Palo Alto Networks System Engineer Professional - Strata v1.0 (PSE Strata)

Page:    1 / 10   
Total 136 questions

Which statement best describes the business value of Palo Alto Networks' Zero Touch Provisioning (ZTP)?

  • A. When it is in place, it removes the need for an onsite firewall.
  • B. When purchasing the service, Palo Alto Networks will send an engineer to physically deploy the firewall to the customer environment.
  • C. It allows a firewall to be automatically connected to the local network wirelessly.
  • D. It is designed to simplify and automate the onboarding of new firewalls to the Panorama management server.


Answer : D

Reference:
https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-firewalls/set-up-zero-touch-provisioning/ztp-overview/about-ztp

When HTTP header logging is enabled on a URL Filtering profile, which attribute-value can be logged?

  • A. HTTP method
  • B. HTTP response status code
  • C. Content type
  • D. X-Forwarded-For


Answer : D

Reference:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/url-filtering-concepts/http-header-logging

In PAN-OS 10.0 and later, DNS Security allows policy actions to be applied based on which three domains? (Choose three.)

  • A. benign
  • B. government
  • C. command and control (C2)
  • D. malware
  • E. grayware


Answer : CDE

Reference:
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/threat-prevention/dns-security/enable-dns-security

Which two features are key in preventing unknown targeted attacks? (Choose two.)

  • A. Single Pass Parallel Processing (SP3)
  • B. nightly botnet report
  • C. App-ID with the Zero Trust model
  • D. WildFire Cloud threat analysis


Answer : BD

Which of the following statements is valid with regard to Domain Name System (DNS) sinkholing?

  • A. It requires the Vulnerability Protection profile to be enabled.
  • B. It requires a Sinkhole license in order to activate.
  • C. DNS sinkholing signatures are packaged and delivered through Vulnerability Protection updates.
  • D. Infected hosts connecting to the Sinkhole Internet Protocol (IP) address can be identified in the traffic logs.


Answer : A

Which two features can be enabled to support asymmetric routing with redundancy on a Palo Alto Networks next-generation firewall (NGFW)? (Choose two.)

  • A. multiple virtual systems
  • B. active / active high availability (HA)
  • C. non-SYN first packet
  • D. asymmetric routing profile


Answer : B

What is an advantage public cloud WildFire has over the private WildFire appliance?

  • A. signatures being available within minutes to protect global users once malware has been submitted
  • B. generating malware reports
  • C. using different types of operating systems (OSs) to test malware against
  • D. generating antivirus and domain name system (DNS) signatures for discovered malware and assigning a Uniform Resource Locator (URL) category to malicious links


Answer : B

Which two platform components can identify and protect against malicious email links? (Choose two.)

  • A. Panorama appliance
  • B. WildFire appliance
  • C. WildFire public cloud
  • D. Panorama plugin


Answer : BC

Which action can prevent users from unknowingly downloading potentially malicious file types from the internet?

  • A. Apply a File Blocking profile to Security policy rules that allow general web access.
  • B. Apply a Zone Protection profile to the untrust zone.
  • C. Assign a Vulnerability profile to Security policy rules that deny general web access.
  • D. Assign an Antivirus profile to Security policy rules that deny general web access.


Answer : A

Reference:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/threat-prevention/set-up-file-blocking

Which functionality is available to firewall users who have an active Threat Prevention subscription but no WildFire license?

  • A. access to the WildFire API
  • B. WildFire hybrid deployment
  • C. five-minute WildFire updates
  • D. PE file upload to WildFire


Answer : D

A potential customer requires an NGFW solution that enables high-throughput, low-latency network security and also inspects the application.
Which aspect of the Palo Alto Networks NGFW capabilities should be highlighted to help address these requirements?

  • A. single-pass architecture (SPA)
  • B. threat prevention
  • C. GlobalProtect
  • D. Elastic Load Balancing (ELB)


Answer : A

The ability to prevent users from resolving internet protocol (IP) addresses to malicious, grayware, or newly registered domains is provided by which Security service?

  • A. DNS Security
  • B. Threat Prevention
  • C. WildFire
  • D. IoT Security


Answer : A

What are two ways to manually add and remove members of dynamic user groups (DUGs)? (Choose two.)

  • A. Tag the user through Active Directory.
  • B. Tag the user using Panorama or the Web UI of the firewall.
  • C. Tag the user through the firewall's XML API.
  • D. Add the user to an external dynamic list (EDL).


Answer : BC

Reference:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-new-features/user-id-features/dynamic-user-groups

A customer is starting to understand their Zero Trust protect surface using the Palo Alto Networks Zero Trust reference architecture.
What are two steps in this process? (Choose two.)

  • A. Prioritize securing the endpoints of privileged users because if non-privileged user endpoints are exploited, the impact will be minimal due to perimeter controls.
  • B. Categorize data and applications by levels of sensitivity.
  • C. Gain visibility of and control over applications and functionality in the traffic flow using a port and protocol firewall.
  • D. Validate user identities through authentication.


Answer : B

Which task would be included in the Best Practice Assessment (BPA) tool?

  • A. Identify sanctioned and unsanctioned software-as-a-service (SaaS) applications.
  • B. Identify and provide recommendations for device configurations.
  • C. Identify the threats associated with each application.
  • D. Identify the visibility and presence of command-and-control (C2) sessions.


Answer : B

Page:    1 / 10   
Total 136 questions