PSE-STRATA Online Practice Questions and Answers
Which three categories are identified as best practices in the Best Practice Assessment tool? (Choose three.)
A. use of decryption policies
B. measure the adoption of URL filters. App-ID. User-ID
C. use of device management access and settings
D. expose the visibility and presence of command-and-control sessions
E. identify sanctioned and unsanctioned SaaS applications
A Fortune 500 customer has expressed interest in purchasing WildFire; however, they do not want to send discovered malware outside of their network.
Which version of WildFire will meet this customer's requirements?
A. WildFire Private Cloud
B. WildFire Government Cloud
C. WildFire Secure Cloud
D. WildFire Public Cloud
How often are the databases for Anti-virus. Application, Threats, and WildFire subscription updated?
A. Anti-virus (weekly): Application (daily). Threats (weekly), WildFire (5 minutes)
B. Anti-virus (weekly), Application (daily), Threats (daily), WildFire (5 minutes)
C. Anti-virus (daily), Application (weekly), Threats (weekly), WildFire (5 minutes)
D. Anti-virus (daily), Application (weekly), Threats (daily), WildFire (5 minutes)
There are different Master Keys on Panorama and managed firewalls.
What is the result if a Panorama Administrator pushes configuration to managed firewalls?
A. The push operation will fail regardless of an error or not within the configuration itself
B. Provided there's no error within the configuration to be pushed, the push will succeed
C. The Master Key from the managed firewalls will be overwritten with the Master Key from Panorama
D. There will be a popup to ask if the Master Key from the Panorama should replace the Master Key from the managed firewalls
Which two email links, contained in SMTP and POP3, can be submitted from WildFire analysis with a WildFire subscription? (Choose two.)
A. FTP
B. HTTPS
C. RTP
D. HTTP
In which two cases should the Hardware offering of Panorama be chosen over the Virtual Offering? (Choose two.)
A. Dedicated Logger Mode is required
B. Logs per second exceed 10,000
C. Appliance needs to be moved into data center
D. Device count is under 100
A prospective customer currently uses a firewall that provides only Layer 4 inspection and protections. The customer sees traffic going to an external destination, port 53, but cannot determine what Layer 7 application traffic is going over that port
Which capability of PAN-OS would address the customer's lack of visibility?
A. Device ID, because it will give visibility into which devices are communicating with external destinations over port 53
B. single pass architecture (SPA), because it will improve the performance of the Palo Alto Networks Layer 7 inspection
C. User-ID, because it will allow the customer to see which users are sending traffic to external destinations over port 53
D. App-ID, because it will give visibility into what exact applications are being run over that port and allow the customer to block unsanctioned applications using port 53
What will a Palo Alto Networks next-generation firewall (NGFW) do when it is unable to retrieve a DNS verdict from the DNS cloud service in the configured lookup time?
A. allow the request and all subsequent responses
B. temporarily disable the DNS Security function
C. block the query
D. discard the request and all subsequent responses
Which two types of security chains are supported by the Decryption Broker? (Choose two.)
A. virtual wire
B. transparent bridge
C. Layer 3
D. Layer 2
What action would address the sub-optimal traffic path shown in the figure?
Key: RN -Remote Network SC -Service Connection MU GW -Mobile User Gateway
A. Onboard a Service Connection in the Americas region
B. Remove the Service Connection in the EMEA region
C. Onboard a Service Connection in the APAC region
D. Onboard a Remote Network location in the EMEA region