Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Paloalto Networks PSE-Strata-Pro-24 Questions Answers

Palo Alto Networks Systems Engineer Professional - Hardware Firewall Questions and Answers

Question 5

A security engineer has been tasked with protecting a company's on-premises web servers but is not authorized to purchase a web application firewall (WAF).

Which Palo Alto Networks solution will protect the company from SQL injection zero-day, command injection zero-day, Cross-Site Scripting (XSS) attacks, and IIS exploits?

Options:

A.

Threat Prevention and PAN-OS 11.x

B.

Advanced Threat Prevention and PAN-OS 11.x

C.

Threat Prevention, Advanced URL Filtering, and PAN-OS 10.2 (and higher)

D.

Advanced WildFire and PAN-OS 10.0 (and higher)

Question 6

A systems engineer should create a profile that blocks which category to protect a customer from ransomware URLs by using Advanced URL Filtering?

Options:

A.

Ransomware

B.

High Risk

C.

Scanning Activity

D.

Command and Control

Question 7

While responding to a customer RFP, a systems engineer (SE) is presented the question, "How do PANW firewalls enable the mapping of transactions as part of Zero Trust principles?" Which two narratives can the SE use to respond to the question? (Choose two.)

Options:

A.

Emphasize Zero Trust as an ideology, and that the customer decides how to align to Zero Trust principles.

B.

Reinforce the importance of decryption and security protections to verify traffic that is not malicious.

C.

Explain how the NGFW can be placed in the network so it has visibility into every traffic flow.

D.

Describe how Palo Alto Networks NGFW Security policies are built by using users, applications, and data objects.

Question 8

Which two statements correctly describe best practices for sizing a firewall deployment with decryption enabled? (Choose two.)

Options:

A.

SSL decryption traffic amounts vary from network to network.

B.

Large average transaction sizes consume more processing power to decrypt.

C.

Perfect Forward Secrecy (PFS) ephemeral key exchange algorithms such as Diffie-Hellman Ephemeral (DHE) and Elliptic-Curve Diffie-Hellman Exchange (ECDHE) consume more processing resources than Rivest-Shamir-Adleman (RSA) algorithms.

D.

Rivest-Shamir-Adleman (RSA) certificate authentication method (not the RSA key exchange algorithm) consumes more resources than Elliptic Curve Digital Signature Algorithm (ECDSA), but ECDSA is more secure.