PSE StrataFree trialFree trial

By palo-alto-networks
Aug, 2025

Verified

25Q per page

Question 1

What is the key benefit of Palo Alto Networks Single Pass Parallel Processing design?

  • A: There are no benefits other than slight performance upgrades
  • B: It allows Palo Alto Networks to add new functions to existing hardware
  • C: Only one processor is needed to complete all the functions within the box
  • D: It allows Palo Alto Networks to add new devices to existing hardware

Question 2

A customer requests that a known spyware threat signature be triggered based on a rate of occurrence, for example, 10 hits in 5 seconds.
How is this goal accomplished?

  • A: Create a custom spyware signature matching the known signature with the time attribute
  • B: Add a correlation object that tracks the occurrences and triggers above the desired threshold
  • C: Submit a request to Palo Alto Networks to change the behavior at the next update
  • D: Configure the Anti-Spyware profile with the number of rule counts to match the occurrence frequency

Question 3

In Panorama, which three reports or logs will help identify the inclusion of a host / source in a command-and-control (C2) incident? (Choose three.)

  • A: WildFire analysis reports
  • B: data filtering logs
  • C: hotnet reports
  • D: threat logs
  • E: SaaS reports

Question 4

Which three of the following actions must be taken to enable Credential Phishing Prevention? (Choose three.)

  • A: Enable App-ID.
  • B: Define a uniform resource locator (URL) Filtering profile.
  • C: Enable User-ID.
  • D: Enable User Credential Detection.
  • E: Define a Secure Sockets Layer (SSL) decryption rule base.

Question 5

Which two statements correctly describe what a Network Packet Broker does for a Palo Alto Networks NGFW? (Choose two.)

  • A: It provides a third-party SSL decryption option, which can increase the total number of third-party devices performing analysis and enforcement.
  • B: It allows SSL decryption to be offloaded to the NGFW and traffic to be decrypted only once.
  • C: It eliminates the need for a third-party SSL decryption option, which reduces the total number of third-party devices performing decryption.
  • D: It allows SSL decryption to be offloaded to the NGFW and traffic to be decrypted multiple times.

Question 6

A customer with a legacy firewall architecture focused on port-and-protocol-level security has heard that NGFWs open all ports by default.

Which of the following statements regarding Palo Alto Networks NGFWs is an appropriate rebuttal that explains an advantage over legacy firewalls?

  • A: They do not consider port information, instead relying on App-ID signatures that do not reference ports.
  • B: They protect all applications on all ports while leaving all ports open by default.
  • C: They can control applications by application-default service ports or a configurable list of approved ports on a per-policy basis.
  • D: They keep ports closed by default, only opening after understanding the application request, and then opening only the application-specified ports.

Question 7

Which two configuration elements can be used to prevent abuse of stolen credentials? (Choose two.)

  • A: multi-factor authentication (MFA)
  • B: URL Filtering Profiles
  • C: WildFire analysis
  • D: dynamic user groups (DUGs)

Question 8

A Fortune 500 customer has expressed interest in purchasing WildFire; however, they do not want to send discovered malware outside of their network.

Which version of WildFire will meet this customer’s requirements?

  • A: WildFire Government Cloud
  • B: WildFire Public Cloud
  • C: WildFire Private Cloud
  • D: WildFire Secure Cloud

Question 9

What will a Palo Alto Networks next-generation firewall (NGFW) do when it is unable to retrieve a DNS verdict from the DNS cloud service in the configured lookup time?

  • A: block the query
  • B: allow the request and all subsequent responses
  • C: temporarily disable the DNS Security function
  • D: discard the request and all subsequent responses

Question 10

What will best enhance security of a production online system while minimizing the impact for the existing network?

  • A: active/active high availability (HA)
  • B: Layer 2 interfaces
  • C: virtual systems
  • D: virtual wire

Question 11

Which two features are found in Palo Alto Networks NGFW but are absent in a legacy firewall product? (Choose two.)

  • A: Policy match is based on application
  • B: Traffic control is based on IP, port, and protocol
  • C: Traffic is separated by zones
  • D: Identification of application is possible on any port

Question 12

Which three of the following are identified in the Best Practice Assessment tool? (Choose three.)

  • A: use of device management access and settings
  • B: use of decryption policies
  • C: presence of command-and-control (C2) sessions
  • D: identification of sanctioned and unsanctioned software-as-a-service (SaaS) application
  • E: measurement of the adoption of URL filters, App-ID, and User-ID

Question 13

WildFire can discover zero-day malware in which three types of traffic? (Choose three.)

