[Jan-2022] Updated Palo Alto Networks Systems Engineer PSE-Strata Exam Questions BUNDLE PACK [Q36-Q59]

[Jan-2022] Updated Palo Alto Networks Systems Engineer PSE-Strata Exam Questions BUNDLE PACK

Master The Palo Alto Networks Content PSE-Strata EXAM DUMPS WITH GUARANTEED SUCCESS!

NEW QUESTION 36
Which CLI allows you to view the names of SD-WAN policy rules that send traffic to the specified virtual SD-WAN interface, along with the performance metrics?
A)

B)

C)

D)

• A. Option
• B. Option
• C. Option
• D. Option

Answer: B

Explanation:
https://docs.paloaltonetworks.com/sd-wan/1-0/sd-wan-admin/troubleshooting/use-cli-commands-for-sd-wan-tasks.html

 

NEW QUESTION 37
Match the functions to the appropriate processing engine within the dataplane.

Answer:

Explanation:

 

NEW QUESTION 38
When the Cortex Data Lake is sized for Traps Management Service, which two factors should be considered?
(Choose two.)

• A. the number of Traps agents
• B. retention requirements
• C. agent size and OS
• D. Traps agent forensic data

Answer: C,D

 

NEW QUESTION 39
Which domain permissions are required by the User-ID Agent for WMI Authentication on a Windows Server?
(Choose three.)

• A. Event Log Readers
• B. Enterprise Administrators
• C. Server Operator
• D. Distributed COM Users
• E. Domain Administrators

Answer: A,C,E

Explanation:
Explanation
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/user-identification/device-user-identific

 

NEW QUESTION 40
Which two products can send logs to the Cortex Data Lake? (Choose two.)

• A. Prisma Access
• B. Prisma Public Cloud
• C. AutoFocus
• D. PA-3260 firewall

Answer: A,D

Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-cortex-data-lake/forward-logs-to-cortex-data-lake

 

NEW QUESTION 41
Which functionality is available to firewall users with an active Threat Prevention subscription, but no WildFire license?

• A. Access to the WildFire API
• B. WildFire hybrid deployment
• C. PE file upload to WildFire
• D. 5 minute WildFire updates to threat signatures

Answer: D

 

NEW QUESTION 42
What three Tabs are available in the Detailed Device Health on Panorama for hardware-based firewalls? (Choose three.)

• A. Interfaces
• B. Errors
• C. Mounts
• D. Sessions
• E. Status
• F. Environments
• G. Throughput

Answer: A,D,F

 

NEW QUESTION 43
A customer requests that a known spyware threat signature be triggered based on a rate of occurrence, for example, 10 hits in 5 seconds.
How is this goal accomplished?

• A. Add a correlation object that tracks the occurrences and triggers above the desired threshold
• B. Submit a request to Palo Alto Networks to change the behavior at the next update
• C. Configure the Anti-Spyware profile with the number of rule counts to match the occurrence frequency
• D. Create a custom spyware signature matching the known signature with the time attribute

Answer: D

 

NEW QUESTION 44
Which are the three mandatory components needed to run Cortex XDR? (Choose three.)

• A. NGFW with PANOS 8 0.5 or later
• B. Pathfinder
• C. Directory Syn Service
• D. Panorama
• E. Cortex Data Lake
• F. Traps

Answer: A,C,E

 

NEW QUESTION 45
How frequently do WildFire signatures move into the antivirus database?

• A. once a week
• B. every 1 hour
• C. every 24 hours
• D. every 12 hours

Answer: C

Explanation:
https://docs.paloaltonetworks.com/wildfire/9-0/wildfire-admin/wildfire-overview/wildfire-concepts/wildfire-signatures

 

NEW QUESTION 46
Which three considerations should be made prior to installing a decryption policy on the NGFW? (Choose three.)

• A. Deploy decryption setting all at one time
• B. Inability to access websites
• C. Ensure throughput is not an issue
• D. Include all traffic types in decryption policy
• E. Exclude certain types of traffic in decryption policy

Answer: B,D,E

 

NEW QUESTION 47
What are two core values of the Palo Alto Network Security Operating Platform? (Choose two.}

• A. threat remediation
• B. defense against threats with static security solution
• C. prevention of cyber attacks
• D. safe enablement of all applications

Answer: A,C

 

NEW QUESTION 48
Which three categories are identified as best practices in the Best Practice Assessment tool? (Choose three.)

• A. measure the adoption of URL filters. App-ID. User-ID
• B. identify sanctioned and unsanctioned SaaS applications
• C. use of decryption policies
• D. use of device management access and settings
• E. expose the visibility and presence of command-and-control sessions

Answer: A,B

 

NEW QUESTION 49
What is the key benefit of Palo Alto Networks Single Pass Parallel Processing design?

