New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Paloalto Networks PSE-Strata Palo Alto Networks System Engineer Professional - Strata Exam Practice Test

Page: 1 / 14
Total 137 questions

Palo Alto Networks System Engineer Professional - Strata Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

A customer is looking for an analytics tool that uses the logs on the firewall to detect actionable events on the network. They require something to automatically process a series of related threat events that, when combined, indicate a likely compromised host on their network or some other higher level conclusion. They need to pinpoint the area of risk, such as compromised hosts on the network, allows you to assess the risk and take action to prevent exploitation of network resources.

Which feature of PAN-OS can you talk about to address their requirement to optimize their business outcomes?

Options:

A.

The Automated Correlation Engine

B.

Cortex XDR and Cortex Data Lake

C.

WildFire with API calls for automation

D.

3rd Party SIEM which can ingest NGFW logs and perform event correlation

Question 2

Which three features are used to prevent abuse of stolen credentials? (Choose three.)

Options:

A.

multi-factor authentication

B.

URL Filtering Profiles

C.

WildFire Profiles

D.

Prisma Access

E.

SSL decryption rules

Question 3

Prisma SaaS provides which two SaaS threat prevention capabilities? (Choose two)

Options:

A.

shellcode protection

B.

file quarantine

C.

SaaS AppID signatures

D.

WildFire analysis

E.

remote procedural call (RPC) interrogation

Question 4

An endpoint, inside an organization, is infected with known malware that attempts to make a command-and-control connection to a C2 server via the destination IP address

Which mechanism prevents this connection from succeeding?

Options:

A.

DNS Sinkholing

B.

DNS Proxy

C.

Anti-Spyware Signatures

D.

Wildfire Analysis

Question 5

What three Tabs are available in the Detailed Device Health on Panorama for hardware-based firewalls? (Choose three.)

Options:

A.

Errors

B.

Environments

C.

Interfaces

D.

Mounts

E.

Throughput

F.

Sessions

G.

Status

Question 6

When the Cortex Data Lake is sized for Traps Management Service, which two factors should be considered? (Choose two.)

Options:

A.

retention requirements

B.

Traps agent forensic data

C.

the number of Traps agents

D.

agent size and OS

Question 7

A Fortune 500 customer has expressed interest in purchasing WildFire; however, they do not want to send discovered malware outside of their network.

Which version of WildFire will meet this customer’s requirements?

Options:

A.

WildFire Private Cloud

B.

WildFire Government Cloud

C.

WildFire Secure Cloud

D.

WildFire Public Cloud

Question 8

When the Cortex Data Lake is sized for Prisma Access mobile users, what is a valid log size range you would use per day. per user?

Options:

A.

1500 to 2500 bytes

B.

10MB to 30 MB

C.

1MB to 5 MB

D.

100MB to 200 MB

Question 9

Which selection must be configured on PAN-OS External Dynamic Lists to support MineMeld indicators?

Options:

A.

Prototype

B.

Inputs

C.

Class

D.

Feed Base URL

Question 10

Which two features are found in a Palo Alto Networks NGFW but are absent in a legacy firewall product? (Choose two.)

Options:

A.

Traffic is separated by zones

B.

Policy match is based on application

C.

Identification of application is possible on any port

D.

Traffic control is based on IP port, and protocol

Question 11

What are three purposes for the Eval Systems, Security Lifecycle Reviews and Prevention Posture Assessment tools? (Choose three.)

Options:

A.

when you're delivering a security strategy

B.

when client's want to see the power of the platform

C.

provide users visibility into the applications currently allowed on the network

D.

help streamline the deployment and migration of NGFWs

E.

assess the state of NGFW feature adoption

Question 12

Which proprietary technology solutions will allow a customer to identify and control traffic sources regardless of internet protocol (IP) address or network segment?

Options:

A.

User ID and Device-ID

B.

Source-D and Network.ID

C.

Source ID and Device-ID

D.

User-ID and Source-ID

Question 13

WildFire can discover zero-day malware in which three types of traffic? (Choose three)

Options:

A.

SMTP

B.

HTTPS

C.

FTP

D.

DNS

E.

TFTP

Question 14

What are two benefits of using Panorama for a customer who is deploying virtual firewalls to secure data center traffic? (Choose two.)

Options:

A.

It can provide the Automated Correlation Engine functionality, which the virtual firewalls do not support.

B.

It can monitor the virtual firewalls' physical hosts and Vmotion them as necessary

C.

It can automatically create address groups for use with KVM.

D.

It can bootstrap the virtual firewalls for dynamic deployment scenarios.

Question 15

What are three considerations when deploying User-ID? (Choose three.)

