palo alto networks pse-strata practice test

Palo Alto Networks System Engineer Professional - Strata

Last exam update: Dec 02 ,2023
Page 1 out of 9
Viewing questions 1-10 out of 91

Question 1

What is the correct behavior when a Palo Alto Networks next-generation firewall (NGFW) is unable to retrieve a DNS verdict from DNS service cloud in the configured lookup time?

  • A. NGFW discard a response from the DNS server.
  • B. NGFW temporarily disable DNS Security function.
  • C. NGFW permit a response from the DNS server.
  • D. NGFW resend a verdict challenge to DNS service cloud.
Answer:

c

Reference:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/threat-prevention/dns-security/enable-dns-security

Discussions
0 / 1000

Question 2

WildFire can discover zero-day malware in which three types of traffic? (Choose three.)

  • A. TFTP
  • B. SMTP
  • C. DNS
  • D. FTP
  • E. HTTPS
Answer:

bde

Discussions
0 / 1000

Question 3

If a Palo Alto Networks Next-Generation Firewall (NGFW) already has Advanced Threat Prevention (ATP) enabled what is the throughput impact of also enabling Wildfire and Advanced URL Filtering (AURLF)?

  • A. The throughput will decrease with each additional subscription enabled.
  • B. The throughput will remain consistent, but the maximum number of simultaneous sessions will decrease.
  • C. The throughput will remain consistent regardless of the additional subscriptions enabled.
  • D. The throughput will decrease, but the maximum simultaneous sessions will remain consistent.
Answer:

d

Discussions
0 / 1000

Question 4

What is the default behavior in PAN-OS when a 12 MB portable executable (PE) file is forwarded to the WildFire cloud service?

  • A. Flash file is not forwarded.
  • B. Flash file is forwarded.
  • C. PE File is forwarded.
  • D. PE File is not forwarded.
Answer:

c

Discussions
0 / 1000

Question 5

Which two statements correctly describe what a Network Packet Broker does for a Palo Alto Networks NGFW? (Choose two.)

  • A. It provides a third-party SSL decryption option, which can increase the total number of third-party devices performing analysis and enforcement.
  • B. It allows SSL decryption to be offloaded to the NGFW and traffic to be decrypted only once.
  • C. It eliminates the need for a third-party SSL decryption option, which reduces the total number of third-party devices performing decryption.
  • D. It allows SSL decryption to be offloaded to the NGFW and traffic to be decrypted multiple times.
Answer:

bc

Discussions
0 / 1000

Question 6

The WildFire Inline Machine Learning is configured using which Content-ID profiles?

  • A. Antivirus Profile
  • B. WildFire Analysis Profile
  • C. Threat Prevention Profile
  • D. File Blocking Profile
Answer:

a

Reference:
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-new-features/wildfire-features/configure-wildfire-inline-ml.html

Discussions
0 / 1000

Question 7

What are the three possible verdicts in WildFire Submissions log entries for a submitted sample? (Choose four.)

  • A. Benign
  • B. Spyware
  • C. Malicious
  • D. Phishing
  • E. Grayware
Answer:

acde

Reference:
https://docs.paloaltonetworks.com/wildfire/9-1/wildfire-admin/monitor-wildfire-activity/use-the-firewall-to-monitor-malware/monitor-wildfire-submissions- and-analysis-reports.html

Discussions
0 / 1000

Question 8

In Panorama, which three reports or logs will help identify the inclusion of a host / source in a command-and-control (C2) incident? (Choose three.)

  • A. WildFire analysis reports
  • B. data filtering logs
  • C. hotnet reports
  • D. threat logs
  • E. SaaS reports
Answer:

abc

Discussions
0 / 1000

Question 9

What will a Palo Alto Networks next-generation firewall (NGFW) do when it is unable to retrieve a DNS verdict from the DNS cloud service in the configured lookup time?

  • A. block the query
  • B. allow the request and all subsequent responses
  • C. temporarily disable the DNS Security function
  • D. discard the request and all subsequent responses
Answer:

b

Discussions
0 / 1000

Question 10

A customer with a legacy firewall architecture is focused on port and protocol level security, and has heard that next generation firewalls open all ports by default.
What is the appropriate rebuttal that positions the value of a NGFW over a legacy firewall?

  • A. Palo Alto Networks does not consider port information, instead relying on App-ID signatures that do not reference ports
  • B. Default policies block all interzone traffic. Palo Alto Networks empowers you to control applications by default ports or a configurable list of approved ports on a per-policy basis
  • C. Palo Alto Networks keep ports closed by default, only opening ports after understanding the application request, and then opening only the application- specified ports
  • D. Palo Alto Networks NGFW protects all applications on all ports while leaving all ports opened by default
Answer:

c

Reference:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVwCAK

Discussions
0 / 1000
To page 2