum of 15 hops

E.

Enable WMI probing in high security networks

Buy Now
Questions 15

Which solution informs a customer concerned about zero-day targeted attacks whether an attack is specifically targeted at its property?

Options:

A.

AutoFocus

B.

Panorama Correlation Report

C.

Cortex XSOAR Community edition

D.

Cortex XDR Prevent

Buy Now
Questions 16

A customer has business-critical applications that rely on the general web-browsing application. Which security profile can help prevent drive-by-downloads while still allowing web-browsing traffic?

Options:

A.

File Blocking Profile

B.

DoS Protection Profile

C.

URL Filtering Profile

D.

Vulnerability Protection Profile

Buy Now
Questions 17

A customer is concerned about zero-day targeted attacks against its intellectual property.

Which solution informs a customer whether an attack is specifically targeted at them?

Options:

A.

Traps TMS

B.

AutoFocus

C.

Panorama Correlation Report

D.

Firewall Botnet Report

Buy Now
Questions 18

A customer is looking for an analytics tool that uses the logs on the firewall to detect actionable events on the network. They require something to automatically process a series of related threat events that, when combined, indicate a likely compromised host on their network or some other higher level conclusion. They need to pinpoint the area of risk, such as compromised hosts on the network, allows you to assess the risk and take action to prevent exploitation of network resources.

Which feature of PAN-OS can you talk about to address their requirement to optimize their business outcomes?

Options:

A.

The Automated Correlation Engine

B.

Cortex XDR and Cortex Data Lake

C.

WildFire with API calls for automation

D.

3rd Party SIEM which can ingest NGFW logs and perform event correlation

Buy Now
Questions 19

When HTTP header logging is enabled on a URL Filtering profile, which attribute-value can be logged?

Options:

A.

X-Forwarded-For

B.

HTTP method

C.

HTTP response status code

D.

Content type

Buy Now
Questions 20

Which CLI command will allow you to view latency, jitter and packet loss on a virtual SD-WAN interface?

A)

B)

C)

D)

Options:

A.

Option

B.

Option

C.

Option

D.

Option

Buy Now
Questions 21

Which Security profile on the Next-Generation Firewall (NGFW) includes Signatures to protect against brute force attacks?

Options:

A.

Vulnerability Protection profile

B.

Antivirus profile

C.

URL Filtering profile

D.

Anti-Spyware profile

Buy Now
Questions 22

A customer with a fully licensed Palo Alto Networks firewall is concerned about threats based on domain generation algorithms (DGAS).

Which Security profile is used to configure Domain Name Security (DNS) to Identity and block

previously unknown DGA-based threats in real time?

Options:

A.

URL Filtering profile

B.

WildFire Analysis profile

C.

Vulnerability Protection profile

D.

Anti-Spyware profile

Buy Now
Questions 23

What are three sources of malware sample data for the Threat Intelligence Cloud? (Choose three)

Options:

A.

Next-generation firewalls deployed with WildFire Analysis Security Profiles

B.

WF-500 configured as private clouds for privacy concerns

C.

Correlation Objects generated by AutoFocus

D.

Third-party data feeds such as partnership with ProofPomt and the Cyber Threat Alliance

E.

Palo Alto Networks non-firewall products such as Traps and Prisma SaaS

Buy Now
Questions 24

A customer requires an analytics tool with the following attributes:

- Uses the logs on the firewall to detect actionable events on the network

- Automatically processes a series of related threat events that, when combines, indicate a likely comprised host on the network

- Pinpoints the area of risk and allows for assessment of the risk to action can be taken to prevent exploitation of network resources

Which feature of PAN-OS will address these requirements?

Options:

A.

WildFire with application program interface (API) calls for automation

B.

Third-party security information and event management (SIEM) which can ingest next-generation firewall (NGFW) logs

C.

Automated correlation engine (ACE)

D.

Cortex XDR and Cortex Data Lake

Buy Now
Questions 25

An administrator wants to justify the expense of a second Panorama appliance for HA of the management layer.

The customer already has multiple M-100s set up as a log collector group. What are two valid reasons for deploying Panorama in High Availability? (Choose two.)

Options:

A.

Control of post rules

B.

Control local firewall rules

C.

Ensure management continuity

D.

Improve log collection redundancy

Buy Now
Questions 26

XYZ Corporation has a legacy environment with asymmetric routing. The customer understands that Palo Alto Networks firewalls can support asymmetric routing with redundancy.

Which two features must be enabled to meet the customer’s requirements? (Choose two.)

