ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PSE-Strata

Palo Alto Networks PSE-Strata Practice Test - Questions Answers, Page 12

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

WildFire machine learning (ML) for portable executable (PE) files is enabled in the antivirus profile and added to the appropriate firewall rules in the profile. In the Palo Alto Networks WildFire test av file, an attempt to download the test file is allowed through. Which command returns a valid result to verify the ML is working from the command line.
Which security profile on the NGFW includes signatures to protect you from brute force attacks?
Which CLI command will allow you to view latency, jitter and packet loss on a virtual SD-WAN interface? A) B) C) D)
A customer is seeing an increase in the number of malicious files coming in from undetectable sources in their network. These files include doc and .pdf file types. The customer uses a firewall with User-ID enabled Which feature must also be enabled to prevent these attacks?
An administrator wants to justify the expense of a second Panorama appliance for HA of the management layer. The customer already has multiple M-100s set up as a log collector group. What are two valid reasons for deploying Panorama in High Availability? (Choose two.)
Which two features are found in a Palo Alto Networks NGFW but are absent in a legacy firewall product? (Choose two.)
Which component is needed for a large-scale deployment of NGFWs with multiple Panorama Management Servers?
Which three script types can be analyzed in WildFire? (Choose three)
When HTTP header logging is enabled on a URL Filtering profile, which attribute-value can belogged?
Which filtering criterion is used to determine users to be included as members of a dynamic user group (DUG)?

Question 111

Report
Export
Collapse

Which three actions should be taken before deploying a firewall evaluation unt in a customer environment? (Choose three.)

A.
Request that the customer make part 3978 available to allow the evaluation unit to communicate with Panorama
A.
Request that the customer make part 3978 available to allow the evaluation unit to communicate with Panorama
Answers
B.
Inform the customer that a SPAN port must be provided for the evaluation unit, assuming a TAP mode deployment.
B.
Inform the customer that a SPAN port must be provided for the evaluation unit, assuming a TAP mode deployment.
Answers
C.
Upgrade the evaluation unit to the most current recommended firmware, unless a demo of the upgrade process is planned.
C.
Upgrade the evaluation unit to the most current recommended firmware, unless a demo of the upgrade process is planned.
Answers
D.
Set expectations for information being presented in the Security Lifecycle Review (SLR) because personal user information will be made visible
D.
Set expectations for information being presented in the Security Lifecycle Review (SLR) because personal user information will be made visible
Answers
E.
Reset the evaluation unit to factory default to ensure that data from any previous customer evaluation is removed
E.
Reset the evaluation unit to factory default to ensure that data from any previous customer evaluation is removed
Answers
Suggested answer: B, C, E

Question 112

Report
Export
Collapse

Which statement best describes the business value of Palo Alto Networks Zero Touch Provisioning

(ZTP)?

A.
It is designed to simplify and automate the onboarding of new firewalls to the Panorama management server.
A.
It is designed to simplify and automate the onboarding of new firewalls to the Panorama management server.
Answers
B.
When it is in place, it removes the need for an onsite firewall
B.
When it is in place, it removes the need for an onsite firewall
Answers
C.
When the service is purchased, Palo Alto Networks sends an engineer to physically deploy the firewall to the customer environment
C.
When the service is purchased, Palo Alto Networks sends an engineer to physically deploy the firewall to the customer environment
Answers
D.
It allows a firewall to be automatically connected to the local network wirelessly
D.
It allows a firewall to be automatically connected to the local network wirelessly
Answers
Suggested answer: A

Question 113

Report
Export
Collapse

In PAN-OS 10.0 and later, DNS Security allows policy actions to be applied based on which three domains? (Choose three.)

A.
grayware
A.
grayware
Answers
B.
command and control (C2)
B.
command and control (C2)
Answers
C.
benign
C.
benign
Answers
D.
government
D.
government
Answers
E.
malware
E.
malware
Answers
Suggested answer: A, C, E

Question 114

Report
Export
Collapse

What will best enhance security of a production online system while minimizing the impact for the existing network?

A.
Layer 2 interfaces
A.
Layer 2 interfaces
Answers
B.
active / active high availability (HA)
B.
active / active high availability (HA)
Answers
C.
Virtual wire
C.
Virtual wire
Answers
D.
virtual systems
D.
virtual systems
Answers
Suggested answer: C

Question 115

Report
Export
Collapse

Which Security profile on the Next-Generation Firewall (NGFW) includes Signatures to protect against brute force attacks?