  • A: TFTP
  • B: SMTP
  • C: DNS
  • D: FTP
  • E: HTTPS

Question 14

A large number of next-generation firewalls (NGFWs), along with Panorama and WildFire have been positioned for a prospective customer. The customer is concerned about storing retrieving and archiving firewall logs and has indicated that logs must be retained for a minimum of 60 days. An additional requirement is ingestion of a maximum of 10,000 logs per second.

What will best meet the customer’s logging requirements?

  • A: NGFWs that have at least 10TB of internal storage
  • B: Appropriately sized NGFW based on use of the POPSICLE tool
  • C: Appropriate Data Lake storage determined by using the Data Lake Calculator
  • D: A pair of fully populated M-300 storage appliances

Question 15

WildFire machine learning (ML) for portable executable (PE) files is enabled in the antivirus profile and added to the appropriate firewall rules in the profile. In the Palo Alto Networks WildFire test av file, an attempt to download the test file is allowed through.

Which command returns a valid result to verify the ML is working from the command line?

  • A: show wfml cloud-status
  • B: show ml cloud-status
  • C: show mlav cloud-status
  • D: show wfav cloud-status

Question 16

Which action will protect against port scans from the internet?

  • A: Assign an Interface Management profile to the zone of the ingress interface
  • B: Assign Security profiles to Security policy rules for traffic sourcing from the untrust zone
  • C: Apply a Zone Protection profile on the zone of the ingress interface
  • D: Apply App-ID Security policy rules to block traffic sourcing from the untrust zone

Question 17

What is used to choose the best path on a virtual router that has two or more different routes to the same destination?

  • A: Metric
  • B: Source zone
  • C: Administrative distance
  • D: Path monitoring

Question 18

Which PAN-OS feature should be discussed if a prospect wants to apply Security policy actions to traffic by using tags from their virtual environment?

  • A: Machine learning (ML)
  • B: Dynamic User Groups
  • C: URL blocking
  • D: MineMeld

Question 19

Which solution informs a customer concerned about zero-day targeted attacks whether an attack is specifically targeted at its property?

  • A: Panorama Correlation Report
  • B: AutoFocus
  • C: Cortex XSOAR Community Edition
  • D: Cortex XDR Prevent

Question 20

A prospective customer wants to purchase a next-generation firewall (NGFW) and requires at least 2 million concurrent sessions with a minimum of 10Gbps of throughput with threat detection enabled.

Which tool will help quickly determine the correct size of NGFW for this customer?

  • A: Data Lake Calculator available on the Palo Alto Networks website
  • B: NGFW sizing app available for iOS and Android devices
  • C: Product Comparison tool available on the Palo Alto Networks website
  • D: Quoting tool available on the Palo Alto Networks website

Question 21

For customers with high bandwidth requirements for Service Connections, what two limitations exist when onboarding multiple Service Connections to the same
Prisma Access location servicing a single Datacenter? (Choose two.)

  • A: Network segments in the Datacenter need to be advertised to only one Service Connection
  • B: The customer edge device needs to support policy-based routing with symmetric return functionality
  • C: The resources in the Datacenter will only be able to reach remote network resources that share the same region
  • D: A maximum of four service connections per Datacenter are supported with this topology

Question 22

A customer next-generation firewall (NGFW) proof-of-concept (POC) and final presentation have just been completed.

Which CLI command is used to clear data, remove all logs, and restore default configuration?

  • A: >request private-data-reset system
  • B: >request reset system public-data-reset
  • C: >request system private-data-reset
  • D: >reset system public-data-reset

Question 23

Which decryption requirement ensures that inspection can be provided to all inbound traffic routed to internal application and database servers?

  • A: Installation of certificates from the application server and database server on the NGFW and configuration of an SSL Inbound Decryption policy
  • B: Installation of a trusted root CA certificate on the NGFW and configuration of an SSL Inbound Decryption policy
  • C: Configuration of an SSL Inbound Decryption policy using one of the built-in certificates included in the certificate store
  • D: Configuration of an SSL Inbound Decryption policy without installing certificates

Question 24

Which two interface types can be associated to a virtual router? (Choose two.)

  • A: Loopback
  • B: Virtual Wire
  • C: VLAN
  • D: Layer 2

That’s the end of your free questions

You’ve reached the preview limit for PSE Strata

Consider upgrading to gain full access!

Page 1 of 5 • Questions 1-25 of 117
12345

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!