Palo Alto Networks PSE-Strata Exam Practice Test Instant Access

Question 1

The Palo Ao Networks Cloud Identity Engino (CIE) includes which service that supports identity Providers (ldP)?

ADirectory Sync and Cloud Authentication Service that support IdP ung SAML 2.0 and OAuth2

BCloud Authentication Service that supports IdP using SAML 2.0 and OAuth2

CDirectory Sync and Cloud Authentication Service that support IdP ng SAML 2.0

DDirectory Sync that supports IdP using SAML 2.0

Answer : A

Question 2

What are three key benefits of the Palo Alto Networks platform approach to security? (Choose three)

Aoperational efficiencies due to reduction in manual incident review and decrease in mean time to resolution (MTTR)

Bimproved revenue due to more efficient network traffic throughput

CIncreased security due to scalable cloud delivered security Services (CDSS)

DCost savings due to reduction in IT management effort and device

Answer : B, C, D

Question 3

A customer requires an analytics tool with the following attributes:

- Uses the logs on the firewall to detect actionable events on the network

- Automatically processes a series of related threat events that, when combines, indicate a likely comprised host on the network

- Pinpoints the area of risk and allows for assessment of the risk to action can be taken to prevent exploitation of network resources

Which feature of PAN-OS will address these requirements?

AWildFire with application program interface (API) calls for automation

BThird-party security information and event management (SIEM) which can ingest next-generation firewall (NGFW) logs

CAutomated correlation engine (ACE)

DCortex XDR and Cortex Data Lake

Answer : C

Question 4

Which CLI command allows visibility into SD-WAN events such as path Selection and path quality measurements?

A>show sdwan path-monitor stats vif

B>show sdwan session distribution policy-name

C>show sdwan connection all

D>show sdwan event

Answer : D

Question 5

A prospective customer currently uses a firewall that provides only Layer 4

inspection and protections. The customer sees traffic going to an external destination, port 53, but cannot determine what Layer 7 application traffic is going over that port

Which capability of PAN-OS would address the customer's lack of visibility?

ADevice ID, because it will give visibility into which devices are communicating with external destinations over port 53

Bsingle pass architecture (SPA), because it will improve the performance of the Palo Alto Networks Layer 7 inspection

CUser-ID, because it will allow the customer to see which users are sending traffic to external destinations over port 53

DApp-ID, because it will give visibility into what exact applications are being run over that port and allow the customer to block unsanctioned applications using port 53

Answer : D

Question 6

What are two benefits of the sinkhole Internet Protocol (IP) address that DNS Security sends to the client in place of malicious IP addresses? (Choose two.)

AThe client communicates with it instead of the malicious IP address

BIt represents the remediation server that the client should visit for patching

CIt will take over as the new DNS resolver for that client and prevent further DNS requests from occurring in the meantime

DIn situations where the internal DNS server is between the client and the firewall, it gives the firewall the ability to identify the clients who originated the query to the malicious domain

Answer : A, D

Question 7

Which two configuration elements can be used to prevent abuse of stolen credentials? (Choose two.)

AWildFire analysis

BDynamic user groups (DUGs)

CMulti-factor authentication (MFA)

DURL Filtering Profiles

Answer : C, D

Palo Alto Networks PSE-Strata Palo Alto Networks System Engineer - Strata Exam Practice Test