PSE-STRATA-ASSOCIATE Online Practice Questions and Answers

Which feature allows a customer to gain visibility and respond to changes in user behavior or potential threats without manual policy changes?

A. User-ID agent

B. dynamic user groups (DUGs)

C. Lightweight Directory Access Protocol (LDAP) sync

D. dynamic address objects

Which two of the following are benefits of the Palo AltoNetworks Zero Trust architecture? (Choose two.)

Select 2 Correct Responses

A. tighter access control

B. increased detection of threats and infiltration

C. more network segments

D. cloud-based virtual private network (VPN)

The Security Operations Center (SOC) has noticed that a user has large amounts of data going to and coming from an external encrypted website. The SOC would like to identify the data being sent to and received from this website.

Which Secure Sockets Layer (SSL) decryption method supported by Palo Alto Networks would allow the SOC to see this data?

A. Forward Proxy

B. Web Proxy

C. Certificate Proxy

D. Inbound Proxy

Which architecture allows a Palo Alto Networks Next-Generation Firewall (NGFW) to achieve high performance with all security features enabled?

A. single-pass parallel processing

B. dual-pass processing

C. multi-core processing

D. parallel-pass single processing

Which architecture is unique to Palo Alto Networks and results in no additional performance overhead when enabling additional features?

A. multi-pass

B. multiple-core threaded

C. single-pass

D. no-pass

What is a technical benefit of User-ID in relation to policy control?

A. It matches traffic against policy to check whether it is allowed on the network.

B. It allows all users to designate view-only access to itinerant personnel.

C. It improves safe enablement of applications traversing the network.

D. It encrypts all private keys and passwords in the configuration.

A Human Resources (HR) application has the URL of https://hr.company.com:4433/.

How should the "Service" column of the Security policy be set to match and permit this application?

A. Define and then select a new custom Transmission Control Protocol (TCP) service with port 4433.

B. Edit "service-https" to use port 4433.

C. Set to "service-http".

D. Set to "application-defaults," which will locate and match the HR application.

To use App-ID effectively in Security policies, which three best practices should be followed? (Choose three.)

Select 3 Correct Responses

A. Use Expedition to migrate aport-based policy to PAN-OS.

B. Whenever possible, enable App-ID override.

C. Use phased transition to safely enable applications.

D. Use Policy Optimizer to migrate to an application-based policy.

E. After the application is specified in policy, set the 7service to "any".

Using a comprehensive range of natively-integratedsubscriptions and inline machine learning (ML), what does a Next-Generation Firewall (NGFW) use to prevent known and unknown threats in real time?

A. Cloud Delivered Security Services (CDSS)

B. Cloud Security Posture Management (CSPM)

C. Cloud NativeSecurity Platform (CNSP)

D. Cloud Identity Access Management (CIAM)

Which of the following is an advantage of the Palo Alto Networks Next-Generation Firewall (NGFW)?

A. Docker containerscan be run on the hardware to add features.

B. It identifies applications by port number and protocol.

C. It is well positioned in the network to do more than provide access control.

D. Customers can create their own mix of security vendor products.