Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Paloalto Networks PSE-Strata-Pro-24 Dumps Questions Answers

Palo Alto Networks Systems Engineer Professional - Hardware Firewall Questions and Answers

Question 1

With Strata Cloud Manager (SCM) or Panorama, customers can monitor and manage which three solutions? (Choose three.)

Options:

A.

Prisma Access

B.

Prisma Cloud

C.

Cortex XSIAM

D.

NGFW

E.

Prisma SD-WAN

Buy Now
Question 2

The efforts of a systems engineer (SE) with an industrial mining company account have yielded interest in Palo Alto Networks as part of its effort to incorporate innovative design into operations using robots and remote-controlled vehicles in dangerous situations. A discovery call confirms that the company will receive control signals to its machines over a private mobile network using radio towers that connect to cloud-based applications that run the control programs.

Which two sets of solutions should the SE recommend?

Options:

A.

That 5G Security be enabled and architected to ensure the cloud computing is not compromised in the commands it is sending to the onsite machines.

B.

That Cloud NGFW be included to protect the cloud-based applications from external access into the cloud service provider hosting them.

C.

That IoT Security be included for visibility into the machines and to ensure that other devices connected to the network are identified and given risk and behavior profiles.

D.

That an Advanced CDSS bundle (Advanced Threat Prevention, Advanced WildFire, and Advanced URL Filtering) be procured to ensure the design receives advanced protection.

Question 3

Which three tools can a prospective customer use to evaluate Palo Alto Networks products to assess where they will fit in the existing architecture? (Choose three)

Options:

A.

Proof of Concept (POC)

B.

Policy Optimizer

C.

Security Lifecycle Review (SLR)

D.

Ultimate Test Drive

E.

Expedition

Question 4

A company with Palo Alto Networks NGFWs protecting its physical data center servers is experiencing a performance issue on its Active Directory (AD) servers due to high numbers of requests and updates the NGFWs are placing on the servers. How can the NGFWs be enabled to efficiently identify users without overloading the AD servers?

Options:

A.

Configure Cloud Identity Engine to learn the users' IP address-user mappings from the AD authentication logs.

B.

Configure an NGFW as a GlobalProtect gateway, then have all users run GlobalProtect Windows SSO to gather user information.

C.

Configure data redistribution to redistribute IP address-user mappings from a hub NGFW to the other spoke NGFWs.

D.

Configure an NGFW as a GlobalProtect gateway, then have all users run GlobalProtect agents to gather user information.

Question 5

A security engineer has been tasked with protecting a company's on-premises web servers but is not authorized to purchase a web application firewall (WAF).

Which Palo Alto Networks solution will protect the company from SQL injection zero-day, command injection zero-day, Cross-Site Scripting (XSS) attacks, and IIS exploits?

Options:

A.

Threat Prevention and PAN-OS 11.x

B.

Advanced Threat Prevention and PAN-OS 11.x

C.

Threat Prevention, Advanced URL Filtering, and PAN-OS 10.2 (and higher)

D.

Advanced WildFire and PAN-OS 10.0 (and higher)

Question 6

A systems engineer should create a profile that blocks which category to protect a customer from ransomware URLs by using Advanced URL Filtering?

Options:

A.

Ransomware

B.

High Risk

C.

Scanning Activity

D.

Command and Control

Question 7

While responding to a customer RFP, a systems engineer (SE) is presented the question, "How do PANW firewalls enable the mapping of transactions as part of Zero Trust principles?" Which two narratives can the SE use to respond to the question? (Choose two.)

Options:

A.

Emphasize Zero Trust as an ideology, and that the customer decides how to align to Zero Trust principles.

B.

Reinforce the importance of decryption and security protections to verify traffic that is not malicious.

C.

Explain how the NGFW can be placed in the network so it has visibility into every traffic flow.

D.

Describe how Palo Alto Networks NGFW Security policies are built by using users, applications, and data objects.

Question 8

Which two statements correctly describe best practices for sizing a firewall deployment with decryption enabled? (Choose two.)

Options:

A.

SSL decryption traffic amounts vary from network to network.

B.

Large average transaction sizes consume more processing power to decrypt.

C.

Perfect Forward Secrecy (PFS) ephemeral key exchange algorithms such as Diffie-Hellman Ephemeral (DHE) and Elliptic-Curve Diffie-Hellman Exchange (ECDHE) consume more processing resources than Rivest-Shamir-Adleman (RSA) algorithms.

D.

Rivest-Shamir-Adleman (RSA) certificate authentication method (not the RSA key exchange algorithm) consumes more resources than Elliptic Curve Digital Signature Algorithm (ECDSA), but ECDSA is more secure.

