Free PSE Strata Sample Questions — Palo Alto Networks System Engineer Professional - Strata

Which two actions can be configured in an Anti-Spyware profile to address command-and-control (C2) traffic from compromised hosts? (Choose two.)

• A. Redirect
• B. Alert
• C. Quarantine
• D. Reset

What are two ways to manually add and remove members of dynamic user groups (DUGs)? (Choose two.)

• A. Tag the user through Active Directory
• B. Tag the user using Panorama or the Web UI of the firewall
• C. Tag the user through the firewall's XML API
• D. Add the user to an external dynamic list (EDL)

What allows verification of machine learning (ML) functionality for WildFire during a proof of concept?

• A. Execution of the appropriate CLI command
• B. Utilization of the ACC reports
• C. Reviewing traffic in the traffic log
• D. Checking the counters

For customers with high bandwidth requirements for Service Connections, what two limitations exist when onboarding multiple Service Connections to the same Prisma Access location servicing a single Datacenter? (Choose two.)

• A. Network segments in the Datacenter need to be advertised to only one Service Connection
• B. The customer edge device needs to support policy-based routing with symmetric return functionality
• C. The resources in the Datacenter will only be able to reach remote network resources that share the same region
• D. maximum of four service connections per Datacenter are supported with this topology

Which functionality is available to firewall users who have an active Threat Prevention subscription but no WildFire license?

• A. access to the WildFire API
• B. WildFire hybrid deployment
• C. five-minute WildFire updates
• D. PE file upload to WildFire

Which two interface types can be associated to a virtual router? (Choose two.)

• A. Loopback
• B. Virtual Wire
• C. VLAN
• D. Layer 2

A packet that is already associated with a current session arrives at the firewall. What is the flow of the packet after the firewall determines that it is matched with an existing session?

• A. It is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through multiple content inspection engines before egress
• B. It is sent through the slow path for further inspection. If subject to content inspection, it will pass through multiple content inspection engines before egress
• C. It is sent through the slow path for further inspection. If subject to content inspection, it will pass through a single stream-based content inspection engines before egress
• D. It is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through a single stream-based content inspection engine before egress

Which task would be identified in Best Practice Assessment tool?

• A. identify the visibility and presence of command-and-control sessions
• B. identify sanctioned and unsanctioned SaaS applications
• C. identify the threats associated with each application
• D. identify and provide recommendations for device management access

What three Tabs are available in the Detailed Device Health on Panorama for hardware-based firewalls? (Choose three.)

• A. Errors
• B. Environments
• C. Interfaces
• D. Mounts
• E. Throughput
• F. Sessions
• G. Status

A customer is designing a private data center to host their new web application along with a separate headquarters for users. Which cloud-delivered security service (CDSS) would be recommended for the headquarters only?

• A. WildFire
• B. Threat Prevention
• C. Advanced URL Filtering (AURLF)
• D. DNS Security

A large number of next-generation firewalls (NGFWs), along with Panorama and WildFire have been positioned for a prospective customer. The customer is concerned about storing retrieving and archiving firewall logs and has indicated that logs must be retained for a minimum of 60 days. An additional requirement is ingestion of a maximum of 10,000 logs per second. What will best meet the customer’s logging requirements?

• A. NGFWs that have at least 10TB of internal storage
• B. Appropriately sized NGFW based on use of the POPSICLE tool
• C. Appropriate Data Lake storage determined by using the Data Lake Calculator
• D. pair of fully populated M-300 storage appliances

In PAN-OS 10.0 and later, DNS Security allows policy actions to be applied based on which three domains? (Choose three.)

• A. benign
• B. government
• C. command and control (C2)
• D. malware
• E. grayware

Which deployment option of Advanced URL Filtering (AURLF) would help a prospect that actively uses PAC files?

• A. Explicit Proxy
• B. WildFire
• C. Phishing prevention
• D. Drive-by download protection

What component is needed if there is a large scale deployment of Next Generation Firewalls with multiple Panorama Management Servers?

• A. M-600 Appliance
• B. Panorama Large Scale VPN Plugin
• C. Panorama Interconnect Plugin
• D. Palo Alto Networks Cluster License

A customer next-generation firewall (NGFW) proof-of-concept (POC) and final presentation have just been completed. Which CLI command is used to clear data, remove all logs, and restore default configuration?

• A. >request private-data-reset system
• B. >request reset system public-data-reset
• C. >request system private-data-reset
• D. >reset system public-data-reset

A Fortune 500 customer has expressed interest in purchasing WildFire; however, they do not want to send discovered malware outside of their network. Which version of WildFire will meet this customer’s requirements?

• A. WildFire Government Cloud
• B. WildFire Public Cloud
• C. WildFire Private Cloud
• D. WildFire Secure Cloud

Which two methods are used to check for Corporate Credential Submissions? (Choose two.)

• A. domain credential filter
• B. IP user mapping
• C. User-ID credential check
• D. LDAP query

Which three considerations should be made prior to installing a decryption policy on the NGFW? (Choose three.)

• A. Include all traffic types in decryption policy
• B. Inability to access websites
• C. Exclude certain types of traffic in decryption policy
• D. Deploy decryption setting all at one time
• E. Ensure throughput is not an issue

What are two benefits of the sinkhole Internet Protocol (IP) address that DNS Security sends to the client in place of malicious IP addresses? (Choose two.)

• A. It represents the remediation server that the client should visit for patching
• B. In situations where the internal DNS server is between the client and the firewall, it gives the firewall the ability to identify the clients who originated the query to the malicious domain
• C. The client communicates with it instead of the malicious IP address
• D. It will take over as the new DNS resolver for that client and prevent further DNS requests from occurring in the meantime

Which two of the following does decryption broker provide on a NGFW? (Choose two.)

• A. Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic only once
• B. Eliminates the need for a third party SSL decryption option which allows you to reduce the total number of third party devices performing analysis and enforcement
• C. Provides a third party SSL decryption option which allows you to increase the total number of third party devices performing analysis and enforcement
• D. Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic multiple times