Which method in the WildFire analysis report detonates unknown submissions to provide visibility
into real-world effects and behavior?
A
Explanation:
Dynamic analysis in WildFire refers to executing unknown files in a controlled environment (sandbox)
to observe their real-world behavior. This allows the firewall to detect zero-day threats and advanced
malware by directly analyzing the file’s impact on a system.
“WildFire dynamic analysis detonates unknown files in a secure sandbox environment, analyzing
real-world effects, behaviors, and potential malicious activity.”
(Source: WildFire Analysis)
How many places will a firewall administrator need to create and configure a custom data loss
prevention (DLP) profile across Prisma Access and the NGFW?
A
Explanation:
Palo Alto Networks' Enterprise DLP uses a centralized DLP profile that can be applied consistently
across both Prisma Access and NGFWs using Strata Cloud Manager (SCM). This eliminates the need
for duplicating efforts across multiple locations.
“Enterprise DLP profiles are created and managed centrally through the Cloud Management
Interface and can be used seamlessly across NGFW and Prisma Access deployments.”
(Source: Enterprise DLP Overview)
A cloud security architect is designing a certificate management strategy for Strata Cloud Manager
(SCM) across hybrid environments. Which practice ensures optimal security with low management
overhead?
A
Explanation:
A centralized certificate automation approach reduces management overhead and security risks by
standardizing processes, automating renewals, and continuously monitoring the certificate lifecycle.
“Implementing a centralized certificate management approach with automation and continuous
monitoring ensures optimal security while reducing operational complexity in hybrid environments.”
(Source: Best Practices for Certificate Management)
Which set of practices should be implemented with Cloud Access Security Broker (CASB) to ensure
robust data encryption and protect sensitive information in SaaS applications?
D
Explanation:
CASB integration should focus on comprehensive data protection, which includes encryption for
data-at-rest and in transit, frequent key updates, and using strong encryption algorithms to ensure
confidentiality and data integrity.
“CASB solutions should enforce encryption for data-at-rest and in transit, implement key rotation
policies, and leverage robust encryption algorithms to protect sensitive SaaS application data.”
(Source: CASB Deployment Best Practices)
How does Strata Logging Service help resolve ever-increasing log retention needs for a company
using Prisma Access?
C
Explanation:
The Strata Logging Service offers scalable log storage to accommodate data growth, which ensures
organizations can retain logs for compliance and threat hunting as their environments expand.
“The Strata Logging Service is designed to scale dynamically to accommodate growing log retention
needs, allowing enterprises to maintain comprehensive visibility as they expand their network
footprint.”
(Source: Strata Logging Service Overview)
After a firewall is associated with Strata Cloud Manager (SCM), which two additional actions are
required to enable management of the firewall from SCM? (Choose two.)
B, D
Explanation:
To fully manage a firewall from Strata Cloud Manager (SCM), it’s essential to establish trust and
ensure reliable connectivity:
Configure NTP and DNS servers
The firewall must have accurate time (NTP) and name resolution (DNS) to securely communicate
with SCM and related cloud services.
“To ensure successful management, configure the firewall’s NTP and DNS settings to synchronize
time and resolve domain names such as stratacloudmanager.paloaltonetworks.com.”
(Source: SCM Onboarding Requirements)
Install a device certificate
A device certificate authenticates the firewall’s identity when connecting to SCM.
“The device certificate authenticates the firewall to Palo Alto Networks cloud services, including
SCM. It’s a fundamental requirement to establish secure connectivity.”
(Source: Device Certificates)
These steps ensure trust, secure communication, and successful onboarding into SCM.
How does Advanced WildFire integrate into third-party applications?
D
Explanation:
Advanced WildFire supports direct integrations into third-party security tools through the WildFire
API, enabling automated threat intelligence sharing and real-time verdict dissemination.
“WildFire exposes a RESTful API that third-party applications can leverage to integrate WildFire’s
analysis results and threat intelligence seamlessly into their own security workflows.”
(Source: WildFire API Guide)
The API provides:
Verdict retrieval
Sample submission
Report retrieval
“Use the WildFire API to submit samples, retrieve verdicts, and obtain detailed analysis reports for
integration with your existing security infrastructure.”
(Source: WildFire API Use Cases)
Which two SSH Proxy decryption profile settings should be configured to enhance the company’s
security posture? (Choose two.)
A, C
Explanation:
Blocking non-compliant SSH versions and failing certificate validations are fundamental security
measures:
Block sessions when certificate validation fails
“The SSH Proxy profile should block sessions that fail certificate validation to ensure that only trusted
hosts are allowed.”
(Source: SSH Proxy Decryption Best Practices)
Block connections using non-compliant SSH versions
Older SSH versions may have vulnerabilities or lack modern encryption algorithms.
“To enforce stronger security, block SSH sessions that use older or deprecated versions of the SSH
protocol that do not comply with your security posture.”
(Source: SSH Decryption and Best Practices)
Together, these measures minimize the risk of MITM attacks and secure SSH traffic.
A network security engineer has created a Security policy in Prisma Access that includes a negated
region in the source address. Which configuration will ensure there is no connectivity loss due to the
negated region?
B
Explanation:
Negated source addresses exclude traffic from the specified region. To avoid accidental connectivity
loss for traffic from that region, create a separate Security policy to explicitly permit it.
“When you use a negated region in a Security policy rule, ensure to create an additional Security
policy to permit traffic from the excluded (negated) region to avoid unintentional drops.”
(Source: Prisma Access Policy Best Practices)
This ensures explicit inclusivity for the excluded region, maintaining reliable connectivity.
What is a necessary step for creation of a custom Prisma Access report on Strata Cloud Manager
(SCM)?
D
Explanation:
To create custom Prisma Access reports within SCM, you first configure a dashboard that aggregates
the relevant logs and analytics. This allows you to define the data points you want to include.
“Dashboards in SCM can be customized to include Prisma Access data sources, enabling you to create
and generate reports that meet specific business and security requirements.”
(Source: SCM Dashboards and Reporting)
Once configured, you can export the dashboard as a custom report.
“Use the dashboard’s data visualization to create custom reports for Prisma Access, which can be
exported as PDFs for distribution.”
(Source: SCM Report Customization)