Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Paloalto Networks PSE-Strata-Associate - Palo Alto Networks Systems Engineer (PSE) - Strata Associate

Paloalto Networks PSE-Strata-Associate Premium Access     Download Demo    
Page: 1 / 1
Total 35 questions

The ability of a Next-Generation Firewall (NGFW) to logically group physical and virtual interfaces and then control traffic based on that grouping is known as what?

A.

LLDP profiles

B.

security zones

C.

DHCP groups

D.

security profile groups

A Human Resources (HR) application has the URL of https://hr.company.com:4433/.

How should the "Service" column of the Security policy be set to match and permit this application?

A.

Define and then select a new custom Transmission Control Protocol (TCP) service with port 4433.

B.

Edit "service-https" to use port 4433.

C.

Set to "service-http".

D.

Set to "application-defaults," which will locate and match the HR application.

Which Next-Generation Firewall (NGFW) deployment model allows an organization to monitor traffic during evaluations without interruption to network traffic?

A.

Layer 2

B.

TAP mode

C.

virtual wire

D.

Layer 3

Which of the following statements applies to enabling App-ID on a Next-Generation Firewall (NGFW)?

A.

No additional purchase is required, but App-ID must be enabled for the customer to use it.

B.

An App-ID subscription must be purchased and enabled.

C.

No configuration is required, because App-ID is always enabled by default.

D.

A Threat Protection license must be purchased and enabled.

To use App-ID effectively in Security policies, which three best practices should be followed? (Choose three.)

Select 3 Correct Responses

A.

Use Expedition to migrate a port-based policy to PAN-OS.

B.

Whenever possible, enable App-ID override.

C.

Use phased transition to safely enable applications.

D.

Use Policy Optimizer to migrate to an application-based policy.

E.

After the application is specified in policy, set the 7 service to "any".

Which two of the following are ways that Palo Alto Networks CloudDelivered Security Services (CDSS) use confidential information collected from users? (Choose two.)

Select 2 Correct Responses

A.

legal compliance

B.

attack retaliation attribution

C.

verification of entitlements

D.

verification of applicant statements

A firewall enabled as a decryption broker will take which of the following actions?

A.

forward clear text traffic to security chains for additional enforcement

B.

monitor the state of active connections to determine which network packets to allow through

C.

correlate a series of related threat events that indicate a likely compromised host on the network

D.

identify potential denial-of-service (DoS) attacks and take protective action

Which two of the following are benefits of the Palo Alto Networks Zero Trust architecture? (Choose two.)

Select 2 Correct Responses

A.

tighter access control

B.

increased detection of threats and infiltration

C.

more network segments

D.

cloud-based virtual private network (VPN)

Which architecture allows a Palo Alto Networks Next-Generation Firewall (NGFW) to achieve high performance with all security features enabled?

A.

single-pass parallel processing

B.

dual-pass processing

C.

multi-core processing

D.

parallel-pass single processing

Which two Cloud-Delivered Security Services (CDSS) would be appropriate for an organization that wants to secure internet traffic on a perimeter firewall? (Choose two.)

Select 2 Correct Responses

A.

WildFire

B.

Advanced URL Filtering (AURLF)

C.

Autonomous Digital Experience Management (ADEM)

D.

SD-WAN