ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PSE-Strata

Palo Alto Networks PSE-Strata Practice Test - Questions Answers, Page 5

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which security profile on the NGFW includes signatures to protect you from brute force attacks?
A customer is seeing an increase in the number of malicious files coming in from undetectable sources in their network. These files include doc and .pdf file types. The customer uses a firewall with User-ID enabled Which feature must also be enabled to prevent these attacks?
An administrator wants to justify the expense of a second Panorama appliance for HA of the management layer. The customer already has multiple M-100s set up as a log collector group. What are two valid reasons for deploying Panorama in High Availability? (Choose two.)
Which component is needed for a large-scale deployment of NGFWs with multiple Panorama Management Servers?
Which filtering criterion is used to determine users to be included as members of a dynamic user group (DUG)?
WildFire machine learning (ML) for portable executable (PE) files is enabled in the antivirus profile and added to the appropriate firewall rules in the profile. In the Palo Alto Networks WildFire test av file, an attempt to download the test file is allowed through. Which command returns a valid result to verify the ML is working from the command line.
Which CLI command will allow you to view latency, jitter and packet loss on a virtual SD-WAN interface? A) B) C) D)
Which two features are found in a Palo Alto Networks NGFW but are absent in a legacy firewall product? (Choose two.)
Which three script types can be analyzed in WildFire? (Choose three)
When HTTP header logging is enabled on a URL Filtering profile, which attribute-value can belogged?

Question 41

Report
Export
Collapse

A company has deployed the following

• VM-300 firewalls in AWS

• endpoint protection with the Traps Management Service

• a Panorama M-200 for managing its VM-Series firewalls

• PA-5220s for its internet perimeter,

• Prisma SaaS for SaaS security.

Which two products can send logs to the Cortex Data Lake? (Choose two).

A.
Prisma SaaS
A.
Prisma SaaS
Answers
B.
Traps Management Service
B.
Traps Management Service
Answers
C.
VM-300 firewalls
C.
VM-300 firewalls
Answers
D.
Panorama M-200 appliance
D.
Panorama M-200 appliance
Answers
Suggested answer: C, D

Question 42

Report
Export
Collapse

Which profile or policy should be applied to protect against port scans from the internet?

A.
Interface management profile on the zone of the ingress interface
A.
Interface management profile on the zone of the ingress interface
Answers
B.
Zone protection profile on the zone of the ingress interface
B.
Zone protection profile on the zone of the ingress interface
Answers
C.
An App-ID security policy rule to block traffic sourcing from the untrust zone
C.
An App-ID security policy rule to block traffic sourcing from the untrust zone
Answers
D.
Security profiles to security policy rules for traffic sourcing from the untrust zone
D.
Security profiles to security policy rules for traffic sourcing from the untrust zone
Answers
Suggested answer: B

Question 43

Report
Export
Collapse

When log sizing is factored for the Cortex Data Lake on the NGFW, what is the average log size used in calculation?

A.
8MB
A.
8MB
Answers
B.
depends on the Cortex Data Lake tier purchased
B.
depends on the Cortex Data Lake tier purchased
Answers
C.
18 bytes
C.
18 bytes
Answers
D.
1500 bytes
D.
1500 bytes
Answers
Suggested answer: D

Explanation:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVMCA0

Question 44

Report
Export
Collapse

What can be applied to prevent users from unknowingly downloading malicious file types from the internet?

A.
A vulnerability profile to security policy rules that deny general web access
A.
A vulnerability profile to security policy rules that deny general web access
Answers
B.
An antivirus profile to security policy rules that deny general web access
B.
An antivirus profile to security policy rules that deny general web access
Answers
C.
A zone protection profile to the untrust zone
C.
A zone protection profile to the untrust zone
Answers
D.
A file blocking profile to security policy rules that allow general web access
D.
A file blocking profile to security policy rules that allow general web access
Answers
Suggested answer: D

Explanation:

https://docs.paloaltonetworks.com/best-practices/8-1/internet-gateway-best-practices/best-practice-internet-gateway-security-policy/create-best-practice-security-profiles.html

Question 45

Report
Export
Collapse

Which CLI command will allow you to view latency, jitter and packet loss on a virtual SD-WAN interface?

