Updated PSE-Strata Exam Dumps (V13.02) – An Invaluable Tool for Your Palo Alto Networks System Engineer Professional – Strata Exam Preparation

1. A customer with a fully licensed Palo Alto Networks firewall is concerned about threats based on domain generation algorithms (DGAS).

Which Security profile is used to configure Domain Name Security (DNS) to Identity and block previously unknown DGA-based threats in real time?

2. Which two features are key in preventing unknown targeted attacks? (Choose two)

3. What is the recommended way to ensure that firewalls have the most current set of signatures for up-to-date protection?

4. Which three actions should be taken before deploying a firewall evaluation unt in a customer environment? (Choose three.)

5. When HTTP header logging is enabled on a URL Filtering profile, which attribute-value can be logged?

6. Which filtering criterion is used to determine users to be included as members of a dynamic user group (DUG)?

7. In Panorama, which three reports or logs will help identify the inclusion of a host source in a command-and-control (C2) incident? (Choose three.)

8. The ability to prevent users from resolving internet protocol (IP) addresses to malicious, grayware, or newly registered domains is provided by which Security service?

9. in which step of the Palo Alto Networks Five-Step Zero Trust Methodology would an organization's critical data, applications, assets, and services (DAAS) be identified?

10. Which of the following statements is valid with regard to Domain Name System (DNS) sinkholing?

11. Which Security profile on the Next-Generation Firewall (NGFW) includes Signatures to protect against brute force attacks?

12. Which built-in feature of PAN-OS allows the NGFW administrator to create a policy that provides auto remediation for anomalous user behavior and malicious activity while maintaining user visibility?

13. Which three mechanisms are valid for enabling user mapping? (Choose three.)

14. Which statement best describes the business value of Palo Alto Networks Zero Touch Provisioning (ZTP)?

15. What are two ways to manually add and remove members of dynamic user groups (DUGs)? (Choose two)

16. A packet that is already associated with a current session arrives at the firewall.

What is the flow of the packet after the firewall determines that it is matched with an existing session?

17. The Palo Ao Networks Cloud Identity Engino (CIE) includes which service that supports identity Providers (ldP)?

18. A customer is starting to understand their Zero Trust protect surface using the Palo Alto Networks Zero Trust reference architecture.

What are two steps in this process? (Choose two.)

19. WildFire machine learning (ML) for portable executable (PE) files is enabled in the antivirus profile and added to the appropriate firewall rules in the profile. In the Palo Alto Networks WildFire test av file, an attempt to download the test file is allowed through.

Which command returns a valid result to verify the ML is working from the command line.

20. Which three of the following actions must be taken to enable Credential Phishing Prevention? (Choose three.)

21. A customer requires an analytics tool with the following attributes:

- Uses the logs on the firewall to detect actionable events on the network

- Automatically processes a series of related threat events that, when combines, indicate a likely comprised host on the network

- Pinpoints the area of risk and allows for assessment of the risk to action can be taken to prevent exploitation of network resources

Which feature of PAN-OS will address these requirements?

22. What are three key benefits of the Palo Alto Networks platform approach to security? (Choose three)

23. WildFire can discover zero-day malware in which three types of traffic? (Choose three)

24. A Fortune 500 customer has expressed interest in purchasing WildFire; however, they do not want to send discovered malware outside of their network.

Which version of WildFire will meet this customer’s requirements?

25. Which three script types can be analyzed in WildFire? (Choose three)

26. Which component is needed for a large-scale deployment of NGFWs with multiple Panorama Management Servers?

27. Which two configuration elements can be used to prevent abuse of stolen credentials? (Choose two.)

28. Which CLI command allows visibility into SD-WAN events such as path Selection and path quality measurements?

29. A prospective customer currently uses a firewall that provides only Layer 4 inspection and protections. The customer sees traffic going to an external destination, port 53, but cannot determine what Layer 7 application traffic is going over that port.

Which capability of PAN-OS would address the customer's lack of visibility?

30. In PAN-OS 10.0 and later, DNS Security allows policy actions to be applied based on which three domains? (Choose three.)

31. What is an advantage of having WildFire machine learning (ML) capability Inline on the firewall?

32. A customer worried about unknown attacks is hesitant to enable SSL decryption due to privacy and regulatory issues .

How does the platform address the customer’s concern?

33. Which two features can be enabled to support asymmetric routing with redundancy on a Palo Alto networks next-generation firewall (NGFW)? (Choose two.)

34. A customer requires protections and verdicts for portable executable (PE) and executable and linkable format (ELF), as well as the ability to integrate with existing security tools.

Which Cloud-Delivered Security Service (CDSS) does Palo Alto Networks provide that will address this requirement?

35. What will a Palo Alto Networks next-generation firewall (NGFW) do when it is unable to retrieve a DNS verdict from the DNS cloud service in the configured lookup time?

36. Which statement applies to Palo Alto Networks Single Pass Parallel Processing (SP3)?

37. Which solution informs a customer concerned about zero-day targeted attacks whether an attack is specifically targeted at its property?

38. Which Palo Alto Networks security component should an administrator use to and NGFW policies to remote users?

39. Within the Five-Step Methodology of Zero Trust, in which step would application access and user access be defined?

40. What will best enhance security of a production online system while minimizing the impact for the existing network?

41. Which two methods are used to check for Corporate Credential Submissions? (Choose two.)

42. A customer is designing a private data center to host their new web application along with a separate headquarters for users.

Which cloud-delivered security service (CDSS) would be recommended for the headquarters only?

43. Access to a business site is blocked by URL Filtering inline machine learning (ML) and considered as a false-positive.

How should the site be made available?

44. Which proprietary technology solutions will allow a customer to identify and control traffic sources regardless of internet protocol (IP) address or network segment?

45. What are two benefits of the sinkhole Internet Protocol (IP) address that DNS Security sends to the client in place of malicious IP addresses? (Choose two.)

46. What is the default behavior in PAN-OS when a 12 MB portable executable (PE) fe is forwarded to the WildFire cloud service?

47. A WildFire subscription is required for which two of the following activities? (Choose two)

48. What helps avoid split brain in active / passive high availability (HA) pair deployment?

49. Which two of the following does decryption broker provide on a NGFW? (Choose two.)

50. How frequently do WildFire signatures move into the antivirus database?