Updated Mar 05, 2023 PSE-Strata Exam Dumps - PDF Questions and Testing Engine [Q62-Q86]

Share

Updated Mar 05, 2023 PSE-Strata  Exam Dumps - PDF Questions and Testing Engine

New (2023) Palo Alto Networks PSE-Strata  Exam Dumps


What are the features of the Authentication Section?

An authentication feature is a combination of hardware, software, and firmware that creates one or more unique identifiers for each device. Newer Palo Alto Networks firewalls offer several authentication features. Common Authentication Features:

  1. SSL VPN - Uses client-server architecture with X.509 certificates for user authentication.
  2. IPsec VPN - Uses peer-to-peer architecture with digital certificates or pre-shared keys for user authentication. You can also configure the firewall as a RADIUS client to use external servers for user authentication.
  3. 802.1X/EAP - Uses IEEE 802.1X port-based access control for user authentication through external RADIUS servers configured on the firewall.

The learning objectives from a Palo Alto Networks PSE Exam

Palo Alto Networks PSE Strata Exam. You can take this exam if you have a minimum of 3 months of experience with the Palo Alto Networks firewall, and/or experience in the following areas: networking security concepts and policies, cryptography, standards routers, switches networking protocols (IPv4 and IPv6) firewalls VPNs firewall policies, management features, logs, reporting features.

 

NEW QUESTION 62
Access to a business site is blocked by URL Filtering inline machine learning (ML) and considered as a false-positive.
How should the site be made available?

  • A. Change the action of real-time detection category on URL filtering profile
  • B. Create a custom URL category and add it to the Security policy
  • C. Disable URL Filtering inline ML
  • D. Create a custom URL category and add it on exception of the inline ML profile

Answer: D

 

NEW QUESTION 63
Which three network events are highlighted through correlation objects as a potential security risks? (Choose three.)

  • A. Suspicious traffic patterns
  • B. Launch of an identified malware executable file
  • C. Identified vulnerability exploits
  • D. Known command-and-control activity
  • E. Endpoints access files from a removable drive

Answer: A,C,D

 

NEW QUESTION 64
Which two tabs in Panorama can be used to identify templates to define a common base configuration? (Choose two.)

  • A. Network Tab
  • B. Objects Tab
  • C. Device Tab
  • D. Policies Tab

Answer: A,C

Explanation:
https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/panorama-web-interface/panorama-templates/template-stacks

 

NEW QUESTION 65
How often are the databases for Anti-virus. Application, Threats, and WildFire subscription updated?

  • A. Anti-virus (weekly): Application (daily). Threats (weekly), WildFire (5 minutes)
  • B. Anti-virus (daily), Application (weekly), Threats (weekly), WildFire (5 minutes)
  • C. Anti-virus (daily), Application (weekly), Threats (daily), WildFire (5 minutes)
  • D. Anti-virus (weekly), Application (daily), Threats (daily), WildFire (5 minutes)

Answer: B

Explanation:
Explanation
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/software-and-content-updates/dynamic-content-upd

 

NEW QUESTION 66
A customer is targeted by a true zero-day, targeted attack. However, the customer is protected by the Palo Alto Networks security platform.
The attack leverages a previously unknown vulnerability in IE but utilizes existing hacking techniques on the endpoint. It is transported over standard HTTP traffic and conforms to the HTML standards. It then attempts to download from a website, compromised specifically for this attack, a custom piece of malware to run on the endpoints.
Which element of the platform will stop this attack?

  • A. Traps
  • B. PAN-DB
  • C. App-ID
  • D. WildFire

Answer: D

 

NEW QUESTION 67
The firewall includes predefined reports, custom reports can be built for specific data and actionable tasks, or predefined and custom reports can be combined to compile information needed to monitor network security The firewall provides which three types of reports? (Choose three.)

  • A. Botnet Reports
  • B. User or Group Activity Reports
  • C. SNMP Reports
  • D. PDF Summary Reports
  • E. Netflow Reports

Answer: A,B,E

 

NEW QUESTION 68
Which two actions can be taken to enforce protection from brute force attacks in the security policy? (Choose two.)

