Special Summer Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

PSE-Strata-Pro-24 Questions and Answers

Question # 6

When a customer needs to understand how Palo Alto Networks NGFWs lower the risk of exploitation by newly announced vulnerabilities known to be actively attacked, which solution and functionality delivers the most value?

A.

Advanced URL Filtering uses machine learning (ML) to learn which malicious URLs are being utilized by the attackers, then block the resulting traffic.

B.

Advanced Threat Prevention's command injection and SQL injection functions use inline deep learning against zero-day threats.

C.

Single Pass Architecture and parallel processing ensure traffic is efficiently scanned against any enabled Cloud-Delivered Security Services (CDSS) subscription.

D.

WildFire loads custom OS images to ensure that the sandboxing catches any activity that would affect the customer's environment.

Full Access
Question # 7

What are three valid Panorama deployment options? (Choose three.)

A.

As a virtual machine (ESXi, Hyper-V, KVM)

B.

With a cloud service provider (AWS, Azure, GCP)

C.

As a container (Docker, Kubernetes, OpenShift)

D.

On a Raspberry Pi (Model 4, Model 400, Model 5)

E.

As a dedicated hardware appliance (M-100, M-200, M-500, M-600)

Full Access
Question # 8

Which use case is valid for Palo Alto Networks Next-Generation Firewalls (NGFWs)?

A.

Code-embedded NGFWs provide enhanced internet of things (IoT) security by allowing PAN-OS code to be run on devices that do not support embedded virtual machine (VM) images.

B.

Serverless NGFW code security provides public cloud security for code-only deployments that do not leverage virtual machine (VM) instances or containerized services.

C.

IT/OT segmentation firewalls allow operational technology resources in plant networks to securely interface with IT resources in the corporate network.

D.

PAN-OS GlobalProtect gateways allow companies to run malware and exploit prevention modules on their endpoints without installing endpoint agents.

Full Access
Question # 9

What are two methods that a NGFW uses to determine if submitted credentials are valid corporate credentials? (Choose two.)

A.

Group mapping

B.

LDAP query

C.

Domain credential filter

D.

WMI client probing

Full Access
Question # 10

Which action can help alleviate a prospective customer's concerns about transitioning from a legacy firewall with port-based policies to a Palo Alto Networks NGFW with application-based policies?

A.

Discuss the PAN-OS Policy Optimizer feature as a means to safely migrate port-based rules to application-based rules.

B.

Assure the customer that the migration wizard will automatically convert port-based rules to application-based rules upon installation of the new NGFW.

C.

Recommend deploying a new NGFW firewall alongside the customer's existing port-based firewall until they are comfortable removing the port-based firewall.

D.

Reassure the customer that the NGFW supports the continued use of port-based rules, as PAN-OS automatically translates these policies into application-based policies.

Full Access
Question # 11

Device-ID can be used in which three policies? (Choose three.)

A.

Security

B.

Decryption

C.

Policy-based forwarding (PBF)

D.

SD-WAN

E.

Quality of Service (QoS)

Full Access
Question # 12

Which initial action can a network security engineer take to prevent a malicious actor from using a file-sharing application for data exfiltration without impacting users who still need to use file-sharing applications?

A.

Use DNS Security to limit access to file-sharing applications based on job functions.

B.

Use App-ID to limit access to file-sharing applications based on job functions.

C.

Use DNS Security to block all file-sharing applications and uploading abilities.

D.

Use App-ID to block all file-sharing applications and uploading abilities.

Full Access
Question # 13

A company plans to deploy identity for improved visibility and identity-based controls for least privilege access to applications and data. The company does not have an on-premises Active Directory (AD) deployment, and devices are connected and managed by using a combination of Entra ID and Jamf.

Which two supported sources for identity are appropriate for this environment? (Choose two.)

A.

Captive portal

B.

User-ID agents configured for WMI client probing

C.

GlobalProtect with an internal gateway deployment

D.

Cloud Identity Engine synchronized with Entra ID

Full Access
Question # 14

A prospective customer is interested in Palo Alto Networks NGFWs and wants to evaluate the ability to segregate its internal network into unique BGP environments.

Which statement describes the ability of NGFWs to address this need?

A.

It cannot be addressed because PAN-OS does not support it.

B.

It can be addressed by creating multiple eBGP autonomous systems.

C.

It can be addressed with BGP confederations.

D.

It cannot be addressed because BGP must be fully meshed internally to work.

Full Access
Question # 15

A large global company plans to acquire 500 NGFWs to replace its legacy firewalls and has a specific requirement for centralized logging and reporting capabilities.

What should a systems engineer recommend?

A.

Combine Panorama for firewall management with Palo Alto Networks' cloud-based Strata Logging Service to offer scalability for the company's logging and reporting infrastructure.

B.

Use Panorama for firewall management and to transfer logs from the 500 firewalls directly to a third-party SIEM for centralized logging and reporting.

C.

Highlight the efficiency of PAN-OS, which employs AI to automatically extract critical logs and generate daily executive reports, and confirm that the purchase of 500 NGFWs is sufficient.

D.

Deploy a pair of M-1000 log collectors in the customer data center, and route logs from all 500 firewalls to the log collectors for centralized logging and reporting.

Full Access
Question # 16

Which two tools should a systems engineer use to showcase the benefit of an evaluation that a customer has just concluded?

A.

Best Practice Assessment (BPA)

B.

Security Lifecycle Review (SLR)

C.

Firewall Sizing Guide

D.

Golden Images

Full Access
Question # 17

Which three known variables can assist with sizing an NGFW appliance? (Choose three.)

A.

Connections per second

B.

Max sessions

C.

Packet replication

D.

App-ID firewall throughput

E.

Telemetry enabled

Full Access
Question # 18

Which two actions can a systems engineer take to discover how Palo Alto Networks can bring value to a customer's business when they show interest in adopting Zero Trust? (Choose two.)

A.

Ask the customer about their internal business flows, such as how their users interact with applications and data across the infrastructure.

B.

Explain how Palo Alto Networks can place virtual NGFWs across the customer's network to ensure assets and traffic are seen and controlled.

C.

Use the Zero Trust Roadshow package to demonstrate to the customer how robust Palo Alto Networks capabilities are in meeting Zero Trust.

D.

Ask the customer about their approach to Zero Trust, explaining that it is a strategy more than it is something they purchase.

Full Access