A)

B)

C)

D)

A.
Option
A.
Option
Answers
B.
Option
B.
Option
Answers
C.
Option
C.
Option
Answers
D.
Option
D.
Option
Answers
Suggested answer: A

Explanation:

https://docs.paloaltonetworks.com/sd-wan/1-0/sd-wan-admin/troubleshooting/use-cli-commands-for-sd-wan-tasks.html

Question 46

Report
Export
Collapse

A service provider has acquired a pair of PA-7080s for its data center to secure its customer base's traffic. The server provider's traffic is largely generated by smart phones and averages 6.000,000 concurrent sessions.

Which Network Processing Card should be recommended in the Bill of Materials?

A.
PA-7000-20GQ-NPC
A.
PA-7000-20GQ-NPC
Answers
B.
PA-7000-40G-NPC
B.
PA-7000-40G-NPC
Answers
C.
PA-7000-20GQXM-NPC
C.
PA-7000-20GQXM-NPC
Answers
D.
PA-7000-20G-NPC
D.
PA-7000-20G-NPC
Answers
Suggested answer: C

Question 47

Report
Export
Collapse

A customer is concerned about malicious activity occurring directly on their endpoints and will not be visible to their firewalls.

Which three actions does the Traps agent execute during a security event, beyond ensuring the prevention of this activity? (Choose three.)

A.
Informs WildFire and sends up a signature to the Cloud
A.
Informs WildFire and sends up a signature to the Cloud
Answers
B.
Collects forensic information about the event
B.
Collects forensic information about the event
Answers
C.
Communicates the status of the endpoint to the ESM
C.
Communicates the status of the endpoint to the ESM
Answers
D.
Notifies the user about the event
D.
Notifies the user about the event
Answers
E.
Remediates the event by deleting the malicious file
E.
Remediates the event by deleting the malicious file
Answers
Suggested answer: B, C, D

Explanation:

https://investors.paloaltonetworks.com/node/11156/html

Question 48

Report
Export
Collapse

Which two types of security chains are supported by the Decryption Broker? (Choose two.)

A.
virtual wire
A.
virtual wire
Answers
B.
transparent bridge
B.
transparent bridge
Answers
C.
Layer 3
C.
Layer 3
Answers
D.
Layer 2
D.
Layer 2
Answers
Suggested answer: B, C

Explanation:

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/decryption/decryption-broker/decryption-broker-concepts/decryption-broker-security-chains-multiple.html

Question 49

Report
Export
Collapse

Which three new script types can be analyzed in WildFire? (Choose three.)

A.
VBScript
A.
VBScript
Answers
B.
JScript
B.
JScript
Answers
C.
MonoScript
C.
MonoScript
Answers
D.
PythonScript
D.
PythonScript
Answers
E.
PowerShell Script
E.
PowerShell Script
Answers
Suggested answer: A, B, E

Explanation:

The WildFire cloud is capable of analyzing the following script types:

JScript (.js)

VBScript (.vbs)

PowerShell Script (.ps1)

https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-whats-new/latest-wildfire-cloud-features/script-sample-support

Question 50

Report
Export
Collapse

Which two configuration items are required when the NGFW needs to act as a decryption broker for multiple transparent bridge security chains? (Choose two.)

A.
dedicated pair of decryption forwarding interfaces required per security chain
A.
dedicated pair of decryption forwarding interfaces required per security chain
Answers
B.
a unique Transparent Bridge Decryption Forwarding Profile to a single Decryption policy rule
B.
a unique Transparent Bridge Decryption Forwarding Profile to a single Decryption policy rule
Answers
C.
a unique Decryption policy rule is required per security chain
C.
a unique Decryption policy rule is required per security chain
Answers
D.
a single pair of decryption forwarding interfaces
D.
a single pair of decryption forwarding interfaces
Answers
Suggested answer: B, C
Total 139 questions
Go to page: of 14
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms