PSE-Strata-Topic-1
Question #: 4
Topic #: 1
A customer is looking for an analytics tool that uses the logs on the firewall to detect actionable events on the network. They require something to automatically process a series of related threat events that, when combined, indicate a likely compromised host on their network or some other higher level conclusion. They need to pinpoint the area of risk, such as compromised hosts on the network, allows you to assess the risk and take action to prevent exploitation of network resources.
Which feature of PAN-OS can you talk about to address their requirement to optimize their business outcomes?
A. The Automated Correlation Engine
B. Cortex XDR and Cortex Data Lake
C. WildFire with API calls for automation
D. 3rd Party SIEM which can ingest NGFW logs and perform event correlation
Selected Answer: A
Question #: 56
Topic #: 1
What three Tabs are available in the Detailed Device Health on Panorama for hardware-based firewalls? (Choose three.)
A. Errors
B. Environments
C. Interfaces
D. Mounts
E. Throughput
F. Sessions
G. Status
Selected Answer: BCF
Question #: 53
Topic #: 1
What two types of traffic should you exclude from a decryption policy? (Choose two.)
A. All Business and regulatory traffic
B. All outbound traffic
C. All Mutual Authentication traffic
D. All SSL/TLS 1.3 traffic
Selected Answer: AC
Question #: 11
Topic #: 1
Which two features are found in Palo Alto Networks NGFW but are absent in a legacy firewall product? (Choose two.)
A. Policy match is based on application
B. Traffic control is based on IP, port, and protocol
C. Traffic is separated by zones
D. Identification of application is possible on any port
Selected Answer: AD
Question #: 135
Topic #: 1
What allows verification of machine learning (ML) functionality for WildFire during a proof of concept?
A. Execution of the appropriate CLI command
B. Utilization of the ACC reports
C. Reviewing traffic in the traffic log
D. Checking the counters
Selected Answer: A
Question #: 1
Topic #: 1
What is the key benefit of Palo Alto Networks Single Pass Parallel Processing design?
A. There are no benefits other than slight performance upgrades
B. It allows Palo Alto Networks to add new functions to existing hardware
C. Only one processor is needed to complete all the functions within the box
D. It allows Palo Alto Networks to add new devices to existing hardware
Selected Answer: B
Question #: 10
Topic #: 1
A customer requests that a known spyware threat signature be triggered based on a rate of occurrence, for example, 10 hits in 5 seconds.
How is this goal accomplished?
A. Create a custom spyware signature matching the known signature with the time attribute
B. Add a correlation object that tracks the occurrences and triggers above the desired threshold
C. Submit a request to Palo Alto Networks to change the behavior at the next update
D. Configure the Anti-Spyware profile with the number of rule counts to match the occurrence frequency
Selected Answer: A
Question #: 134
Topic #: 1
Which deployment option of Advanced URL Filtering (AURLF) would help a prospect that actively uses PAC files?
A. Explicit Proxy
B. WildFire
C. Phishing prevention
D. Drive-by download protection
Selected Answer: A
Question #: 110
Topic #: 1
Which three of the following are identified in the Best Practice Assessment tool? (Choose three.)
A. use of device management access and settings
B. use of decryption policies
C. presence of command-and-control (C2) sessions
D. identification of sanctioned and unsanctioned software-as-a-service (SaaS) application
E. measurement of the adoption of URL filters, App-ID, and User-ID
Selected Answer: ABE
Question #: 105
Topic #: 1
Which two configuration elements can be used to prevent abuse of stolen credentials? (Choose two.)
A. multi-factor authentication (MFA)
B. URL Filtering Profiles
C. WildFire analysis
D. dynamic user groups (DUGs)
Selected Answer: AD
Question #: 104
Topic #: 1
A customer with a legacy firewall architecture focused on port-and-protocol-level security has heard that NGFWs open all ports by default.
Which of the following statements regarding Palo Alto Networks NGFWs is an appropriate rebuttal that explains an advantage over legacy firewalls?
A. They do not consider port information, instead relying on App-ID signatures that do not reference ports.
B. They protect all applications on all ports while leaving all ports open by default.
C. They can control applications by application-default service ports or a configurable list of approved ports on a per-policy basis.
D. They keep ports closed by default, only opening after understanding the application request, and then opening only the application-specified ports.
Selected Answer: D
Question #: 76
Topic #: 1
Within the Five-Step Methodology of Zero Trust, in which step would application access and user access be defined?
A. Step 1: Define the Protect Surface
B. Step 3: Architect a Zero Trust Network
C. Step 5: Monitor and Maintain the Network
D. Step 2: Map the Protect Surface Transaction Flows
E. Step 4: Create the Zero Trust Policy
Selected Answer: E
Question #: 32
Topic #: 1
A customer requires protections and verdicts for PE (portable executable) and ELF (executable and linkable format) as well as integration with products and services can also access the immediate verdicts to coordinate enforcement to prevent successful attacks.
What competitive feature does Palo Alto Networks provide that will address this requirement?
A. File Blocking Profile
B. Dynamic Unpacking
C. WildFire
D. DNS Security
Selected Answer: C
Question #: 3
Topic #: 1
The need for a file proxy solution, virus and spyware scanner, a vulnerability scanner, and HTTP decoder for URL filtering is handled by which component in the
NGFW?
A. First Packet Processor
B. Stream-based Signature Engine
C. SIA (Scan It All) Processing Engine
D. Security Processing Engine
Selected Answer: B
Question #: 85
Topic #: 1
A customer is designing a private data center to host their new web application along with a separate headquarters for users.
Which cloud-delivered security service (CDSS) would be recommended for the headquarters only?
A. WildFire
B. Threat Prevention
C. Advanced URL Filtering (AURLF)
D. DNS Security
Selected Answer: D
Question #: 25
Topic #: 1
Which four actions can be configured in an Anti-Spyware profile to address command-and-control traffic from compromised hosts? (Choose four.)
A. Reset
B. Quarantine
C. Drop
D. Allow
E. Redirect
F. Alert
Selected Answer: ACDF
Question #: 44
Topic #: 1
Which three steps in the cyberattack lifecycle does Palo Alto Networks Security Operating Platform prevent? (Choose three.)
A. recon the target
B. deliver the malware
C. exfiltrate data
D. weaponize vulnerabilities
E. lateral movement
Selected Answer: BCE
Question #: 42
Topic #: 1
Which three components are specific to the Query Builder found in the Custom Report creation dialog of the firewall? (Choose three.)
A. Connector
B. Database
C. Recipient
D. Operator
E. Attribute
F. Schedule
Selected Answer: ADE
Question #: 36
Topic #: 1
Which two methods will help avoid Split Brain when running HA in Active/Active mode? (Choose two.)
A. Configure a Backup HA1 Interface
B. Configure a Heartbeat Backup
C. Create a loopback IP address and use that as a Source Interface
D. Place your management interface in an Aggregate Interface Group configuration
Selected Answer: AB
Question #: 31
Topic #: 1
Which three activities can the botnet report track? (Choose three.)
A. Accessing domains registered in the last 30 days
B. Visiting a malicious URL
C. Launching a P2P application
D. Detecting malware within a one-hour period
E. Initiating API calls to other applications
F. Using dynamic DNS domain providers
Selected Answer: ABF
Question #: 59
Topic #: 1
XYZ Corporation has a legacy environment with asymmetric routing. The customer understands that Palo Alto Networks firewalls can support asymmetric routing with redundancy.
Which two features must be enabled to meet the customer’s requirements? (Choose two.)
A. Virtual systems
B. HA active/active
C. HA active/passive
D. Policy-based forwarding
Selected Answer: BD
Question #: 52
Topic #: 1
What are the three possible verdicts in WildFire Submissions log entries for a submitted sample? (Choose four.)
A. Benign
B. Spyware
C. Malicious
D. Phishing
E. Grayware
Selected Answer: ACDE
Question #: 125
Topic #: 1
If a Palo Alto Networks Next-Generation Firewall (NGFW) already has Advanced Threat Prevention (ATP) enabled what is the throughput impact of also enabling Wildfire and Advanced URL Filtering (AURLF)?
A. The throughput will decrease with each additional subscription enabled.
B. The throughput will remain consistent, but the maximum number of simultaneous sessions will decrease.
C. The throughput will remain consistent regardless of the additional subscriptions enabled.
D. The throughput will decrease, but the maximum simultaneous sessions will remain consistent.
Selected Answer: C
Question #: 136
Topic #: 1
Which PAN-OS feature helps prevent user credential theft?
A. Drive-by download protection
B. Advanced URL Filtering (AURLF)
C. Data loss prevention (DLP)
D. Multi-factor authentication (MFA)
Selected Answer: B
Question #: 116
Topic #: 1
Which PAN-OS feature should be discussed if a prospect wants to apply Security policy actions to traffic by using tags from their virtual environment?
A. Machine learning (ML)
B. Dynamic User Groups
C. URL blocking
D. MineMeld
Selected Answer: B
Question #: 111
Topic #: 1
WildFire can discover zero-day malware in which three types of traffic? (Choose three.)
A. TFTP
B. SMTP
C. DNS
D. FTP
E. HTTPS
Selected Answer: BDE
Question #: 101
Topic #: 1
In Panorama, which three reports or logs will help identify the inclusion of a host / source in a command-and-control (C2) incident? (Choose three.)
A. WildFire analysis reports
B. data filtering logs
C. hotnet reports
D. threat logs
E. SaaS reports
Selected Answer: ACD
Question #: 96
Topic #: 1
A packet that is already associated with a current session arrives at the firewall.
What is the flow of the packet after the firewall determines that it is matched with an existing session?
A. It is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through multiple content inspection engines before egress.
B. It is sent through the slow path for further inspection. If subject to content inspection, it will pass through multiple content inspection engines before egress.
C. It is sent through the slow path for further inspection. If subject to content inspection, it will pass through a single stream-based content inspection engines before egress.
D. It is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through a single stream-based content inspection engine before egress.
Selected Answer: D
Question #: 91
Topic #: 1
Which two actions should be taken prior to installing a decryption policy on an NGFW? (Choose two.)
A. Ensure throughput will not be an issue.
B. Determine whether local / regional decryption laws apply.
C. Deploy decryption settings all at one time.
D. Include all traffic types in decryption policy.
Selected Answer: AB
Question #: 90
Topic #: 1
What is the key benefit of Palo Alto Networks single-pass architecture (SPA) design?
A. It requires only one processor to complete all the functions within the box.
B. It allows the addition of new functions to existing hardware without affecting performance.
C. It allows the addition of new devices to existing hardware without affecting performance.
D. It decodes each network flow multiple times, therefore reducing throughput.
Selected Answer: A
Question #: 86
Topic #: 1
Which three mechanisms are valid for enabling user mapping? (Choose three.)
A. client probing
B. user behavior recognition
C. reverse DNS lookup
D. domain server monitoring
E. Captive Portal
Selected Answer: ADE
