Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

PSE-Strata Palo Alto Networks System Engineer Professional - Strata Questions and Answers

Questions 4

What is an advantage of having WildFire machine learning (ML) capability Inline on the firewall?

Options:

A.

It eliminates of the necessity for dynamic analysis in the cloud

B.

It enables the firewall to block unknown malicious files in real time and prevent patient zero without disrupting business productivity

C.

It is always able to give more accurate verdicts than the cloud ML analysis reducing false positives and false negatives

D.

It improves the CPU performance of content inspection

Buy Now
Questions 5

When the Cortex Data Lake is sized for Traps Management Service, which two factors should be considered? (Choose two.)

Options:

A.

retention requirements

B.

Traps agent forensic data

C.

the number of Traps agents

D.

agent size and OS

Buy Now
Questions 6

Which two of the following does decryption broker provide on a NGFW? (Choose two.)

Options:

A.

Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic only once

B.

Eliminates the need for a third party SSL decryption option which allows you to reduce the total number of third party devices performing analysis and enforcement

C.

Provides a third party SSL decryption option which allows you to increase the total number of third party devices performing analysis and enforcement

D.

Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic multiple times

Buy Now
Questions 7

Which profile or policy should be applied to protect against port scans from the internet?

Options:

A.

Interface management profile on the zone of the ingress interface

B.

Zone protection profile on the zone of the ingress interface

C.

An App-ID security policy rule to block traffic sourcing from the untrust zone

D.

Security profiles to security policy rules for traffic sourcing from the untrust zone

Buy Now
Questions 8

Which two methods are used to check for Corporate Credential Submissions? (Choose two.)

Options:

A.

doman credentialiter

B.

User-ID credential check

C.

LDAP query

D.

IP user mapping

Buy Now
Questions 9

Which domain permissions are required by the User-ID Agent for WMI Authentication on a Windows Server? (Choose three.)

Options:

A.

Domain Administrators

B.

Enterprise Administrators

C.

Distributed COM Users

D.

Event Log Readers

E.

Server Operator

Buy Now
Questions 10

How frequently do WildFire signatures move into the antivirus database?

Options:

A.

every 24 hours

B.

every 12 hours

C.

once a week

D.

every 1 hour

Buy Now
Questions 11

In which two cases should the Hardware offering of Panorama be chosen over the Virtual Offering? (Choose two.)

Options:

A.

Dedicated Logger Mode is required

B.

Logs per second exceed 10,000

C.

Appliance needs to be moved into data center

D.

Device count is under 100

Buy Now
Questions 12

A customer requests that a known spyware threat signature be triggered based on a rate of occurrence, for example, 10 hits in 5 seconds.

How is this goal accomplished?

Options:

A.

Create a custom spyware signature matching the known signature with the time attribute

B.

Add a correlation object that tracks the occurrences and triggers above the desired threshold

C.

Submit a request to Palo Alto Networks to change the behavior at the next update

D.

Configure the Anti-Spyware profile with the number of rule counts to match the occurrence frequency

Buy Now
Questions 13

Match the functions to the appropriate processing engine within the dataplane.

PSE-Strata Question 13

Options:

Buy Now
Questions 14

Which task would be identified in Best Practice Assessment tool?

Options:

A.

identify the visibility and presence of command-and-control sessions

B.

identify sanctioned and unsanctioned SaaS applications

C.

identify the threats associated with each application

D.

identify and provide recommendations for device management access

Buy Now
Questions 15

Which three platform components can identify and protect against malicious email links? (Choose three.)

Options:

A.

WildFire hybrid cloud solution

B.

WildFire public cloud

C.

WF-500

D.

M-200

E.

M-600

Buy Now
Questions 16

Which CLI command will allow you to view latency, jitter and packet loss on a virtual SD-WAN interface?

A)

PSE-Strata Question 16

B)

PSE-Strata Question 16

C)

PSE-Strata Question 16

D)

PSE-Strata Question 16

Options:

A.

Option

B.

Option

C.

Option

D.

Option

Buy Now
Questions 17

What are two benefits of using Panorama for a customer who is deploying virtual firewalls to secure data center traffic? (Choose two.)

Options:

A.

It can provide the Automated Correlation Engine functionality, which the virtual firewalls do not support.

B.

It can monitor the virtual firewalls' physical hosts and Vmotion them as necessary

C.

It can automatically create address groups for use with KVM.

D.

It can bootstrap the virtual firewalls for dynamic deployment scenarios.

Buy Now
Questions 18

A price-sensitive customer wants to prevent attacks on a Windows Virtual Server. The server will max out at 100Mbps but needs to have 45.000 sessions to connect to multiple hosts within a data center

Which VM instance should be used to secure the network by this customer?

Options:

A.

VM-200

B.

VM-100

C.

VM-50

D.

VM-300

Buy Now
Questions 19

What are three sources of malware sample data for the Threat Intelligence Cloud? (Choose three)

Options:

A.

Next-generation firewalls deployed with WildFire Analysis Security Profiles

B.

WF-500 configured as private clouds for privacy concerns

C.

Correlation Objects generated by AutoFocus

D.

Third-party data feeds such as partnership with ProofPomt and the Cyber Threat Alliance

E.

Palo Alto Networks non-firewall products such as Traps and Prisma SaaS

Buy Now
Questions 20

The need for a file proxy solution, virus and spyware scanner, a vulnerability scanner, and HTTP decoder for URL filtering is handled by which component in the NGFW?

Options:

A.

First Packet Processor

B.

Stream-based Signature Engine

C.

SIA (Scan It All) Processing Engine

D.

Security Processing Engine

Buy Now
Questions 21

A customer is seeing an increase in the number of malicious files coming in from undetectable sources in their network. These files include doc and .pdf file types.

The customer uses a firewall with User-ID enabled

Which feature must also be enabled to prevent these attacks?

Options:

A.

Content Filtering

B.

WildFire

C.

Custom App-ID rules

D.

App-ID

Buy Now
Questions 22

A customer has business-critical applications that rely on the general web-browsing application. Which security profile can help prevent drive-by-downloads while still allowing web-browsing traffic?

Options:

A.

File Blocking Profile

B.

DoS Protection Profile

C.

URL Filtering Profile

D.

Vulnerability Protection Profile

Buy Now
Questions 23

Which selection must be configured on PAN-OS External Dynamic Lists to support MineMeld indicators?

Options:

A.

Prototype

B.

Inputs

C.

Class

D.

Feed Base URL

Buy Now
Questions 24

As you prepare to scan your Amazon S3 account, what enables Prisma service permission to access Amazon S3?

Options:

A.

access key ID

B.

secret access key

C.

administrative Password

D.

AWS account ID

Buy Now
Questions 25

Select the BOM for the Prisma Access, to provide access for 5500 mobile users and 10 remote locations (100Mbps each) for one year, including Base Support and minimal logging. The customer already has 4x PA5220r 8x PA3220,1x Panorama VM for 25 devices.

Options:

A.

5500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YR, 1x PAN-LGS-1TB-1YR

B.

5500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YR, 1x PAN-SVC-BAS-PRA-25. 1x PAN-PRA-25

C.

5500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YRr 1x PAN-LGS-1TB-1YR, 1x PAN-PRA-25, 1x PAN-SVC-BAS-PRA-25

D.

1x PAN-GPCS-USER-C-BAS-1YR, 1x PAN-GPCS-NET-B-BAS-1YR, 1x PAN-LGS-1TB-1YR

Buy Now
Questions 26

A customer worried about unknown attacks is hesitant to enable SSL decryption due to privacy

and regulatory issues. How does the platform address the customer’s concern?

Options:

A.

It overcomes reservations about SSL decrypt by offloading to a higher-capacity firewall to help with the decrypt throughput

B.

It shows how AutoFocus can provide visibility into targeted attacks at the industry sector

C.

It allows a list of websites or URL categories to be defined for exclusion from decryption

D.

It bypasses the need to decrypt SSL traffic by analyzing the file while still encrypted

Buy Now
Questions 27

A packet that is already associated with a current session arrives at the firewall.

What is the flow of the packet after the firewall determines that it is matched with an existing session?

Options:

A.

it is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through a single stream-based content inspection engine before egress.

B.

It is sent through the slow path for further inspection. If subject to content inspection, it will pass through a single stream-based content inspection engines before egress

C.

It is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through multiple content inspection engines before egress

D.

It is sent through the slow path for further inspection. If subject to content inspection, it will pass through multiple content inspection engines before egress

Buy Now
Questions 28

Match the WildFire Inline Machine Learning Model to the correct description for that model.

PSE-Strata Question 28

Options:

Buy Now
Questions 29

Which statement best describes the business value of Palo Alto Networks Zero Touch Provisioning (ZTP)?

Options:

A.

It is designed to simplify and automate the onboarding of new firewalls to the Panorama management server.

B.

When it is in place, it removes the need for an onsite firewall

C.

When the service is purchased, Palo Alto Networks sends an engineer to physically deploy the firewall to the customer environment

D.

It allows a firewall to be automatically connected to the local network wirelessly

Buy Now
Questions 30

Which three script types can be analyzed in WildFire? (Choose three)

Options:

A.

PythonScript

B.

MonoSenpt

C.

JScript

D.

PowerShell Script

E.

VBScript

Buy Now
Questions 31

WildFire machine learning (ML) for portable executable (PE) files is enabled in the antivirus profile and added to the appropriate firewall rules in the profile. In the Palo Alto Networks WildFire test av file, an attempt to download the test file is allowed through.

Which command returns a valid result to verify the ML is working from the command line.

Options:

A.

show wfml cloud-status

B.

show mlav cloud-status

C.

show ml cloud-status

D.

show av cloud-status

Buy Now
Questions 32

Which license is required to receive weekly dynamic updates to the correlation objects on the firewall and Panorama?

Options:

A.

WildFire on the firewall, and AutoFocus on Panorama

B.

Threat Prevention on the firewall, and Support on Panorama

C.

GlobalProtect on the firewall, and Threat Prevention on Panorama

D.

URL Filtering on the firewall, and MineMeld on Panorama

Buy Now
Questions 33

What are three key benefits of the Palo Alto Networks platform approach to security? (Choose three)

Options:

A.

operational efficiencies due to reduction in manual incident review and decrease in mean time to resolution (MTTR)

B.

improved revenue due to more efficient network traffic throughput

C.

Increased security due to scalable cloud delivered security Services (CDSS)

D.

Cost savings due to reduction in IT management effort and device

Buy Now
Questions 34

Which three items contain information about Command-and-Control (C2) hosts? (Choose three.)

Options:

A.

Threat logs

B.

WildFire analysis reports

C.

Botnet reports

D.

Data filtering logs

E.

SaaS reports

Buy Now
Questions 35

What are three considerations when deploying User-ID? (Choose three.)

Options:

A.

Specify included and excluded networks when configuring User-ID

B.

Only enable User-ID on trusted zones

C.

Use a dedicated service account for User-ID services with the minimal permissions necessary

D.

User-ID can support a maximum of 15 hops

E.

Enable WMI probing in high security networks

Buy Now
Questions 36

Which two products can send logs to the Cortex Data Lake? (Choose two.)

Options:

A.

AutoFocus

B.

PA-3260 firewall

C.

Prisma Access

D.

Prisma Public Cloud

Buy Now
Questions 37

XYZ Corporation has a legacy environment with asymmetric routing. The customer understands that Palo Alto Networks firewalls can support asymmetric routing with redundancy.

Which two features must be enabled to meet the customer’s requirements? (Choose two.)

Options:

A.

Virtual systems

B.

HA active/active

C.

HA active/passive

D.

Policy-based forwarding

Buy Now
Questions 38

Which two steps are required to configure the Decryption Broker? (Choose two.)

Options:

A.

reboot the firewall to activate the license

B.

activate the Decryption Broker license

C.

enable SSL Forward Proxy decryption

D.

enable a pair of virtual wire interfaces to forward decrypted traffic

Buy Now
Questions 39

Which filtering criterion is used to determine users to be included as members of a dynamic user group (DUG)?

Options:

A.

Security policy rule

B.

Tag

C.

Login ID

D.

IP address

Buy Now
Questions 40

The Palo Ao Networks Cloud Identity Engino (CIE) includes which service that supports identity Providers (ldP)?

Options:

A.

Directory Sync and Cloud Authentication Service that support IdP ung SAML 2.0 and OAuth2

B.

Cloud Authentication Service that supports IdP using SAML 2.0 and OAuth2

C.

Directory Sync and Cloud Authentication Service that support IdP ng SAML 2.0

D.

Directory Sync that supports IdP using SAML 2.0

Buy Now
Questions 41

What are two presales selling advantages of using Expedition? (Choose two.)

Options:

A.

map migration gaps to professional services statement of Works (SOWs)

B.

streamline & migrate to Layer7 policies using Policy Optimizer

C.

reduce effort to implement policies based on App-ID and User-ID

D.

easy migration process to move to Palo Alto Networks NGFWs

Buy Now
Exam Code: PSE-Strata
Exam Name: Palo Alto Networks System Engineer Professional - Strata
Last Update: Apr 20, 2025
Questions: 137

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now PSE-Strata testing engine

PDF (Q&A)

$36.75  $104.99
buy now PSE-Strata pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 24 Apr 2025