Ask Question
Palo Alto Networks PSE-Strata-Pro-24 Practice Test - Questions Answers, Page 2
Add to Whishlist
List of questions
Question 11
While responding to a customer RFP, a systems engineer (SE) is presented the question, 'How do PANW firewalls enable the mapping of transactions as part of Zero Trust principles?' Which two narratives can the SE use to respond to the question? (Choose two.)
Emphasize Zero Trust as an ideology, and that the customer decides how to align to Zero Trust principles.
Reinforce the importance of decryption and security protections to verify traffic that is not malicious.
Explain how the NGFW can be placed in the network so it has visibility into every traffic flow.
Describe how Palo Alto Networks NGFW Security policies are built by using users, applications, and data objects.
Zero Trust is a strategic framework for securing infrastructure and data by eliminating implicit trust and continuously validating every stage of digital interaction. Palo Alto Networks NGFWs are designed with native capabilities to align with Zero Trust principles, such as monitoring transactions, validating identities, and enforcing least-privilege access. The following narratives effectively address the customer's question:
Option A
: While emphasizing Zero Trust as an ideology is accurate, this response does not directly explain how Palo Alto Networks firewalls facilitate mapping of transactions. It provides context but is insufficient for addressing the technical aspect of the question.
Option B: Decryption and security protections are important for identifying malicious traffic, but they are not specific to mapping transactions within a Zero Trust framework. This response focuses on a subset of security functions rather than the broader concept of visibility and policy enforcement.
Option C (Correct): Placing the NGFW in the network provides visibility into every traffic flow across users, devices, and applications. This allows the firewall to map transactions and enforce Zero Trust principles such as segmenting networks, inspecting all traffic, and controlling access. With features like App-ID, User-ID, and Content-ID, the firewall provides granular insights into traffic flows, making it easier to identify and secure transactions.
Option D (Correct): Palo Alto Networks NGFWs use security policies based on users, applications, and data objects to align with Zero Trust principles. Instead of relying on IP addresses or ports, policies are enforced based on the application's behavior, the identity of the user, and the sensitivity of the data involved. This mapping ensures that only authorized users can access specific resources, which is a cornerstone of Zero Trust.
Zero Trust Framework: https://www.paloaltonetworks.com/solutions/zero-trust
Security Policy Best Practices for Zero Trust: https://docs.paloaltonetworks.com
Question 12
A company plans to deploy identity for improved visibility and identity-based controls for least privilege access to applications and data. The company does not have an on-premises Active Directory (AD) deployment, and devices are connected and managed by using a combination of Entra ID and Jamf.
Which two supported sources for identity are appropriate for this environment? (Choose two.)
Unlock Premium Member
Question 13
A systems engineer (SE) is working with a customer that is fully cloud-deployed for all applications. The customer is interested in Palo Alto Networks NGFWs but describes the following challenges:
'Our apps are in AWS and Azure, with whom we have contracts and minimum-revenue guarantees. We would use the built-in firewall on the cloud service providers (CSPs), but the need for centralized policy management to reduce human error is more important.'
Which recommendations should the SE make?
Question 14
A customer claims that Advanced WildFire miscategorized a file as malicious and wants proof, because another vendor has said that the file is benign.
How could the systems engineer assure the customer that Advanced WildFire was accurate?
Question 15
Which three known variables can assist with sizing an NGFW appliance? (Choose three.)
Question 16
Which statement applies to the default configuration of a Palo Alto Networks NGFW?
Question 17
A company has multiple business units, each of which manages its own user directories and identity providers (IdPs) with different domain names. The company's network security team wants to deploy a shared GlobalProtect remote access service for all business units to authenticate users to each business unit's IdP.
Which configuration will enable the network security team to authenticate GlobalProtect users to multiple SAML IdPs?
Question 18
Device-ID can be used in which three policies? (Choose three.)
Question 19
The PAN-OS User-ID integrated agent is included with PAN-OS software and comes in which two forms? (Choose two.)
Question 20
Which two actions can a systems engineer take to discover how Palo Alto Networks can bring value to a customer's business when they show interest in adopting Zero Trust? (Choose two.)
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
3
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
20
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Practice Tests
Vendor:
Exam Questions:
Learners
Last Updated
Language
Question