A.
Vulnerability Protection profile
A.
Vulnerability Protection profile
Answers
B.
Antivirus profile
B.
Antivirus profile
Answers
C.
URL Filtering profile
C.
URL Filtering profile
Answers
D.
Anti-Spyware profile
D.
Anti-Spyware profile
Answers
Suggested answer: A

Question 116

Report
Export
Collapse

A prospective customer currently uses a firewall that provides only Layer 4 inspection and protections. The customer sees traffic going to an external destination, port 53, but cannot determine what Layer 7 application traffic is going over that port Which capability of PAN-OS would address the customer's lack of visibility?

A.
Device ID, because it will give visibility into which devices are communicating with external destinations over port 53
A.
Device ID, because it will give visibility into which devices are communicating with external destinations over port 53
Answers
B.
single pass architecture (SPA), because it will improve the performance of the Palo Alto Networks Layer 7 inspection
B.
single pass architecture (SPA), because it will improve the performance of the Palo Alto Networks Layer 7 inspection
Answers
C.
User-ID, because it will allow the customer to see which users are sending traffic to external destinations over port 53
C.
User-ID, because it will allow the customer to see which users are sending traffic to external destinations over port 53
Answers
D.
App-ID, because it will give visibility into what exact applications are being run over that port and allow the customer to block unsanctioned applications using port 53
D.
App-ID, because it will give visibility into what exact applications are being run over that port and allow the customer to block unsanctioned applications using port 53
Answers
Suggested answer: D

Question 117

Report
Export
Collapse

Which solution informs a customer concerned about zero-day targeted attacks whether an attack is specifically targeted at its property?

A.
AutoFocus
A.
AutoFocus
Answers
B.
Panorama Correlation Report
B.
Panorama Correlation Report
Answers
C.
Cortex XSOAR Community edition
C.
Cortex XSOAR Community edition
Answers
D.
Cortex XDR Prevent
D.
Cortex XDR Prevent
Answers
Suggested answer: A

Question 118

Report
Export
Collapse

A customer requires protections and verdicts for portable executable (PE) and executable and linkable format (ELF), as well as the ability to integrate with existing security tools.

Which Cloud-Delivered Security Service (CDSS) does Palo Alto Networks provide that will address this requirement?

A.
Dynamic Unpacking
A.
Dynamic Unpacking
Answers
B.
WildFire
B.
WildFire
Answers
C.
DNS Security
C.
DNS Security
Answers
D.
File Blocking profile
D.
File Blocking profile
Answers
Suggested answer: B

Question 119

Report
Export
Collapse

A WildFire subscription is required for which two of the following activities? (Choose two)

A.
Filter uniform resource locator (URL) sites by category.
A.
Filter uniform resource locator (URL) sites by category.
Answers
B.
Forward advanced file types from the firewall for analysis.
B.
Forward advanced file types from the firewall for analysis.
Answers
C.
Use the WildFire Application Programming Interface (API) to submit website links for analysis
C.
Use the WildFire Application Programming Interface (API) to submit website links for analysis
Answers
D.
Enforce policy based on Host Information Profile (HIP)
D.
Enforce policy based on Host Information Profile (HIP)
Answers
E.
Decrypt Secure Sockets Layer (SSL)
E.
Decrypt Secure Sockets Layer (SSL)
Answers
Suggested answer: B, C

Question 120

Report
Export
Collapse

Within the Five-Step Methodology of Zero Trust, in which step would application access and user access be defined?

A.
Step 3: Architect a Zero Trust Network
A.
Step 3: Architect a Zero Trust Network
Answers
B.
Step 5. Monitor and Maintain the Network
B.
Step 5. Monitor and Maintain the Network
Answers
C.
Step 4: Create the Zero Trust Policy
C.
Step 4: Create the Zero Trust Policy
Answers
D.
Step 1: Define the Protect Surface
D.
Step 1: Define the Protect Surface
Answers
E.
Step 2 Map the Protect Surface Transaction Flows
E.
Step 2 Map the Protect Surface Transaction Flows
Answers
Suggested answer: D
Total 139 questions
Go to page: of 14
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms