PSE Strata Professional

Access to a business site is blocked by URL Filtering inline machine learning (ML) and considered as a false-positive. How should the site be made available?. Disable URL Filtering inline ML. Create a custom URL category and add it to the Security policy. Create a custom URL category and add it on exception of the inline ML profile. Change the action of real-time detection category on URL filtering profile.

Which two features can be enabled to support asymmetric routing with redundancy on a Palo Alto networks next-generation firewall (NGFW)? (Choose two.). Active / active high availability (HA). Multiple virtual systems. non-SYN first packet. Asymmetric routing profile.

Which three mechanisms are valid for enabling user mapping? (Choose three.). Captive Portal. Domain server monitoring. Client probing. Reverse DNS lookup. User behaviour recognition.

Which three of the following actions must be taken to enable Credential Phishing Prevention? (Choose three.). Enable User Credential Detection. Enable User-ID. Define a uniform resource locator (URL) Filtering profile. Define a Secure Sockets Layer (SSL) decryption rule base. Enable App-ID.

Which two configuration elements can be used to prevent abuse of stolen credentials? (Choose two.). WildFire analysis. Dynamic user groups (DUGs). Multi-factor authentication (MFA). URL Filtering Profiles.

What are two benefits of the sinkhole Internet Protocol (IP) address that DNS Security sends to the client in place of malicious IP addresses? (Choose two.). The client communicates with it instead of the malicious IP address. In situations where the internal DNS server is between the client and the firewall, it gives the firewall the ability to identify the clients who originated the query to the malicious domain. It represents the remediation server that the client should visit for patching. It will take over as the new DNS resolver for that client and prevent further DNS requests from occurring in the meantime.

A customer worried about unknown attacks is hesitant to enable SSL decryption due to privacy and regulatory issues. How does the platform address the customer’s concern?. It allows a list of websites or URL categories to be defined for exclusion from decryption. It overcomes reservations about SSL decrypt by offloading to a higher-capacity firewall to help with the decrypt throughput. It shows how AutoFocus can provide visibility into targeted attacks at the industry sector. It bypasses the need to decrypt SSL traffic by analyzing the file while still encrypted.

WildFire machine learning (ML) for portable executable (PE) files is enabled in the antivirus profile and added to the appropriate firewall rules in the profile. In the Palo Alto Networks WildFire test av file, an attempt to download the test file is allowed through. Which command returns a valid result to verify the ML is working from the command line. Which command returns a valid result to verify the ML is working from the command line?. show wfml cloud-status. show mlav cloud-status.

Which task would be included in the Best Practice Assessment (BPA) tool?. Identify and provide recommendations for device configurations. Identify the threats associated with each application. Identify sanctioned and unsanctioned software-as-a-service (SaaS) applications. Identify the visibility and presence of command-and-control (C2) sessions.

Which two statements apply to a Palo Alto Networks NGFW but not to a legacy firewall product? (Choose two.). Identification of application is possible on any port. Policy match is based on application. Layer 3 routing is a standard feature. Traffic control is based on IP, port, and protocol.

Which two actions should be taken prior to installing a decryption policy on an NGFW? (Choose two.). Deploy decryption settings all at one time. Include all traffic types in decryption policy. Ensure throughput will not be an issue. Determine whether local / regional decryption laws apply.

A Fortune 500 customer has expressed interest in purchasing WildFire; however, they do not want to send discovered malware outside of their network. Which version of WildFire will meet this customer’s requirements?. WildFire Private Cloud. WildFire Government Cloud. WildFire Secure Cloud. WildFire Public Cloud.

Which two actions should be taken to provide some protection when a client chooses not to block uncategorized websites? (Choose two.). Add a URL filtering profile with the action set to “Continue” for unknown URL categories attached to Security policy rules that allow web access. Attach a file-blocking profile to Security policy rules that allow uncategorized websites. Add a Security policy rule using only known URL categories with the action set to “Allow”. Attach a data-filtering profile with a custom data pattern to Security policy rules that deny uncategorized websites.

Which functionality is available to firewall users who have an active Threat Prevention subscription but no WildFire license?. WildFire hybrid deployment. PE file upload to WildFire. Access to the WildFire API. Five-minute WildFire updates.

Which filtering criterion is used to determine users to be included as members of a dynamic user group (DUG)?. Security policy rule. Tag. Login ID. IP address.

A customer is starting to understand their Zero Trust protect surface using the Palo Alto Networks Zero Trust reference architecture What are two steps in this process? (Choose two.). Validate user identities through authentication. Gain visibility of and control over applications and functionality in the traffic flow using a port and protocol firewall. Categorize data and applications by levels of sensitivity. Prioritize securing the endpoints of privileged users because if non-privileged user endpoints are exploited, the impact will be minimal due to perimeter controls.

Which proprietary technology solutions will allow a customer to identify and control traffic sources regardless of internet protocol (IP) address or network segment?. User ID and Device-ID. Source-D and Network.ID. Source ID and Device-ID. User-ID and Source-ID.

When HTTP header logging is enabled on a URL Filtering profile, which attribute-value can be logged?. X-Forwarded-For. HTTP method. HTTP response status code. Content type.

Which statement applies to Palo Alto Networks Single Pass Parallel Processing (SP3)?. It processes each feature in a separate single pass with additional performance impact for each enabled feature. Its processing applies only to security features and does not include any networking features. It processes all traffic in a single pass with no additional performance impact for each enabled feature. It splits the traffic and processes all security features in a single pass and all network features in a separate pass.

WildFire can discover zero-day malware in which three types of traffic? (Choose three). SMTP. HTTPS. FTP. DNS. TFTP.

In Panorama, which three reports or logs will help identify the inclusion of a host source in a command-and-control (C2) incident? (Choose three.). SaaS reports. data filtering logs. WildFire analysis reports. threat logs. botnet reports.

What are three considerations when deploying User-ID (Choose three.). Specify included and excluded networks during User-ID configuration. Enable Windows Management Instrumentation (WMI) probing in high-security networks. Only enable User-ID on trusted zones. Use a dedicated service account for User-ID services with the minimum permissions necessary. Evaluate within the parameter that User-ID can support a maximum of 15 hops.

What is the recommended way to ensure that firewalls have the most current set of signatures for up-to-date protection?. Run a Perl script to regularly check for updates and alert when one is released. Monitor update announcements and manually push updates to Crewall. Store updates on an intermediary server and point all the firewalls to it. Use dynamic updates with the most aggressive schedule required by business needs.

Which of the following statements is valid with regard to Domain Name System (DNS) sinkholing?. it requires the Vulnerability Protection profile to be enabled. DNS sinkholing signatures are packaged and delivered through Vulnerability Protection updates. infected hosts connecting to the Sinkhole Internet Protocol (IP) address can be identified in the traffic logs. It requires a Sinkhole license in order to activate.

A customer with a fully licensed Palo Alto Networks firewall is concerned about threats based on domain generation algorithms (DGAS). Which Security profile is used to configure Domain Name Security (DNS) to Identity and block previously unknown DGA-based threats in real time?. URL Filtering profile. WildFire Analysis profile. Vulnerability Protection profile. Anti-Spyware profile.

Which three actions should be taken before deploying a firewall evaluation unt in a customer environment? (Choose three.). Request that the customer make part 3978 available to allow the evaluation unit to communicate with Panorama. Inform the customer that a SPAN port must be provided for the evaluation unit, assuming a TAP mode deployment. Upgrade the evaluation unit to the most current recommended firmware, unless a demo of the upgrade process is planned. Set expectations for information being presented in the Security Lifecycle Review (SLR) because personal user information will be made visible. Reset the evaluation unit to factory default to ensure that data from any previous customer evaluation is removed.

A customer has business-critical applications that rely on the web-browsing App-ID application. Which Security profile can help prevent drive-by downloads while still allowing web browsing traffic?. Denial of Service (DoS) Protection profile. Vulnerability Protection profile. Uniform Resource Locator (URL) Filtering profile. File Blocking profile.

Which statement best describes the business value of Palo Alto Networks Zero Touch Provisioning (ZTP)?. It is designed to simplify and automate the onboarding of new firewalls to the Panorama management server. When it is in place, it removes the need for an onsite firewall. When the service is purchased, Palo Alto Networks sends an engineer to physically deploy the firewall to the customer environment. It allows a firewall to be automatically connected to the local network wirelessly.

What is the key benefit of Palo Alto Networks single-pass architecture (SPA) design?. It allows the addition of new devices to existing hardware without affecting performance. It allows the addition of new functions to existing hardware without affecting performance. It decodes each network flow multiple times, therefore reducing throughput. It requires only one processor to complete all the functions within the box.

In PAN-OS 10.0 and later, DNS Security allows policy actions to be applied based on which three domains? (Choose three.). grayware. command and control (C2). benign. government. malware.

What will best enhance security of a production online system while minimizing the impact for the existing network?. Layer 2 interfaces. active / active high availability (HA). Virtual wire. virtual systems.

Which Security profile on the Next-Generation Firewall (NGFW) includes Signatures to protect against brute force attacks?. Vulnerability Protection profile. Antivirus profile. URL Filtering profile. Anti-Spyware profile.

