Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Palo Alto Networks PSE Strata

Palo Alto Networks PSE Strata Exam Practice Questions (P. 2)

  • Full Access (136 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #6
What two types of certificates are used to configure SSL Forward Proxy? (׀¡hoose two.)
  1. A
    Enterprise CA-signed certificates
  2. B
    Self-Signed certificates
  3. C
    Intermediate certificates
  4. D
    Private key certificates

Correct Answer:
AB
Reference:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/configure-ssl-forward-proxy#:~:text=You%20can%20use%20an%
20enterprise,as%20the%20forward%20trust%20certificate.&text=Certificate%20Name-,.,unique%20name%20for%20each%20firewall

Question #7
Which two of the following does decryption broker provide on a NGFW? (Choose two.)
  1. A
    Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic only once
  2. B
    Eliminates the need for a third party SSL decryption option which allows you to reduce the total number of third party devices performing analysis and enforcement
  3. C
    Provides a third party SSL decryption option which allows you to increase the total number of third party devices performing analysis and enforcement
  4. D
    Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic multiple times

Correct Answer:
AB
Reference:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/decryption/decryption-broker.html

Question #8
There are different Master Keys on Panorama and managed firewalls.
What is the result if a Panorama Administrator pushes configuration to managed firewalls?
  1. A
    The push operation will fail regardless of an error or not within the configuration itself
  2. B
    Provided there's no error within the configuration to be pushed, the push will succeed
  3. C
    The Master Key from the managed firewalls will be overwritten with the Master Key from Panorama
  4. D
    There will be a popup to ask if the Master Key from the Panorama should replace the Master Key from the managed firewalls

Correct Answer:
A
Reference:
https://www.reddit.com/r/paloaltonetworks/comments/onz15y/what_is_the_result_if_a_panorama_administrator/

Question #9
Which task would be identified in Best Practice Assessment tool?
  1. A
    identify the visibility and presence of command-and-control sessions
  2. B
    identify sanctioned and unsanctioned SaaS applications
  3. C
    identify the threats associated with each application
  4. D
    identify and provide recommendations for device management access

Correct Answer:
B
chatbot-img GPT-4o - Answer
Option D, which focuses on identifying and providing recommendations for device management access, might be more aligned with the main functions of the Best Practice Assessment (BPA) tool. BPA primarily examines existing configurations against ideal configuration practices recommended by Palo Alto Networks and suggests enhancements. The tool does not directly engage with the identification of applications, whether sanctioned or unsanctioned, which seems to be more in the realm of the Application Identification (App-ID) technology. Therefore, understanding and improving configurations to align with best practices is central to the utility of the BPA.

Question #10
A customer requests that a known spyware threat signature be triggered based on a rate of occurrence, for example, 10 hits in 5 seconds.
How is this goal accomplished?
  1. A
    Create a custom spyware signature matching the known signature with the time attribute
  2. B
    Add a correlation object that tracks the occurrences and triggers above the desired threshold
  3. C
    Submit a request to Palo Alto Networks to change the behavior at the next update
  4. D
    Configure the Anti-Spyware profile with the number of rule counts to match the occurrence frequency

Correct Answer:
A
chatbot-img GPT-4o - Answer
To handle a customer's request to trigger a known spyware threat signature based on a specific occurrence rate, such as 10 hits in 5 seconds, you should create a custom spyware signature that matches the known signature and includes a time attribute. This method allows the system to track the occurrence and rate, triggering alerts when the conditions meet the specified criteria. This approach effectively customizes the monitoring to be alert to specific behavioral patterns, thus enhancing threat detection based on temporal characteristics.

Previous Questions Next Questions

All Pages