Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

New Release PSE-Strata-Pro-24 PSE-Strata Professional Questions

Palo Alto Networks Systems Engineer Professional - Hardware Firewall Questions and Answers

Question 13

What is used to stop a DNS-based threat?

Options:

A.

DNS proxy

B.

Buffer overflow protection

C.

DNS tunneling

D.

DNS sinkholing

Question 14

A systems engineer (SE) is working with a customer that is fully cloud-deployed for all applications. The customer is interested in Palo Alto Networks NGFWs but describes the following challenges:

"Our apps are in AWS and Azure, with whom we have contracts and minimum-revenue guarantees. We would use the built-in firewall on the cloud service providers (CSPs), but the need for centralized policy management to reduce human error is more important."

Which recommendations should the SE make?

Options:

A.

Cloud NGFWs at both CSPs; provide the customer a license for a Panorama virtual appliance from their CSP's marketplace of choice to centrally manage the systems.

B.

Cloud NGFWs in AWS and VM-Series firewall in Azure; the customer selects a PAYG licensing Panorama deployment in their CSP of choice.

C.

VM-Series firewalls in both CSPs; manually built Panorama in the CSP of choice on a host of either type: Palo Alto Networks provides a license.

D.

VM-Series firewall and CN-Series firewall in both CSPs; provide the customer a private-offer Panorama virtual appliance from their CSP’s marketplace of choice to centrally manage the systems.

Question 15

When a customer needs to understand how Palo Alto Networks NGFWs lower the risk of exploitation by newly announced vulnerabilities known to be actively attacked, which solution and functionality delivers the most value?

Options:

A.

Advanced URL Filtering uses machine learning (ML) to learn which malicious URLs are being utilized by the attackers, then block the resulting traffic.

B.

Advanced Threat Prevention's command injection and SQL injection functions use inline deep learning against zero-day threats.

C.

Single Pass Architecture and parallel processing ensure traffic is efficiently scanned against any enabled Cloud-Delivered Security Services (CDSS) subscription.

D.

WildFire loads custom OS images to ensure that the sandboxing catches any activity that would affect the customer's environment.

Question 16

Regarding APIs, a customer RFP states: "The vendor’s firewall solution must provide an API with an enforcement mechanism to deactivate API keys after two hours." How should the response address this clause?

Options:

A.

Yes - This is the default setting for API keys.

B.

No - The PAN-OS XML API does not support keys.

C.

No - The API keys can be made, but there is no method to deactivate them based on time.

D.

Yes - The default setting must be changed from no limit to 120 minutes.