palo alto networks pse-strata practice test

A customer has business-critical applications that rely on the general web-browsing application. Which security profile can help prevent drive-by-downloads while still allowing web-browsing traffic?

• A. File Blocking Profile
• B. DoS Protection Profile
• C. URL Filtering Profile
• D. Vulnerability Protection Profile

Which three of the following actions must be taken to enable Credential Phishing Prevention? (Choose three.)

• A. Enable App-ID.
• B. Define a uniform resource locator (URL) Filtering profile.
• C. Enable User-ID.
• D. Enable User Credential Detection.
• E. Define a Secure Sockets Layer (SSL) decryption rule base.

Which three considerations should be made prior to installing a decryption policy on the NGFW? (Choose three.)

• A. Include all traffic types in decryption policy
• B. Inability to access websites
• C. Exclude certain types of traffic in decryption policy
• D. Deploy decryption setting all at one time
• E. Ensure throughput is not an issue

In which step of the Palo Alto Networks Five-Step Zero Trust Methodology would an organization's critical data, applications, assets, and services (DAAS) be identified?

• A. Step 1: Define the protect surface.
• B. Step 4: Create the Zero Trust policy.
• C. Step 3: Architect a Zero Trust network.
• D. Step 2: Map the transaction flows.

Which methods are used to check for Corporate Credential Submissions? (Choose three.)

• A. Group Mapping
• B. IP User Mapping
• C. LDAP query
• D. Domain Credential Filter
• E. User ID Credential Check

What component is needed if there is a large scale deployment of Next Generation Firewalls with multiple Panorama Management Servers?

• A. M-600 Appliance
• B. Panorama Large Scale VPN Plugin
• C. Panorama Interconnect Plugin
• D. Palo Alto Networks Cluster License

The need for a file proxy solution, virus and spyware scanner, a vulnerability scanner, and HTTP decoder for URL filtering is handled by which component in the
NGFW?

• A. First Packet Processor
• B. Stream-based Signature Engine
• C. SIA (Scan It All) Processing Engine
• D. Security Processing Engine

You have a prospective customer that is looking for a way to provide secure temporary access to contractors for a designated period of time. They currently add contractors to existing user groups and create ad hoc policies to provide network access. They admit that once the contractor no longer needs access to the network, administrators are usually too busy to manually delete policies that provided access to the contractor. This has resulted in over-provisioned access that has allowed unauthorized access to their systems.
They are looking for a solution to automatically remove access for contractors once access is no longer required.
You address their concern by describing which feature in the NGFW?

• A. Dynamic User Groups
• B. Dynamic Address Groups
• C. Multi-factor Authentication
• D. External Dynamic Lists

In PAN-OS 10.0 and later, DNS Security allows policy actions to be applied based on which three domains? (Choose three.)

• A. benign
• B. government
• C. command and control (C2)
• D. malware
• E. grayware

What is the key benefit of Palo Alto Networks single-pass architecture (SPA) design?

• A. It requires only one processor to complete all the functions within the box.
• B. It allows the addition of new functions to existing hardware without affecting performance.
• C. It allows the addition of new devices to existing hardware without affecting performance.
• D. It decodes each network flow multiple times, therefore reducing throughput.