Options:

A.

Virtual systems

B.

HA active/active

C.

HA active/passive

D.

Policy-based forwarding

Buy Now
Questions 27

Palo Alto Networks publishes updated Command-and-Control signatures. How frequently should the related signatures schedule be set?

Options:

A.

Once a day

B.

Once a week

C.

Once every minute

D.

Once an hour

Buy Now
Questions 28

What are three purposes for the Eval Systems, Security Lifecycle Reviews and Prevention Posture Assessment tools? (Choose three.)

Options:

A.

when you're delivering a security strategy

B.

when client's want to see the power of the platform

C.

provide users visibility into the applications currently allowed on the network

D.

help streamline the deployment and migration of NGFWs

E.

assess the state of NGFW feature adoption

Buy Now
Questions 29

Which selection must be configured on PAN-OS External Dynamic Lists to support MineMeld indicators?

Options:

A.

Prototype

B.

Inputs

C.

Class

D.

Feed Base URL

Buy Now
Questions 30

Which three components are specific to the Query Builder found in the Custom Report creation dialog of the firewall? (Choose three.)

Options:

A.

Connector

B.

Database

C.

Recipient

D.

Operator

E.

Attribute

F.

Schedule

Buy Now
Questions 31

Which functionality is available to firewall users with an active Threat Prevention subscription, but no WildFire license?

Options:

A.

WildFire hybrid deployment

B.

5 minute WildFire updates to threat signatures

C.

Access to the WildFire API

D.

PE file upload to WildFire

Buy Now
Questions 32

Which component is needed for a large-scale deployment of NGFWs with multiple Panorama Management Servers?

Options:

A.

M-600 appliance

B.

Panorama Interconnect plugin

C.

Panorama Large Scale VPN (LSVPN) plugin

D.

Palo Alto Networks Cluster license

Buy Now
Questions 33

How do you configure the rate of file submissions to WildFire in the NGFW?

Options:

A.

based on the purchased license uploaded

B.

QoS tagging

C.

maximum number of files per minute

D.

maximum number of files per day

Buy Now
Questions 34

Which filtering criterion is used to determine users to be included as members of a dynamic user group (DUG)?

Options:

A.

Security policy rule

B.

Tag

C.

Login ID

D.

IP address

Buy Now
Questions 35

Which domain permissions are required by the User-ID Agent for WMI Authentication on a Windows Server? (Choose three.)

Options:

A.

Domain Administrators

B.

Enterprise Administrators

C.

Distributed COM Users

D.

Event Log Readers

E.

Server Operator

Buy Now
Questions 36

Decryption port mirroring is now supported on which platform?

Options:

A.

all hardware-based and VM-Series firewalls with the exception of VMware NSX. Citrix SDX, or public cloud hypervisors

B.

in hardware only

C.

only one the PA-5000 Series and higher

D.

all hardware-based and VM-Series firewalls regardless of where installed

Buy Now
Questions 37

Which three platform components can identify and protect against malicious email links? (Choose three.)

Options:

A.

WildFire hybrid cloud solution

B.

WildFire public cloud

C.

WF-500

D.

M-200

E.

M-600

Buy Now
Questions 38

Which three of the following actions must be taken to enable Credential Phishing Prevention? (Choose three.)

Options:

A.

Enable User Credential Detection

B.

Enable User-ID

C.

Define a Secure Sockets Layer (SSL) decryption rule base

D.

Enable App-ID

E.

Define a uniform resource locator (URL) Filtering profile

Buy Now
Questions 39

Which two network events are highlighted through correlation objects as potential security risks? (Choose two.)

Options:

A.

Identified vulnerability exploits

B.

Launch of an identified malware executable file

C.

Endpoints access files from a removable drive

D.

Suspicious host behavior

Buy Now
Questions 40

What are the three possible verdicts in WildFire Submissions log entries for a submitted sample? (Choose four.)

Options:

A.

Benign

B.

Spyware

C.

Malicious

D.

Phishing

E.

Grayware

Buy Now
Questions 41

When the Cortex Data Lake is sized for Traps Management Service, which two factors should be considered? (Choose two.)

Options:

A.

retention requirements

B.

Traps agent forensic data

C.

the number of Traps agents

D.

agent size and OS

Buy Now
Exam Code: PSE-Strata
Exam Name: Palo Alto Networks System Engineer Professional - Strata
Last Update: Oct 8, 2024
Questions: 137

PDF + Testing Engine

$130

Testing Engine

$95

PDF (Q&A)

$80