Question 9

What does Policy Optimizer allow a systems engineer to do for an NGFW?

Options:

A.

Recommend best practices on new policy creation

B.

Show unused licenses for Cloud-Delivered Security Services (CDSS) subscriptions and firewalls

C.

Identify Security policy rules with unused applications

D.

Act as a migration tool to import policies from third-party vendors

Question 10

Which use case is valid for Palo Alto Networks Next-Generation Firewalls (NGFWs)?

Options:

A.

Code-embedded NGFWs provide enhanced internet of things (IoT) security by allowing PAN-OS code to be run on devices that do not support embedded virtual machine (VM) images.

B.

Serverless NGFW code security provides public cloud security for code-only deployments that do not leverage virtual machine (VM) instances or containerized services.

C.

IT/OT segmentation firewalls allow operational technology resources in plant networks to securely interface with IT resources in the corporate network.

D.

PAN-OS GlobalProtect gateways allow companies to run malware and exploit prevention modules on their endpoints without installing endpoint agents.

Question 11

Which technique is an example of a DNS attack that Advanced DNS Security can detect and prevent?

Options:

A.

High entropy DNS domains

B.

Polymorphic DNS

C.

CNAME cloaking

D.

DNS domain rebranding

Question 12

Which two methods are valid ways to populate user-to-IP mappings? (Choose two.)

Options:

A.

XML API

B.

Captive portal

C.

User-ID

D.

SCP log ingestion

Question 13

What is used to stop a DNS-based threat?

Options:

A.

DNS proxy

B.

Buffer overflow protection

C.

DNS tunneling

D.

DNS sinkholing

Question 14

A systems engineer (SE) is working with a customer that is fully cloud-deployed for all applications. The customer is interested in Palo Alto Networks NGFWs but describes the following challenges:

"Our apps are in AWS and Azure, with whom we have contracts and minimum-revenue guarantees. We would use the built-in firewall on the cloud service providers (CSPs), but the need for centralized policy management to reduce human error is more important."

Which recommendations should the SE make?

Options:

A.

Cloud NGFWs at both CSPs; provide the customer a license for a Panorama virtual appliance from their CSP's marketplace of choice to centrally manage the systems.

B.

Cloud NGFWs in AWS and VM-Series firewall in Azure; the customer selects a PAYG licensing Panorama deployment in their CSP of choice.

C.

VM-Series firewalls in both CSPs; manually built Panorama in the CSP of choice on a host of either type: Palo Alto Networks provides a license.

D.

VM-Series firewall and CN-Series firewall in both CSPs; provide the customer a private-offer Panorama virtual appliance from their CSP’s marketplace of choice to centrally manage the systems.

Question 15

When a customer needs to understand how Palo Alto Networks NGFWs lower the risk of exploitation by newly announced vulnerabilities known to be actively attacked, which solution and functionality delivers the most value?

Options:

A.

Advanced URL Filtering uses machine learning (ML) to learn which malicious URLs are being utilized by the attackers, then block the resulting traffic.

B.

Advanced Threat Prevention's command injection and SQL injection functions use inline deep learning against zero-day threats.

C.

Single Pass Architecture and parallel processing ensure traffic is efficiently scanned against any enabled Cloud-Delivered Security Services (CDSS) subscription.

D.

WildFire loads custom OS images to ensure that the sandboxing catches any activity that would affect the customer's environment.

Question 16

Regarding APIs, a customer RFP states: "The vendor’s firewall solution must provide an API with an enforcement mechanism to deactivate API keys after two hours." How should the response address this clause?

Options:

A.

Yes - This is the default setting for API keys.

B.

No - The PAN-OS XML API does not support keys.

C.

No - The API keys can be made, but there is no method to deactivate them based on time.

D.

Yes - The default setting must be changed from no limit to 120 minutes.

Question 17

A customer claims that Advanced WildFire miscategorized a file as malicious and wants proof, because another vendor has said that the file is benign.

How could the systems engineer assure the customer that Advanced WildFire was accurate?

Options:

A.

Review the threat logs for information to provide to the customer.

B.

Use the WildFire Analysis Report in the log to show the customer the malicious actions the file took when it was detonated.

C.

Open a TAG ticket for the customer and allow support engineers to determine the appropriate action.

D.

Do nothing because the customer will realize Advanced WildFire is right.

Question 18

What is the minimum configuration to stop a Cobalt Strike Malleable C2 attack inline and in real time?

Options:

A.

Next-Generation CASB on PAN-OS 10.1

B.

Advanced Threat Prevention and PAN-OS 10.2

C.

Threat Prevention and Advanced WildFire with PAN-OS 10.0

D.

DNS Security, Threat Prevention, and Advanced WildFire with PAN-OS 9.x