Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Paloalto Networks PSE-Strata-Pro-24 - Palo Alto Networks Systems Engineer Professional - Hardware Firewall

What does Policy Optimizer allow a systems engineer to do for an NGFW?

A.

Recommend best practices on new policy creation

B.

Show unused licenses for Cloud-Delivered Security Services (CDSS) subscriptions and firewalls

C.

Identify Security policy rules with unused applications

D.

Act as a migration tool to import policies from third-party vendors

As a team plans for a meeting with a new customer in one week, the account manager prepares to pitch Zero Trust. The notes provided to the systems engineer (SE) in preparationfor the meeting read: "Customer is struggling with security as they move to cloud apps and remote users." What should the SE recommend to the team in preparation for the meeting?

A.

Lead with the account manager pitching Zero Trust with the aim of convincing the customer that the team's approach meets their needs.

B.

Design discovery questions to validate customer challenges with identity, devices, data, and access for applications and remote users.

C.

Lead with a product demonstration of GlobalProtect connecting to an NGFW and Prisma Access, and have SaaS security enabled.

D.

Guide the account manager into recommending Prisma SASE at the customer meeting to solve the issues raised.

What are two methods that a NGFW uses to determine if submitted credentials are valid corporate credentials? (Choose two.)

A.

Group mapping

B.

LDAP query

C.

Domain credential filter

D.

WMI client probing

A prospective customer wants to validate an NGFW solution and seeks the advice of a systems engineer (SE) regarding a design to meet the following stated requirements:

"We need an NGFW that can handle 72 Gbps inside of our core network. Our core switches only have up to 40 Gbps links available to which new devices can connect. We cannot change the IP address structure of the environment, and we need protection for threat prevention, DNS, and perhaps sandboxing."

Which hardware and architecture/design recommendations should the SE make?

A.

PA-5445 or larger to cover the bandwidth need and the link types; Architect aggregate interface groups in Layer-2 or virtual wire mode that include 2 x 40Gbps interfaces on both sides of the path.

B.

PA-5430 or larger to cover the bandwidth need and the link types; Architect aggregate interface groups in Layer-3 mode that include 40Gbps interfaces on both sides of the path.

C.

PA-5445 or larger to cover the bandwidth need and the link types; Architect aggregate interface groups in Layer-3 mode that include 40Gbps interfaces on both sides of the path.

D.

PA-5430 or larger to cover the bandwidth need and the link types; Architect aggregate interface groups in Layer-2 or virtual wire mode that include 2 x 40Gbps interfaces on both sides of the path.

Which two statements correctly describe best practices for sizing a firewall deployment with decryption enabled? (Choose two.)

A.

SSL decryption traffic amounts vary from network to network.

B.

Large average transaction sizes consume more processing power to decrypt.

C.

Perfect Forward Secrecy (PFS) ephemeral key exchange algorithms such as Diffie-Hellman Ephemeral (DHE) and Elliptic-Curve Diffie-Hellman Exchange (ECDHE) consume more processing resources than Rivest-Shamir-Adleman (RSA) algorithms.

D.

Rivest-Shamir-Adleman (RSA) certificate authentication method (not the RSA key exchange algorithm) consumes more resources than Elliptic Curve Digital Signature Algorithm (ECDSA), but ECDSA is more secure.

Which two tools should a systems engineer use to showcase the benefit of an evaluation that a customer has just concluded?

A.

Best Practice Assessment (BPA)

B.

Security Lifecycle Review (SLR)

C.

Firewall Sizing Guide

D.

Golden Images

A prospective customer is interested in Palo Alto Networks NGFWs and wants to evaluate the ability to segregate its internal network into unique BGP environments.

Which statement describes the ability of NGFWs to address this need?

A.

It cannot be addressed because PAN-OS does not support it.

B.

It can be addressed by creating multiple eBGP autonomous systems.

C.

It can be addressed with BGP confederations.

D.

It cannot be addressed because BGP must be fully meshed internally to work.

The PAN-OS User-ID integrated agent is included with PAN-OS software and comes in which two forms? (Choose two.)

A.

Integrated agent

B.

GlobalProtect agent

C.

Windows-based agent

D.

Cloud Identity Engine (CIE)