Palo Alto Networks PSE-Strata Exam Practice Test Instant Access

Question 1

Which built-in feature of PAN-OS allows the NGFW administrator to create a policy that provides autoremediation for anomalous user behavior and malicious activity while maintaining user visibility?

ADynamic user groups (DUGS)

Btagging groups

Cremote device User-ID groups

Ddynamic address groups (DAGs)

Answer : A

Question 2

A customer with a fully licensed Palo Alto Networks firewall is concerned about threats based on domain generation algorithms (DGAS).

Which Security profile is used to configure Domain Name Security (DNS) to Identity and block

previously unknown DGA-based threats in real time?

AURL Filtering profile

BWildFire Analysis profile

CVulnerability Protection profile

DAnti-Spyware profile

Answer : D

Question 3

Which of the following statements is valid with regard to Domain Name System (DNS) sinkholing?

Ait requires the Vulnerability Protection profile to be enabled

BDNS sinkholing signatures are packaged and delivered through Vulnerability Protection updates

Cinfected hosts connecting to the Sinkhole Internet Protocol (IP) address can be identified in the traffic logs

DIt requires a Sinkhole license in order to activate

Answer : C

Question 4

What is the recommended way to ensure that firewalls have the most current set of signatures for up-to-date protection?

ARun a Perl script to regularly check for updates and alert when one is released

BMonitor update announcements and manually push updates to Crewall

CStore updates on an intermediary server and point all the firewalls to it

DUse dynamic updates with the most aggressive schedule required by business needs

Answer : D

Question 5

In Panorama, which three reports or logs will help identify the inclusion of a host source in a command-and-control (C2) incident? (Choose three.)

ASaaS reports

Bdata filtering logs

CWildFire analysis reports

Dthreat logs

Ebotnet reports

Answer : C, D, E

Question 6

WildFire can discover zero-day malware in which three types of traffic? (Choose three)

ASMTP

BHTTPS

CFTP

DDNS

ETFTP

Answer : A, B, C

Question 7

Which statement applies to Palo Alto Networks Single Pass Parallel Processing (SP3)?

AIt processes each feature in a separate single pass with additional performance impact for each enabled feature.

BIts processing applies only to security features and does not include any networking features.

CIt processes all traffic in a single pass with no additional performance impact for each enabled feature.

DIt splits the traffic and processes all security features in a single pass and all network features in a separate pass

Answer : C

Palo Alto Networks System Engineer - Strata Exam Practice Test