2024 Valid PSE-Strata Exam Updates - 2024 Study Guide [Q80-Q101]

Share

2024 Valid PSE-Strata Exam Updates - 2024 Study Guide

PSE-Strata Certification - The Ultimate Guide [Updated 2024]


The PSE-Strata exam tests candidates on their understanding of network security concepts, Palo Alto Networks architecture and features, and their ability to design and implement effective security solutions. PSE-Strata exam is divided into two parts: multiple-choice questions and hands-on lab exercises. The multiple-choice questions cover a range of topics like network security concepts, network design, and Palo Alto Networks products and features. The hands-on lab exercises test candidates' ability to configure and troubleshoot Palo Alto Networks products in a simulated environment. PSE-Strata exam is available in multiple languages and can be taken at any Pearson VUE testing center.

 

NEW QUESTION # 80
Which functionality is available to firewall users with an active Threat Prevention subscription, but no WildFire license?

  • A. five-minute WildFire updates
  • B. PE file upload to WildFire
  • C. Access to the WildFire API
  • D. WildFire hybrid deployment

Answer: C


NEW QUESTION # 81
Which User-ID method maps IP addresses to usernames for users connecting through an
802.1x-enabled wireless network device that has no native integration with PAN-OS software?

  • A. Port Mapping
  • B. XML API
  • C. Client Probing
  • D. Server Monitoring

Answer: B


NEW QUESTION # 82
What are five benefits of Palo Alto Networks NGFWs (Next Generation Firewalls)? (Select the five correct answers.)

  • A. Identical security subscriptions on all models
  • B. Convenient configuration Wizard
  • C. Seemless integration with the Threat Intelligence Cloud
  • D. Comprehensive security platform designed to scale functionality over time
  • E. Predictable throughput
  • F. Easy-to-use GUI which is the same on all models

Answer: A,C,D,E,F


NEW QUESTION # 83
Which two tabs in Panorama can be used to identify templates to define a common base configuration? (Choose two.)

  • A. Device Tab
  • B. Policies Tab
  • C. Network Tab
  • D. Objects Tab

Answer: A,C


NEW QUESTION # 84
A customer is concerned about zero-day targeted attacks against its intellectual property.
Which solution informs a customer whether an attack is specifically targeted at them?

  • A. Firewall Botnet Report
  • B. AutoFocus
  • C. Traps TMS
  • D. Panorama Correlation Report

Answer: A


NEW QUESTION # 85
How do you configure the rate of file submissions to WildFire in the NGFW?

  • A. based on the purchased license uploaded
  • B. maximum number of files per day
  • C. maximum number of files per minute
  • D. QoS tagging

Answer: C

Explanation:
Explanation
https://www.paloaltonetworks.com/documentation/80/wildfire/wf_admin/submit-files-for-wildfire-analysis/firew


NEW QUESTION # 86
An endpoint, inside an organization, is infected with known malware. The malware attempts to make a command and control connection to a C&C server via the destination IP address.
Which mechanism prevent this connection from succeeding?

  • A. DNS Sinkholing
  • B. Anti-Spyware Signatures
  • C. DNS Proxy
  • D. Wildfire Analysis

Answer: A


NEW QUESTION # 87
Which two features are found in a next-generation firewall but are absent in a legacy firewall product? (Choose two)

  • A. Onboard SSL decryption capability is used
  • B. Traffic control is based on IP, port, and protocol
  • C. Policy match is a based on application
  • D. Identification of application is possible on any port
  • E. Traffic is separated by zones

Answer: C,D


NEW QUESTION # 88
Which are the three mandatory components needed to run Cortex XDR? (Choose three.)

  • A. Directory Syn Service
  • B. NGFW with PANOS 8 0.5 or later
  • C. Cortex Data Lake
  • D. Panorama
  • E. Pathfinder
  • F. Traps

Answer: A,B,C


NEW QUESTION # 89
Which three methods used to map users to IP addresses are supported in Palo Alto Networks firewalls? (Choose three.)

  • A. SNMP server
  • B. TACACS
  • C. Lotus Domino
  • D. Active Directory monitoring
  • E. Client Probing
  • F. eDirectory monitoring
  • G. RADIUS

Answer: B,E,G

Explanation:
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/user-id/user-id- concepts/user-mapping


NEW QUESTION # 90
Which Palo Alto Networks pre-sales tool involves approximately 4 hour interview to discuss a customer's current security posture?

  • A. Expedition
  • B. SLR
  • C. PPA
  • D. BPA

Answer: D


NEW QUESTION # 91
Which three items contain information about Command and Control (C&C) hosts? (Choose three.)