  • A. Install content updates that include new signatures to protect against emerging threats
  • B. Attach the vulnerability profile to a security rule
  • C. Create a log forwarding object to send logs to Panorama and a third-party syslog server event correlation
  • D. Add the URL filtering profile to a security rule

Answer: A,B

Explanation:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/threat-prevention/prevent-brute-force-attacks.html

 

NEW QUESTION 69
In Panorama, which three reports or logs will help identify the inclusion of a host source in a command-and-control (C2) incident? (Choose three.)

  • A. threat logs
  • B. WildFire analysis reports
  • C. SaaS reports
  • D. botnet reports
  • E. data filtering logs

Answer: A,B,D

 

NEW QUESTION 70
A service provider has acquired a pair of PA-7080s for its data center to secure its customer base's traffic. The server provider's traffic is largely generated by smart phones and averages 6.000,000 concurrent sessions.
Which Network Processing Card should be recommended in the Bill of Materials?

  • A. PA-7000-40G-NPC
  • B. PA-7000-20GQ-NPC
  • C. PA-7000-20G-NPC
  • D. PA-7000-20GQXM-NPC

Answer: D

 

NEW QUESTION 71
Match the functions to the appropriate processing engine within the dataplane.

Answer:

Explanation:

 

NEW QUESTION 72
In an HA pair running Active/Passive mode, over which interface do the dataplanes communicate?

  • A. HA4
  • B. HA3
  • C. HA2
  • D. HA1

Answer: C

Explanation:
https://docs.paloaltonetworks.com/vm-series/8-1/vm-series-deployment/set-up-the-vm-series- firewall-on-aws/high-availability-for-vm-series-firewall-on-aws/configure-activepassive-ha-on- aws.html

 

NEW QUESTION 73
When the Cortex Data Lake is sized for Traps Management Service, which two factors should be considered? (Choose two.)

  • A. agent size and OS
  • B. retention requirements
  • C. the number of Traps agents
  • D. Traps agent forensic data

Answer: A,D

 

NEW QUESTION 74
Select the BOM for the Prisma Access, to provide access for 5500 mobile users and 10 remote locations (100Mbps each) for one year, including Base Support and minimal logging. The customer already has 4x PA5220r 8x PA3220,1x Panorama VM for 25 devices.

  • A. 1x PAN-GPCS-USER-C-BAS-1YR, 1x PAN-GPCS-NET-B-BAS-1YR, 1x PAN-LGS-1TB-1YR
  • B. 5500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YRr 1x PAN-LGS-1TB-
    1YR, 1x PAN-PRA-25, 1x PAN-SVC-BAS-PRA-25
  • C. 5500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YR, 1x PAN-SVC-BAS- PRA-25. 1x PAN-PRA-25
  • D. 5500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YR, 1x PAN-LGS-1TB-
    1YR

Answer: B

 

NEW QUESTION 75
What three Tabs are available in the Detailed Device Health on Panorama for hardware-based firewalls? (Choose three.)

  • A. Errors
  • B. Interfaces
  • C. Throughput
  • D. Mounts
  • E. Status
  • F. Sessions
  • G. Environments

Answer: B,F,G

 

NEW QUESTION 76
A packet that is already associated with a current session arrives at the firewall.
What is the flow of the packet after the firewall determines that it is matched with an existing session?

  • A. It is sent through the slow path for further inspection. If subject to content inspection, it will pass through multiple content inspection engines before egress
  • B. it is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through a single stream-based content inspection engine before egress.
  • C. It is sent through the slow path for further inspection. If subject to content inspection, it will pass through a single stream-based content inspection engines before egress
  • D. It is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through multiple content inspection engines before egress

Answer: B

 

NEW QUESTION 77
Where are three tuning considerations when building a security policy to protect against modern day attacks? (Choose three)

  • A. Create a vulnerability protection profile to block all the vulnerabilities with severity low and higher
  • B. Create an antivirus profile to block all content that matches and antivirus signature
  • C. Create an SSL Decryption policy to decrypt 100% of the traffic
  • D. Create an anti-spyware profile to block all spyware
  • E. Create a WildFire profile to schedule file uploads during low network usage windows

Answer: A,C,E

 

NEW QUESTION 78
Decryption port mirroring is now supported on which platform?

