Labour Day Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. Paloalto Networks
  3. PSE-Strata Professional | PSE-Strata Professional
  4. PSE-Strata - Palo Alto Networks System Engineer Professional - Strata

Paloalto Networks PSE-Strata Palo Alto Networks System Engineer Professional - Strata Exam Practice Test

Demo: 20 questions
Total 139 questions
Get PSE-Strata Full Access Download PSE-Strata PDF

Palo Alto Networks System Engineer Professional - Strata Questions and Answers

Question 1

As you prepare to scan your Amazon S3 account, what enables Prisma service permission to access Amazon S3?

Options:

A.

access key ID

B.

secret access key

C.

administrative Password

D.

AWS account ID

Question 2

A customer is concerned about malicious activity occurring directly on their endpoints and will not be visible to their firewalls.

Which three actions does the Traps agent execute during a security event, beyond ensuring the prevention of this activity? (Choose three.)

Options:

A.

Informs WildFire and sends up a signature to the Cloud

B.

Collects forensic information about the event

C.

Communicates the status of the endpoint to the ESM

D.

Notifies the user about the event

E.

Remediates the event by deleting the malicious file

Question 3

Which selection must be configured on PAN-OS External Dynamic Lists to support MineMeld indicators?

Options:

A.

Prototype

B.

Inputs

C.

Class

D.

Feed Base URL

Question 4

A price-sensitive customer wants to prevent attacks on a Windows Virtual Server. The server will max out at 100Mbps but needs to have 45.000 sessions to connect to multiple hosts within a data center

Which VM instance should be used to secure the network by this customer?

Options:

A.

VM-200

B.

VM-100

C.

VM-50

D.

VM-300

Question 5

In which two ways can PAN-OS software consume MineMeld outputs? (Choose two.)

Options:

A.

TXT

B.

API

C.

CSV

D.

EDL

Question 6

Which option is required to Activate/Retrieve a Device Management License on the M-100 Appliance after the Auth Codes have been activated on the Palo Alto Networks Support Site?

Options:

A.

Generate a Stats Dump File and upload it to the Palo Alto Networks support portal

B.

Select Panorama > Licenses and click Activate feature using authorization code

C.

Generate a Tech Support File and call PANTAC

D.

Select Device > Licenses and click Activate feature using authorization code

Question 7

Which three features are used to prevent abuse of stolen credentials? (Choose three.)

Options:

A.

multi-factor authentication

B.

URL Filtering Profiles

C.

WildFire Profiles

D.

Prisma Access

E.

SSL decryption rules

Question 8

Access to a business site is blocked by URL Filtering inline machine learning (ML) and

considered as a false-positive.

How should the site be made available?

Options:

A.

Disable URL Filtering inline ML

B.

Create a custom URL category and add it to the Security policy

C.

Create a custom URL category and add it on exception of the inline ML profile

D.

Change the action of real-time detection category on URL filtering profile

Question 9

How often are the databases for Anti-virus. Application, Threats, and WildFire subscription updated?

Options:

A.

Anti-virus (weekly): Application (daily). Threats (weekly), WildFire (5 minutes)

B.

Anti-virus (weekly), Application (daily), Threats (daily), WildFire (5 minutes)

C.

Anti-virus (daily), Application (weekly), Threats (weekly), WildFire (5 minutes)

D.

Anti-virus (daily), Application (weekly), Threats (daily), WildFire (5 minutes)

Question 10

Which two email links, contained in SMTP and POP3, can be submitted from WildFire analysis with a WildFire subscription? (Choose two.)

Options:

A.

FTP

B.

HTTPS

C.

RTP

D.

HTTP

Question 11

Which domain permissions are required by the User-ID Agent for WMI Authentication on a Windows Server? (Choose three.)

Options:

A.

Domain Administrators

B.

Enterprise Administrators

C.

Distributed COM Users

D.

Event Log Readers

E.

Server Operator

Question 12

Which statement applies to Palo Alto Networks Single Pass Parallel Processing (SP3)?

Options:

A.

It processes each feature in a separate single pass with additional performance impact for each enabled feature.

B.

Its processing applies only to security features and does not include any networking features.

C.

It processes all traffic in a single pass with no additional performance impact for each enabled feature.

D.

It splits the traffic and processes all security features in a single pass and all network features in a separate pass

Question 13

What are the three possible verdicts in WildFire Submissions log entries for a submitted sample? (Choose four.)

Options:

A.

Benign

B.

Spyware

C.

Malicious

D.

Phishing

E.

Grayware

Question 14

A prospective customer currently uses a firewall that provides only Layer 4

inspection and protections. The customer sees traffic going to an external destination, port 53, but cannot determine what Layer 7 application traffic is going over that port

Which capability of PAN-OS would address the customer's lack of visibility?

Options:

A.

Device ID, because it will give visibility into which devices are communicating with external destinations over port 53

B.

single pass architecture (SPA), because it will improve the performance of the Palo Alto Networks Layer 7 inspection

C.

User-ID, because it will allow the customer to see which users are sending traffic to external destinations over port 53

D.

App-ID, because it will give visibility into what exact applications are being run over that port and allow the customer to block unsanctioned applications using port 53

Question 15

What two types of certificates are used to configure SSL Forward Proxy? (Сhoose two.)

Options:

A.

Enterprise CA-signed certificates

B.

Self-Signed certificates

C.

Intermediate certificates

D.

Private key certificates

Question 16

Which three of the following actions must be taken to enable Credential Phishing Prevention? (Choose three.)

Options:

A.

Enable User Credential Detection

B.

Enable User-ID

C.

Define a Secure Sockets Layer (SSL) decryption rule base

D.

Enable App-ID

E.

Define a uniform resource locator (URL) Filtering profile

Question 17

A company has deployed the following

• VM-300 firewalls in AWS

• endpoint protection with the Traps Management Service

• a Panorama M-200 for managing its VM-Series firewalls

• PA-5220s for its internet perimeter,

• Prisma SaaS for SaaS security.

Which two products can send logs to the Cortex Data Lake? (Choose two).

Options:

A.

Prisma SaaS

B.

Traps Management Service

C.

VM-300 firewalls

D.

Panorama M-200 appliance

Question 18

in which step of the Palo Alto Networks Five-Step Zero Trust Methodology would an organization's critical data, applications, assets, and services (DAAS) be identified?

Options:

A.

Step 4. Create the Zero Trust policy.

B.

Step 2: Map the transaction flows.

C.

Step 3. Architect a Zero Trust network.

D.

Step 1: Define the protect surface

Question 19

WildFire subscription supports analysis of which three types? (Choose three.)

Options:

A.

GIF

B.

7-Zip

C.

Flash

D.

RPM

E.

ISO

F.

DMG

Question 20

What will best enhance security of a production online system while minimizing the impact for the existing network?

Options:

A.

Layer 2 interfaces

B.

active / active high availability (HA)

C.

Virtual wire

D.

virtual systems

Load More PSE-Strata Questions
Demo: 20 questions
Total 139 questions
Get PSE-Strata Full Access Download PSE-Strata PDF