• Home
  • Articles
  • [Q74-Q92] PSE-Strata Certification - The Ultimate Guide [Updated 2023]

[Q74-Q92] PSE-Strata Certification - The Ultimate Guide [Updated 2023]

Share

PSE-Strata Certification - The Ultimate Guide [Updated 2023]

PSE-Strata Practice Exam and Study Guides - Verified By NewPassLeader

NEW QUESTION 74
A customer with a legacy firewall architecture is focused on port and protocol level security, and has heard that next generation firewalls open all ports by default. What is the appropriate rebuttal that positions the value of a NGFW over a legacy firewall?

  • A. Palo Alto Networks does not consider port information, instead relying on App-ID signatures that do not reference ports.
  • B. Palo Alto Networks keep ports closed by default, only opening ports after understanding the application request, and then opening only the application-specified ports.
  • C. Default policies block all interzone traffic. Palo Alto Networks empowers you to control applications by default ports or a configurable list of approved ports on a per-policy basis.
  • D. Palo Alto Networks NGFW protects all applications on all ports while leaving all ports opened by default.

Answer: A

 

NEW QUESTION 75
XYZ Corporation has a legacy environment with asymmetric routing. The customer understands that Palo Alto Networks firewalls can support asymmetric routing with redundancy. Which two features must be enabled to meet the customer's requirements? (Choose two.)

  • A. Policy-based forwarding
  • B. HA active/passive
  • C. HA active/active
  • D. Virtual systems

Answer: A,C

Explanation:
Explanation
https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/high-availability/route-based-redundancy

 

NEW QUESTION 76
Which two new file types are supported on the WF-500 in PAN-OS 9? (Choose two)

  • A. 7-Zip
  • B. RAR
  • C. Zip
  • D. ELF

Answer: A,B

Explanation:
https://docs.paloaltonetworks.com/wildfire/9-0/wildfire-admin/wildfire-overview/wildfire-file-type-support

 

NEW QUESTION 77
What aspect of PAN-OS allows for the NGFW admin to create a policy that provides auto- remediation for anomalous user behavior and malicious activity while maintaining user visibility?

  • A. Remote Device UserID Agent
  • B. Dynamic User Groups
  • C. Dynamic Address Groups
  • D. user-to-tag mapping

Answer: B

Explanation:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-new-features/user-id-features/dynamic- user-groups

 

NEW QUESTION 78
Which three actions should be taken before deploying a firewall evaluation unt in a customer environment? (Choose three.)

  • A. Set expectations for information being presented in the Security Lifecycle Review (SLR) because personal user information will be made visible
  • B. Reset the evaluation unit to factory default to ensure that data from any previous customer evaluation is removed
  • C. Inform the customer that a SPAN port must be provided for the evaluation unit, assuming a TAP mode deployment.
  • D. Upgrade the evaluation unit to the most current recommended firmware, unless a demo of the upgrade process is planned.
  • E. Request that the customer make part 3978 available to allow the evaluation unit to communicate with Panorama

Answer: B,C,D

 

NEW QUESTION 79
How often are the databases for Anti-virus. Application, Threats, and WildFire subscription updated?

  • A. Anti-virus (weekly): Application (daily). Threats (weekly), WildFire (5 minutes)
  • B. Anti-virus (weekly), Application (daily), Threats (daily), WildFire (5 minutes)
  • C. Anti-virus (daily), Application (weekly), Threats (daily), WildFire (5 minutes)
  • D. Anti-virus (daily), Application (weekly), Threats (weekly), WildFire (5 minutes)

Answer: D

Explanation:
Explanation
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/software-and-content-updates/dynamic-content-upd

 

NEW QUESTION 80
Which Security profile on the Next-Generation Firewall (NGFW) includes Signatures to protect against brute force attacks?

  • A. Vulnerability Protection profile
  • B. URL Filtering profile
  • C. Antivirus profile
  • D. Anti-Spyware profile

Answer: A

 

NEW QUESTION 81
A customer is designing a private data center to host their new web application along with a separate headquarters for users.
Which cloud-delivered security service (CDSS) would be recommended for the headquarters only?

  • A. WildFire
  • B. Advanced URL Filtering (AURLF)
  • C. Threat Prevention
  • D. DNS Security

Answer: C

 

NEW QUESTION 82
In which two cases should the Hardware offering of Panorama be chosen over the Virtual Offering? (Choose two.)