  • A. WildFire analysts reports
  • B. Botnet reports
  • C. SaaS reports
  • D. Threat logs
  • E. Data filtering logs

Answer: A,B,E


NEW QUESTION # 92
Which methods are used to check for Corporate Credential Submissions? (Choose three.)

  • A. IP User Mapping
  • B. Domain Credential Filter
  • C. LDAP query
  • D. User ID Credential Check
  • E. Group Mapping

Answer: A,B,E

Explanation:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/threat-prevention/prevent-credential- phishing/methods-to-check-for-corporate-credential-submissions.html#id29eff481-13de-45b9- b73c-83e2e932ba20


NEW QUESTION # 93
Which two actions can be configured in an Anti-Spyware profile to address command-and-control (C2) traffic from compromised hosts? (Choose two.)

  • A. Redirect
  • B. Alert
  • C. Reset
  • D. Quarantine

Answer: B,C


NEW QUESTION # 94
What are two core values of the Palo Alto Network Security Platform? (Choose two)

  • A. Prevention of cyberattacks
  • B. Defense against threats with static security solution
  • C. Threat remediation
  • D. Sale enablement of all applications
  • E. Deployment of multiple point-based solutions to provide full security coverage

Answer: A,E


NEW QUESTION # 95
A client chooses to not block uncategorized websites.
Which two additions should be made to help provide some protection? (Choose two.)

  • A. A security policy rule using only known URL categories with the action set to allow
  • B. A data filtering profile with a custom data pattern to security policy rules that deny uncategorized websites
  • C. A file blocking profile attached to security policy rules that allow uncategorized websites to help reduce the risk of drive by downloads
  • D. A URL filtering profile with the action set to continue for unknown URL categories to security policy rules that allow web access

Answer: A,D


NEW QUESTION # 96
Where are three tuning considerations when building a security policy to protect against modern day attacks? (Choose three)

  • A. Create a WildFire profile to schedule file uploads during low network usage windows
  • B. Create an anti-spyware profile to block all spyware
  • C. Create an antivirus profile to block all content that matches and antivirus signature
  • D. Create a vulnerability protection profile to block all the vulnerabilities with severity low and higher
  • E. Create an SSL Decryption policy to decrypt 100% of the traffic

Answer: A,D,E


NEW QUESTION # 97
Which profile or policy should be applied to protect against port scans from the internet?

  • A. Zone protection profile on the zone of the ingress interface
  • B. Interface management profile on the zone of the ingress interface
  • C. An App-ID security policy rule to block traffic sourcing from the untrust zone
  • D. Security profiles to security policy rules for traffic sourcing from the untrust zone

Answer: A


NEW QUESTION # 98
Which is the smallest Panorama solution that can be used to manage up to 2500 Palo Alto Networks Next Generation firewalls?

  • A. Panorama VM-Series
  • B. M-600
  • C. M-100
  • D. M-200

Answer: A

Explanation:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000boF1CAI


NEW QUESTION # 99
What is the correct behavior when a Palo Alto Networks next-generation firewall (NGFW) is unable to retrieve a DNS verdict from DNS service cloud in the configured lookup time?

  • A. NGFW resend a verdict challenge to DNS service cloud.
  • B. NGFW permit a response from the DNS server.
  • C. NGFW discard a response from the DNS server.
  • D. NGFW temporarily disable DNS Security function.

Answer: B

Explanation:
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/threat-prevention/dns- security/enable-dns-security


NEW QUESTION # 100
Which Palo Alto Networks security platform component should an administrator use to extend policies to remote users are not connecting to the internet from behind a firewall?

  • A. Aperture
  • B. Traps
  • C. Threat Intelligence Cloud
  • D. GlobalProtect

Answer: D


NEW QUESTION # 101
......


The PSE-Strata exam is designed to test a candidate's understanding of network security concepts, including the design and configuration of firewalls, the deployment of threat prevention technologies, and the management of security policies. PSE-Strata exam consists of multiple-choice questions and is administered online. Candidates have two hours to complete the exam, and a passing score is required to earn certification.

 

PSE-Strata Practice Exam and Study Guides - Verified By PrepAwayExam: https://www.prepawayexam.com/Palo-Alto-Networks/braindumps.PSE-Strata.ete.file.html

2024 Updated Verified Pass PSE-Strata Study Guides & Best Courses: https://drive.google.com/open?id=1ONDrzexNrgIZAFZ2EbY-Z-N3GV35RIuy