Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Palo Alto Networks PSE Strata

Palo Alto Networks PSE Strata Exam Practice Questions (P. 3)

  • Full Access (136 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #11
Which two features are found in Palo Alto Networks NGFW but are absent in a legacy firewall product? (Choose two.)
  1. A
    Policy match is based on application
  2. B
    Traffic control is based on IP, port, and protocol
  3. C
    Traffic is separated by zones
  4. D
    Identification of application is possible on any port

Correct Answer:
AD
chatbot-img GPT-4o - Answer
Absolutely, both A and D define the capabilities that set Palo Alto Networks NGFW apart. These firewalls break the traditional boundary by focusing on app identification regardless of the port used, rather than just blocking or allowing traffic based on protocol, port, or IP address. This advanced approach enables more robust and flexible network security management compared to the legacy systems.

Question #12
For customers with high bandwidth requirements for Service Connections, what two limitations exist when onboarding multiple Service Connections to the same
Prisma Access location servicing a single Datacenter? (Choose two.)
  1. A
    Network segments in the Datacenter need to be advertised to only one Service Connection
  2. B
    The customer edge device needs to support policy-based routing with symmetric return functionality
  3. C
    The resources in the Datacenter will only be able to reach remote network resources that share the same region
  4. D
    A maximum of four service connections per Datacenter are supported with this topology

Correct Answer:
AD
chatbot-img GPT-4o - Answer
The correct limitations when onboarding multiple Service Connections to the same Prisma Access location for a single Datacenter include the need for network segments in the Datacenter to be advertised to only one Service Connection and a cap of four service connections per Datacenter. These constraints ensure optimized routing and manageability within high bandwidth scenarios. This information aligns broadly with the stated guidelines and prerequisites in the Prisma Access documentation for setting up high bandwidth connections, confirming the limitation on the number of service connections and the advertisement requirement.

Question #13
Which three categories are identified as best practices in the Best Practice Assessment tool? (Choose three.)
  1. A
    use of device management access and settings
  2. B
    identify sanctioned and unsanctioned SaaS applications
  3. C
    expose the visibility and presence of command-and-control sessions
  4. D
    measure the adoption of URL filters, App-ID, User-ID
  5. E
    use of decryption policies

Correct Answer:
BDE
chatbot-img GPT-4o - Answer
The correct answers to the question centered on identifying best practices in the Best Practice Assessment tool are B, D, and E. These options specifically cover evaluating sanctioned and unsanctioned SaaS applications, measuring the adoption of URL filters, App-ID, User-ID, and the use of decryption policies. These areas are crucial for enhancing network security and ensuring efficient traffic monitoring and management, aligning well with Palo Alto Networks' emphasis on comprehensive, aspect-oriented security approach.

Question #14
You have a prospective customer that is looking for a way to provide secure temporary access to contractors for a designated period of time. They currently add contractors to existing user groups and create ad hoc policies to provide network access. They admit that once the contractor no longer needs access to the network, administrators are usually too busy to manually delete policies that provided access to the contractor. This has resulted in over-provisioned access that has allowed unauthorized access to their systems.
They are looking for a solution to automatically remove access for contractors once access is no longer required.
You address their concern by describing which feature in the NGFW?
  1. A
    Dynamic User Groups
  2. B
    Dynamic Address Groups
  3. C
    Multi-factor Authentication
  4. D
    External Dynamic Lists

Correct Answer:
A
chatbot-img GPT-4o - Answer
Dynamic User Groups in NGFW are ideal for situations where user access needs to be automatically managed and adjusted based on certain criteria, such as the duration of a contractor’s engagement. This feature streamlines the process, reducing manual intervention and thereby securing the network from over-provisioned access that could lead to unauthorized entry once the access is no longer required. Essentially, this feature ensures that when conditions change, such as at the end of a contract period, the access permissions update accordingly with no manual oversight needed.

Question #15
Which methods are used to check for Corporate Credential Submissions? (Choose three.)
  1. A
    Group Mapping
  2. B
    IP User Mapping
  3. C
    LDAP query
  4. D
    Domain Credential Filter
  5. E
    User ID Credential Check

Correct Answer:
ABD
Reference:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/threat-prevention/prevent-credential-phishing/methods-to-check-for-corporate-credential- submissions.html#id29eff481-13de-45b9-b73c-83e2e932ba20

Previous Questions Next Questions

All Pages