• A. It allows Palo Alto Networks to add new functions to existing hardware
• B. There are no benefits other than slight performance upgrades
• C. Only one processor is needed to complete all the functions within the box
• D. It allows Palo Alto Networks to add new devices to existing hardware

Answer: C

 

NEW QUESTION 50
Which domain permissions are required by the User-ID Agent for WMI Authentication on a Windows Server? (Choose three.)

• A. Event Log Readers
• B. Enterprise Administrators
• C. Server Operator
• D. Distributed COM Users
• E. Domain Administrators

Answer: A,C,E

Explanation:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/user-identification/device-user-identification-user-mapping/user-id-agent-setup/user-id-agent-setup-wmi-authentication

 

NEW QUESTION 51
When log sizing is factored for the Cortex Data Lake on the NGFW, what is the average log size used in calculation?

• A. 18 bytes
• B. depends on the Cortex Data Lake tier purchased
• C. 8MB
• D. 1500 bytes

Answer: D

Explanation:
Explanation
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVMCA0

 

NEW QUESTION 52
When log sizing is factored for the Cortex Data Lake on the NGFW, what is the average log size used in calculation?

• A. 18 bytes
• B. depends on the Cortex Data Lake tier purchased
• C. 8MB
• D. 1500 bytes

Answer: D

 

NEW QUESTION 53
A customer with a legacy firewall architecture is focused on port and protocol level security, and has heard that next generation firewalls open all ports by default. What is the appropriate rebuttal that positions the value of a NGFW over a legacy firewall?

• A. Palo Alto Networks keep ports closed by default, only opening ports after understanding the application request, and then opening only the application-specified ports.
• B. Palo Alto Networks does not consider port information, instead relying on App-ID signatures that do not reference ports.
• C. Default policies block all interzone traffic. Palo Alto Networks empowers you to control applications by default ports or a configurable list of approved ports on a per-policy basis.
• D. Palo Alto Networks NGFW protects all applications on all ports while leaving all ports opened by default.

Answer: C

 

NEW QUESTION 54
What can be applied to prevent users from unknowingly downloading malicious file types from the internet?

• A. An antivirus profile to security policy rules that deny general web access
• B. A vulnerability profile to security policy rules that deny general web access
• C. A zone protection profile to the untrust zone
• D. A file blocking profile to security policy rules that allow general web access

Answer: D

Explanation:
https://docs.paloaltonetworks.com/best-practices/8-1/internet-gateway-best-practices/best-practice-internet-gateway-security-policy/create-best-practice-security-profiles.html

 

NEW QUESTION 55
Which two features are found in a Palo Alto Networks NGFW but are absent in a legacy firewall product? (Choose two.)

• A. Identification of application is possible on any port
• B. Traffic is separated by zones
• C. Policy match is based on application
• D. Traffic control is based on IP port, and protocol

Answer: A,C

 

NEW QUESTION 56
What are three sources of malware sample data for the Threat Intelligence Cloud? (Choose three)

• A. Next-generation firewalls deployed with WildFire Analysis Security Profiles
• B. Palo Alto Networks non-firewall products such as Traps and Prisma SaaS
• C. WF-500 configured as private clouds for privacy concerns
• D. Third-party data feeds such as partnership with ProofPomt and the Cyber Threat Alliance
• E. Correlation Objects generated by AutoFocus

Answer: B,D,E

Explanation:
https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/autofocus

 

NEW QUESTION 57
Decryption port mirroring is now supported on which platform?

• A. only one the PA-5000 Series and higher
• B. all hardware-based and VM-Series firewalls regardless of where installed
• C. all hardware-based and VM-Series firewalls with the exception of VMware NSX. Citrix SDX, or public cloud hypervisors
• D. in hardware only

Answer: B

 

NEW QUESTION 58
What are three considerations when deploying User-ID? (Choose three.)

• A. User-ID can support a maximum of 15 hops
• B. Only enable User-ID on trusted zones
• C. Enable WMI probing in high security networks
• D. Use a dedicated service account for User-ID services with the minimal permissions necessary
• E. Specify included and excluded networks when configuring User-ID

Answer: B,D,E

 

NEW QUESTION 59
......

Pass Palo Alto Networks PSE-Strata Exam – Experts Are Here To Help You: https://www.realvce.com/PSE-Strata_free-dumps.html

Get Latest Palo Alto Networks Systems Engineer PSE-Strata Practice Test For Quick Preparation: https://drive.google.com/open?id=17bDQ8MG--iGIn5JUVeiYZ30Duofc5PNJ