  • A. Logs per second exceed 10,000
  • B. Dedicated Logger Mode is required
  • C. Appliance needs to be moved into data center
  • D. Device count is under 100

Answer: A,B

 

NEW QUESTION 83
Which two products are included in the Prisma Brand? (Choose two.)

  • A. Prisma Cloud Compute
  • B. Panorama
  • C. Prisma Cloud Enterprise
  • D. NGFW

Answer: A,C

Explanation:
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin- compute/welcome/pcee_vs_pcce.html

 

NEW QUESTION 84
When the Cortex Data Lake is sized for Prisma Access mobile users, what is a valid log size range you would use per day. per user?

  • A. 1 MB to 5 MB
  • B. 10 MB to 30 MB
  • C. 100 MB to 200 MB
  • D. 1500 to 2500 bytes

Answer: C

 

NEW QUESTION 85
Which three mechanisms are valid for enabling user mapping? (Choose three.)

  • A. Reverse DNS lookup
  • B. Client probing
  • C. Captive Portal
  • D. User behaviour recognition
  • E. Domain server monitoring

Answer: B,C,E

 

NEW QUESTION 86
What is an advantage of having WildFire machine learning (ML) capability Inline on the firewall?

  • A. It is always able to give more accurate verdicts than the cloud ML analysis reducing false positives and false negatives
  • B. It improves the CPU performance of content inspection
  • C. It enables the firewall to block unknown malicious files in real time and prevent patient zero without disrupting business productivity
  • D. It eliminates of the necessity for dynamic analysis in the cloud

Answer: C

 

NEW QUESTION 87
Match the WildFire Inline Machine Learning Model to the correct description for that model.

Answer:

Explanation:

 

NEW QUESTION 88
What are three sources of malware sample data for the Threat Intelligence Cloud? (Choose three)

  • A. Third-party data feeds such as partnership with ProofPomt and the Cyber Threat Alliance
  • B. Correlation Objects generated by AutoFocus
  • C. Palo Alto Networks non-firewall products such as Traps and Prisma SaaS
  • D. Next-generation firewalls deployed with WildFire Analysis Security Profiles
  • E. WF-500 configured as private clouds for privacy concerns

Answer: A,B,C

Explanation:
https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/autofocus

 

NEW QUESTION 89
How do you configure the rate of file submissions to WildFire in the NGFW?

  • A. maximum number of files per minute
  • B. based on the purchased license uploaded
  • C. maximum number of files per day
  • D. QoS tagging

Answer: A

Explanation:
Explanation
https://www.paloaltonetworks.com/documentation/80/wildfire/wf_admin/submit-files-for-wildfire-analysis/firew

 

NEW QUESTION 90
Which three features are used to prevent abuse of stolen credentials? (Choose three.)

  • A. Prisma Access
  • B. URL Filtering Profiles
  • C. multi-factor authentication
  • D. SSL decryption rules
  • E. WildFire Profiles

Answer: C,D,E

Explanation:
https://www.paloaltonetworks.com/company/press/2017/palo-alto-networks-delivers-industry-first- capabilities-to-prevent-credential-theft-and-abuse

 

NEW QUESTION 91
An Administrator needs a PDF summary report that contains information compiled from existing reports based on data for the Top five(5) in each category.
Which two timeframe options are available to send this report? (Choose two.)

  • A. Bi-weekly
  • B. Monthly
  • C. Weekly
  • D. Daily

Answer: C,D

 

NEW QUESTION 92
......


What is Palo Alto Networks PSE Strata Exam?

Palo Alto Networks PSE Strata Exam is a certification that validates the skills of IT professionals for installing, configuring, and maintaining Palo Alto Networks products. By obtaining this certification, you can use it as a stepping stone to achieving other certifications offered by Palo Alto Networks. Palo Alto Networks PSE Strata Exam is required for individuals who are interested in taking the Palo Alto Networks Certified Security Engineer (CSE) exam. The CSE is a professional-level security exam that requires in-depth knowledge of designing, deploying, and securing Palo Alto Networks products. It is ideal for security engineers who have at least one year of experience working with network security solutions from Palo Alto Networks or any other vendor. Candidates should have expert-level knowledge of using policies and rules to secure networks and devices.

 

Ultimate Guide to the PSE-Strata - Latest Edition Available Now: https://itcert-online.newpassleader.com/Palo-Alto-Networks/PSE-Strata-exam-preparation-materials.html

Related Articles

more
Palo Alto Networks PSE-Strata Certification Practice Exam