PSE-STRATA-ASSOCIATE Online Practice Questions and Answers

An administrator wants to deploy a pair of firewalls in an active/active high availability (HA) architecture.

Which two deployment types are supported in this circumstance? (Choose two.) Select 2 Correct Responses

A. Layer 3

B. TAP mode

C. Virtual Wire

D. Layer 2

Which architecture is unique to Palo Alto Networks and results in no additional performance overhead when enabling additional features?

A. multi-pass

B. multiple-core threaded

C. single-pass

D. no-pass

How does Cloud Identity Engine (CIE) simplify deployment of cloudbased services to provide user authentication?

A. It allows configuration of an authentication source once instead of for eachauthentication method.

B. It expands the capability to filter and forward decrypted and non-decrypted Transport Layer Security (TLS) traffic.

C. It ensures that a compromised master key does not compromise the configuration encryption for an entire deployment.

D. It authenticates users via a cloud-based service and refers to the hub for mappings for group identification.

Which of the following statements applies to WildFire Public Cloud verdicts?

A. They are unique to the affected Next-Generation Firewall (NGFW).

B. They are shared globally with all WildFire customers.

C. They must be manually downloaded from the WildFire portal.

D. They are automatically shared with third-party firewall vendors.

Which three key functions are processed as part of the Palo Alto Networks single-pass architecture (SPA)?

(Choose three.)

Select 3 Correct Responses

A. User-ID

B. Content-ID

C. Intruder-ID

D. Device-ID

E. Virus-ID

Which two Cloud-Delivered Security Services (CDSS) would be appropriate for an organization that wants to secure internet traffic on a perimeter firewall? (Choose two.) Select 2 Correct Responses

A. WildFire

B. Advanced URL Filtering (AURLF)

C. Autonomous Digital Experience Management (ADEM)

D. SD-WAN

What is a technical benefit of User-ID in relation to policy control?

A. It matches traffic against policy to check whether it is allowed on the network.

B. It allows all users to designate view-only access to itinerant personnel.

C. It improves safe enablement of applications traversing the network.

D. It encrypts all private keys and passwords in the configuration.

A Human Resources (HR) application has the URL of https://hr.company.com:4433/.

How should the "Service" column of the Security policy be set to match and permit this application?

A. Define and then select a new custom Transmission Control Protocol (TCP) service with port 4433.

B. Edit "service-https" to use port 4433.

C. Set to "service-http".

D. Set to "application-defaults," which will locate and match the HR application.

To use App-ID effectively in Security policies, which three best practices should be followed? (Choose three.)

Select 3 Correct Responses

A. Use Expedition to migrate aport-based policy to PAN-OS.

B. Whenever possible, enable App-ID override.

C. Use phased transition to safely enable applications.

D. Use Policy Optimizer to migrate to an application-based policy.

E. After the application is specified in policy, set the 7service to "any".

What are three unique benefits of the Palo Alto Networks Content-ID? (Choose three.) Select 3 Correct Responses

A. micro-segmenting network traffic based on the unique identification number of the content

B. increasing latency as new threat prevention features are enabled

C. detecting and preventing known and unknown threats in a single pass

D. enforcing policy control over unapproved web surfing

E. proactively identifying and defending against unknown, new, or custom malware and exploits

Which three of the following arefeatures of the Palo Alto Networks Next-Generation Firewall (NGFW) that differentiate it from a stateful inspection firewall? (Choose three.)

Select 3 Correct Responses

A. Login-ID

B. User-ID

C. App-ID

D. Network-ID

E. SSL/SSH Decrypt

Which of the following is an advantage of the Palo Alto Networks Next-Generation Firewall (NGFW)?

A. Docker containerscan be run on the hardware to add features.

B. It identifies applications by port number and protocol.

C. It is well positioned in the network to do more than provide access control.

D. Customers can create their own mix of security vendor products.

The ability of a Next-Generation Firewall (NGFW) to logically group physical and virtual interfaces and then control traffic based on that grouping is known aswhat?

A. LLDP profiles

B. security zones

C. DHCP groups

D. security profile groups

What file is needed from a firewall to generate a Security Lifecycle Review (SLR) report when creating the SLR?

A. tech support file

B. Panorama plugin registration file

C. stats dump file

D. system process core file

Implementation of which PAN-OS feature improves visibility and prevention of malware?

A. Anti-Spyware profiles

B. Data Filtering profiles

C. Decryption profiles

D. Antivirus profiles