Options:

A.

Specify included and excluded networks when configuring User-ID

B.

Only enable User-ID on trusted zones

C.

Use a dedicated service account for User-ID services with the minimal permissions necessary

D.

User-ID can support a maximum of 15 hops

E.

Enable WMI probing in high security networks

Question 16

Which filtering criterion is used to determine users to be included as members of a dynamic user group (DUG)?

Options:

A.

Security policy rule

B.

Tag

C.

Login ID

D.

IP address

Question 17

Which four steps of the cyberattack lifecycle does the Palo Alto Networks Security Operating Platform prevent? (Choose four.)

Options:

A.

breach the perimeter

B.

weaponize vulnerabilities

C.

lateral movement

D.

exfiltrate data

E.

recon the target

F.

deliver the malware

Question 18

When HTTP header logging is enabled on a URL Filtering profile, which attribute-value can be logged?

Options:

A.

X-Forwarded-For

B.

HTTP method

C.

HTTP response status code

D.

Content type

Question 19

What two types of certificates are used to configure SSL Forward Proxy? (Сhoose two.)

Options:

A.

Enterprise CA-signed certificates

B.

Self-Signed certificates

C.

Intermediate certificates

D.

Private key certificates

Question 20

Which Security profile on the Next-Generation Firewall (NGFW) includes Signatures to protect against brute force attacks?

Options:

A.

Vulnerability Protection profile

B.

Antivirus profile

C.

URL Filtering profile

D.

Anti-Spyware profile

Question 21

What is an advantage of having WildFire machine learning (ML) capability Inline on the firewall?

Options:

A.

It eliminates of the necessity for dynamic analysis in the cloud

B.

It enables the firewall to block unknown malicious files in real time and prevent patient zero without disrupting business productivity

C.

It is always able to give more accurate verdicts than the cloud ML analysis reducing false positives and false negatives

D.

It improves the CPU performance of content inspection

Question 22

A WildFire subscription is required for which two of the following activities? (Choose two)

Options:

A.

Filter uniform resource locator (URL) sites by category.

B.

Forward advanced file types from the firewall for analysis.

C.

Use the WildFire Application Programming Interface (API) to submit website links for analysis

D.

Enforce policy based on Host Information Profile (HIP)

E.

Decrypt Secure Sockets Layer (SSL)

Question 23

An SE is preparing an SLR report for a school and wants to emphasize URL filtering capabilities because the school is concerned that its students are accessing inappropriate websites. The URL categories being chosen by default in the report are not highlighting these types of websites. How should the SE show the customer the firewall can detect that these websites are being accessed?

Options:

A.

Create a footnote within the SLR generation tool

B.

Edit the Key-Findings text to list the other types of categories that may be of interest

C.

Remove unwanted categories listed under 'High Risk' and use relevant information

D.

Produce the report and edit the PDF manually

Question 24

Which three components are specific to the Query Builder found in the Custom Report creation dialog of the firewall? (Choose three.)

Options:

A.

Connector

B.

Database

C.

Recipient

D.

Operator

E.

Attribute

F.

Schedule

Question 25

A customer is seeing an increase in the number of malicious files coming in from undetectable sources in their network. These files include doc and .pdf file types.

The customer uses a firewall with User-ID enabled

Which feature must also be enabled to prevent these attacks?

Options:

A.

Content Filtering

B.

WildFire

C.

Custom App-ID rules

D.

App-ID

Question 26

Which three script types can be analyzed in WildFire? (Choose three)

Options:

A.

PythonScript

B.

MonoSenpt

C.

JScript

D.

PowerShell Script

E.

VBScript

Question 27

Select the BOM for the Prisma Access, to provide access for 5500 mobile users and 10 remote locations (100Mbps each) for one year, including Base Support and minimal logging. The customer already has 4x PA5220r 8x PA3220,1x Panorama VM for 25 devices.

Options:

A.

5500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YR, 1x PAN-LGS-1TB-1YR

B.

5500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YR, 1x PAN-SVC-BAS-PRA-25. 1x PAN-PRA-25

C.

5500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YRr 1x PAN-LGS-1TB-1YR, 1x PAN-PRA-25, 1x PAN-SVC-BAS-PRA-25

D.

1x PAN-GPCS-USER-C-BAS-1YR, 1x PAN-GPCS-NET-B-BAS-1YR, 1x PAN-LGS-1TB-1YR

Question 28

There are different Master Keys on Panorama and managed firewalls.

What is the result if a Panorama Administrator pushes configuration to managed firewalls?

Options:

A.

The push operation will fail regardless of an error or not within the configuration itself

B.