A prospective customer currently uses a firewall that provides only Layer 4 inspection and protections. The customer sees traffic going to an external destination, port 53, but cannot determine what Layer 7 application traffic is going over that port Which capability of PAN-OS would address the customer's lack of visibility?. Device ID, because it will give visibility into which devices are communicating with external destinations over port 53. single pass architecture (SPA), because it will improve the performance of the Palo Alto Networks Layer 7 inspection. User-ID, because it will allow the customer to see which users are sending traffic to external destinations over port 53. App-ID, because it will give visibility into what exact applications are being run over that port and allow the customer to block unsanctioned applications using port 53.

Which solution informs a customer concerned about zero-day targeted attacks whether an attack is specifically targeted at its property?. AutoFocus. Panorama Correlation Report. Cortex XSOAR Community edition. Cortex XDR Prevent.

Which statement applies to Deviating Devices and metrics?. Administrator can set the metric health baseline along with a valid standard deviation. Deviating Device Tab is only available with a SD-WAN subscription. Deviating Device Tab is only available for hardware-based firewalls. Metric health baseline is determined by averaging the health performance for a given metric over seven days plus the standard deviation.

A customer with a legacy firewall architecture focused on port-and-protocol level security has heard that NGFWs open all parts by default Which of the following statements regarding Palo Alto Networks NGFWs is an appropriate rebuttal that explains an advantage over legacy firewalls?. They do not consider port information, instead relying on App-ID signatures that do not reference ports. They can control applications by application-default service ports or a configurable list of approved ports on a per-policy basis. They protect all applications on all ports while leaving all ports open by default. They keep ports closed by default, only opening after understanding the application request, and then opening only the application-specified ports.

A customer requires protections and verdicts for portable executable (PE) and executable and linkable format (ELF), as well as the ability to integrate with existing security tools. Which Cloud-Delivered Security Service (CDSS) does Palo Alto Networks provide that will address this requirement?. Dynamic Unpacking. WildFire. DNS Security. File Blocking profile.

A WildFire subscription is required for which two of the following activities? (Choose two). Filter uniform resource locator (URL) sites by category. Forward advanced file types from the firewall for analysis. Use the WildFire Application Programming Interface (API) to submit website links for analysis. Enforce policy based on Host Information Profile (HIP). Decrypt Secure Sockets Layer (SSL).

Within the Five-Step Methodology of Zero Trust, in which step would application access and user access be defined?. Step 3: Architect a Zero Trust Network. Step 5. Monitor and Maintain the Network. Step 4: Create the Zero Trust Policy. Step 1: Define the Protect Surface. Step 2 Map the Protect Surface Transaction Flows.

A customer is designing a private data center to host their new web application along with a separate headquarters for users. Which cloud-delivered security service (CDSS) would be recommended for the headquarters only?. Threat Prevention. DNS Security. WildFire. Advanced URL Filtering (AURLF).

Which two methods are used to check for Corporate Credential Submissions? (Choose two.). doman credentialiter. User-ID credential check. LDAP query. IP user mapping.

Which two types of certificates are used to configure SSL Forward Proxy? (Choose two.). enterprise CA-signed certificates. private key certificates. intermediate certificates. set-signed certificates.

Which CLI command allows visibility into SD-WAN events such as path Selection and path quality measurements?. >show sdwan path-monitor stats vif. >show sdwan session distribution policy-name. >show sdwan connection all |. >show sdwan event.

Which action can prevent users from unknowingly downloading potentially malicious file types from the internet?. Assign a Vulnerability profile to Security policy rules that deny general web access. Assign an Antivirus profile to Security policy rules that deny general web access. Apply a Zone Protection profile to the untrust zone. Apply a File Blocking profile to Security policy rules that allow general web access.

A customer requires an analytics tool with the following attributes: - Uses the logs on the firewall to detect actionable events on the network - Automatically processes a series of related threat events that, when combines, indicate a likely comprised host on the network - Pinpoints the area of risk and allows for assessment of the risk to action can be taken to prevent exploitation of network resources Which feature of PAN-OS will address these requirements?. WildFire with application program interface (API) calls for automation. Third-party security information and event management (SIEM) which can ingest next-generation firewall (NGFW) logs. Automated correlation engine (ACE). Cortex XDR and Cortex Data Lake.

What are three key benefits of the Palo Alto Networks platform approach to security? (Choose three). operational efficiencies due to reduction in manual incident review and decrease in mean time to resolution (MTTR). improved revenue due to more efficient network traffic throughput. Increased security due to scalable cloud delivered security Services (CDSS). Cost savings due to reduction in IT management effort and device.

Which Palo Alto Networks security component should an administrator use to and NGFW policies to remote users?. Prisma SaaS API. Threat intelligence Cloud. GlobalProtect. Cortex XDR.

The ability to prevent users from resolving internet protocol (IP) addresses to malicious, grayware, or newly registered domains is provided by which Security service?. WildFire. DNS Security. Threat Prevention. IoT Security.