  • A. in hardware only
  • B. all hardware-based and VM-Series firewalls regardless of where installed
  • C. only one the PA-5000 Series and higher
  • D. all hardware-based and VM-Series firewalls with the exception of VMware NSX. Citrix SDX, or public cloud hypervisors

Answer: B

 

NEW QUESTION 79
What can be applied to prevent users from unknowingly downloading malicious file types from the internet?

  • A. A vulnerability profile to security policy rules that deny general web access
  • B. A file blocking profile to security policy rules that allow general web access
  • C. A zone protection profile to the untrust zone
  • D. An antivirus profile to security policy rules that deny general web access

Answer: B

 

NEW QUESTION 80
Which User-ID method maps IP addresses to usernames for users connecting through an
802.1x-enabled wireless network device that has no native integration with PAN-OS software?

  • A. XML API
  • B. Server Monitoring
  • C. Port Mapping
  • D. Client Probing

Answer: A

 

NEW QUESTION 81
An endpoint, inside an organization, is infected with known malware. The malware attempts to make a command and control connection to a C&C server via the destination IP address.
Which mechanism prevent this connection from succeeding?

  • A. DNS Proxy
  • B. Anti-Spyware Signatures
  • C. DNS Sinkholing
  • D. Wildfire Analysis

Answer: C

 

NEW QUESTION 82
As you prepare to scan your Amazon S3 account, what enables Prisma service permission to access Amazon S3?

  • A. secret access key
  • B. AWS account ID
  • C. administrative Password
  • D. access key ID

Answer: D

Explanation:
Explanation
https://docs.paloaltonetworks.com/prisma/prisma-saas/prisma-saas-admin/secure-cloud-apps/add-cloud-apps-to-p

 

NEW QUESTION 83
Which three actions should be taken before deploying a firewall evaluation unt in a customer environment? (Choose three.)

  • A. Request that the customer make part 3978 available to allow the evaluation unit to communicate with Panorama
  • B. Set expectations for information being presented in the Security Lifecycle Review (SLR) because personal user information will be made visible
  • C. Inform the customer that a SPAN port must be provided for the evaluation unit, assuming a TAP mode deployment.
  • D. Reset the evaluation unit to factory default to ensure that data from any previous customer evaluation is removed
  • E. Upgrade the evaluation unit to the most current recommended firmware, unless a demo of the upgrade process is planned.

Answer: C,D,E

 

NEW QUESTION 84
Which license is required to receive weekly dynamic updates to the correlation objects on the firewall and Panorama?

  • A. URL Filtering on the firewall, and MindMeld on Panorama
  • B. WildFire on the firewall, and AutoFocus on Panorama
  • C. GlobalProtect on the firewall, and Threat Prevention on Panorama
  • D. Threat Prevention on the firewall, and Support on Panorama

Answer: D

 

NEW QUESTION 85
You have a prospective customer that is looking for a way to provide secure temporary access to contractors for a designated period of time. They currently add contractors to existing user groups and create ad hoc policies to provide network access. They admit that once the contractor no longer needs access to the network, administrators are usually too busy to manually delete policies that provided access to the contractor. This has resulted in over-provisioned access that has allowed unauthorized access to their systems.
They are looking for a solution to automatically remove access for contractors once access is no longer required.
You address their concern by describing which feature in the NGFW?

  • A. External Dynamic Lists
  • B. Multi-factor Authentication
  • C. Dynamic Address Groups
  • D. Dynamic User Groups

Answer: D

 

NEW QUESTION 86
......

Updated Verified Pass PSE-Strata Exam - Real Questions and Answers: https://www.prepawaypdf.com/Palo-Alto-Networks/PSE-Strata-practice-exam-dumps.html

Best Way To Study For Palo Alto Networks PSE-Strata Exam Brilliant PSE-Strata Exam Questions PDF: https://drive.google.com/open?id=1y8zjZeVBm28K5Mnu6LKzHB85NDPtHy4y