Provided there’s no error within the configuration to be pushed, the push will succeed

C.

The Master Key from the managed firewalls will be overwritten with the Master Key from Panorama

D.

There will be a popup to ask if the Master Key from the Panorama should replace the Master Key from the managed firewalls

Question 29

Which three settings must be configured to enable Credential Phishing Prevention? (Choose three.)

Options:

A.

define an SSL decryption rulebase

B.

enable User-ID

C.

validate credential submission detection

D.

enable App-ID

E.

define URL Filtering Profile

Question 30

Which three of the following actions must be taken to enable Credential Phishing Prevention? (Choose three.)

Options:

A.

Enable User Credential Detection

B.

Enable User-ID

C.

Define a Secure Sockets Layer (SSL) decryption rule base

D.

Enable App-ID

E.

Define a uniform resource locator (URL) Filtering profile

Question 31

What are two ways to manually add and remove members of dynamic user groups (DUGs)? (Choose two)

Options:

A.

Add the user to an external dynamic list (EDL).

B.

Tag the user using Panorama or the Web Ul of the firewall.

C.

Tag the user through the firewalls XML API.

D.

Tag the user through Active Directory

Question 32

A client chooses to not block uncategorized websites.

Which two additions should be made to help provide some protection? (Choose two.)

Options:

A.

A URL filtering profile with the action set to continue for unknown URL categories to security policy rules that allow web access

B.

A data filtering profile with a custom data pattern to security policy rules that deny uncategorized websites

C.

A file blocking profile attached to security policy rules that allow uncategorized websites to help reduce the risk of drive by downloads

D.

A security policy rule using only known URL categories with the action set to allow

Question 33

What will a Palo Alto Networks next-generation firewall (NGFW) do when it is unable to retrieve a DNS verdict from the DNS cloud service in the configured lookup time?

Options:

A.

allow the request and all subsequent responses

B.

temporarily disable the DNS Security function

C.

block the query

D.

discard the request and all subsequent responses

Question 34

What is the default behavior in PAN-OS when a 12 MB portable executable (PE) fe is forwarded to the WildFire cloud service?

Options:

A.

PE File is not forwarded.

B.

Flash file is not forwarded.

C.

PE File is forwarded

D.

Flash file is forwarded

Question 35

As you prepare to scan your Amazon S3 account, what enables Prisma service permission to access Amazon S3?

Options:

A.

access key ID

B.

secret access key

C.

administrative Password

D.

AWS account ID

Question 36

Which two tabs in Panorama can be used to identify templates to define a common base configuration? (Choose two.)

Options:

A.

Network Tab

B.

Policies Tab

C.

Device Tab

D.

Objects Tab

Question 37

Which component is needed for a large-scale deployment of NGFWs with multiple Panorama Management Servers?

Options:

A.

M-600 appliance

B.

Panorama Interconnect plugin

C.

Panorama Large Scale VPN (LSVPN) plugin

D.

Palo Alto Networks Cluster license

Question 38

A customer is concerned about malicious activity occurring directly on their endpoints and will not be visible to their firewalls.

Which three actions does the Traps agent execute during a security event, beyond ensuring the prevention of this activity? (Choose three.)

Options:

A.

Informs WildFire and sends up a signature to the Cloud

B.

Collects forensic information about the event

C.

Communicates the status of the endpoint to the ESM

D.

Notifies the user about the event

E.

Remediates the event by deleting the malicious file

Question 39

An administrator wants to justify the expense of a second Panorama appliance for HA of the management layer.

The customer already has multiple M-100s set up as a log collector group. What are two valid reasons for deploying Panorama in High Availability? (Choose two.)

Options:

A.

Control of post rules

B.

Control local firewall rules

C.

Ensure management continuity

D.

Improve log collection redundancy

Question 40

What are three sources of malware sample data for the Threat Intelligence Cloud? (Choose three)

Options:

A.

Next-generation firewalls deployed with WildFire Analysis Security Profiles

B.

WF-500 configured as private clouds for privacy concerns

C.

Correlation Objects generated by AutoFocus

D.

Third-party data feeds such as partnership with ProofPomt and the Cyber Threat Alliance

E.

Palo Alto Networks non-firewall products such as Traps and Prisma SaaS

Question 41

What helps avoid split brain in active / passive high availability (HA) pair deployment?

Options:

A.

Enable preemption on both firewalls in the HA pair.

B.

Use a standard traffic interface as the HA3 link.

C.

Use the management interface as the HA1 backup link

D.

Use a standard traffic interface as the HA2 backup

Page: 1 / 14
Total 137 questions