Which two statements correctly describe what a Network Packet Broker does for a Palo Alto Networks NGFW? (Choose two.). It allows SSL decryption to be offloaded to the NGFW and traffic to be decrypted only once. It provides a third-party SSL decryption option, which can increase the total number of third-party devices performing analysis and enforcement. It allows SSL decryption to be offloaded to the NGFW and traffic to be decrypted multiple times. It eliminates the need for a third-party SSL decryption option, which reduces the total number of third-party devices performing decryption.

in which step of the Palo Alto Networks Five-Step Zero Trust Methodology would an organization's critical data, applications, assets, and services (DAAS) be identified?. Step 4. Create the Zero Trust policy. Step 2: Map the transaction flows. Step 3. Architect a Zero Trust network. Step 1: Define the protect surface.

Which built-in feature of PAN-OS allows the NGFW administrator to create a polic that provides autoremediation for anomalous user behavior and malicious activity while maintaining user visibility?. Dynamic user groups (DUGS). tagging groups. remote device User-ID groups. dynamic address groups (DAGs).

What will a Palo Alto Networks next-generation firewall (NGFW) do when it is unable to retrieve a DNS verdict from the DNS cloud service in the configured lookup time?. allow the request and all subsequent responses. temporarily disable the DNS Security function. block the query. discard the request and all subsequent responses.

What is the default behavior in PAN-OS when a 12 MB portable executable (PE) fe is forwarded to the WildFire cloud service?. PE File is not forwarded. Flash file is not forwarded. PE File is forwarded. Flash file is forwarded.

Which action will protect against port scans from the internet?. Assign Security profiles to Security policy rules for traffic sourcing from the untrust zone. Apply App-ID Security policy rules to block traffic sourcing from the untrust zone. Apply a Zone Protection profile on the zone of the ingress interface. Assign an Interface Management profile to the zone of the ingress interface.

What is an advantage of having WildFire machine learning (ML) capability Inline on the firewall?. It eliminates of the necessity for dynamic analysis in the cloud. It enables the firewall to block unknown malicious files in real time and prevent patient zero without disrupting business productivity. It is always able to give more accurate verdicts than the cloud ML analysis reducing false positives and false negatives. It improves the CPU performance of content inspection.

Which three script types can be analyzed in WildFire? (Choose three). PythonScript. MonoSenpt. JScript. PowerShell Script. VBScript.

What are two ways to manually add and remove members of dynamic user groups (DUGs)? (Choose two). Add the user to an external dynamic list (EDL). Tag the user using Panorama or the Web Ul of the firewall. Tag the user through the firewalls XML API. Tag the user through Active Directory.

A packet that is already associated with a current session arrives at the firewall. What is the flow of the packet after the firewall determines that it is matched with an existing session?. it is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through a single stream-based content inspection engine before egress. It is sent through the slow path for further inspection. If subject to content inspection, it will pass through a single stream-based content inspection engines before egress. It is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through multiple content inspection engines before egress. It is sent through the slow path for further inspection. If subject to content inspection, it will pass through multiple content inspection engines before egress.

Which two actions can be configured in an Anti-Spyware profile to address command and control (C2) traffic from compromised hosts? (Choose two.). Alert. Quarantine. Redirect. Reset.

What helps avoid split brain in active / passive high availability (HA) pair deployment?. Enable preemption on both firewalls in the HA pair. Use a standard traffic interface as the HA3 link. Use the management interface as the HA1 backup link. Use a standard traffic interface as the HA2 backup.

The Palo Alto Networks Cloud Identity Engino (CIE) includes which service that supports identity Providers (ldP)?. Directory Sync and Cloud Authentication Service that support IdP ung SAML 2.0 and OAuth2. Cloud Authentication Service that supports IdP using SAML 2.0 and OAuth2. Directory Sync and Cloud Authentication Service that support IdP ng SAML 2.0. Directory Sync that supports IdP using SAML 2.0.

Which three of the following are identified in the Best Practice Assessment tool? (Choose three). use of decryption policies. measurement of the adoption of URL filters, App-ID and User-ID. identification of sanctioned and unsanctioned software-as-aService (SaaS) applications. presence of command-and-control (C2) sessions. Use of device management access and settings.

Which component is needed for a large-scale deployment of NGFWs with multiple Panorama Management Servers?. M-600 appliance. Panorama Interconnect plugin. Panorama Large Scale VPN (LSVPN) plugin. Palo Alto Networks Cluster license.

Which two features are key in preventing unknown targeted attacks? (Choose two). nighty botnet report. App-ID with the Zero Trust model. WildFire Cloud threat analysis. Single Pass Parallel Processing (SP3).