2025 New PSE-Strata Dumps - Real Palo Alto Networks Exam Questions [Q67-Q88]

Share

2025 New PSE-Strata Dumps - Real Palo Alto Networks Exam Questions

Dependable PSE-Strata Exam Dumps to Become Palo Alto Networks Certified

NEW QUESTION # 67
When having a customer pre-sales call, which aspects of the NGFW should be covered?

  • A. The NGFW simplifies your operations through analytics and automation while giving you consistent protection through exceptional visibility and control across the data center, perimeter, branch, mobile and cloud networks
  • B. The NGFW creates tunnels that allow users/systems to connect securely over a public network, as if they were connecting over a local area network (LAN). To set up a VPN tunnel you need a pair of devices that can authenticate each other and encrypt the flow of information between them The devices can be a pair of Palo Alto Networks firewalls, or a Palo Alto Networks firewall along with a VPN-capable device from another vendor
  • C. The Palo Alto Networks-developed URL filtering database, PAN-DB provides high-performance local caching for maximum inline performance on URL lookups, and offers coverage against malicious URLs and IP addresses. As WildFire identifies unknown malware, zero-day exploits, and advanced persistent threats (APTs), the PAN-DB database is updated with information on malicious URLs so that you can block malware downloads and disable Command and Control (C2) communications to protect your network from cyberthreats. URL categories that identify confirmed malicious content - malware, phishing, and C2 are updated every five minutes - to ensure that you can manage access to these sites within minutes of categorization
  • D. Palo Alto Networks URL Filtering allows you to monitor and control the sites users can access, to prevent phishing attacks by controlling the sites to which users can submit valid corporate credentials, and to enforce safe search for search engines like Google and Bing

Answer: D


NEW QUESTION # 68
Which two features are found in a Palo Alto Networks NGFW but are absent in a legacy firewall product?
(Choose two.)

  • A. Traffic is separated by zones
  • B. Policy match is based on application
  • C. Identification of application is possible on any port
  • D. Traffic control is based on IP port, and protocol

Answer: B,C


NEW QUESTION # 69
What is the key benefit of Palo Alto Networks Single Pass Parallel Processing design?

  • A. It allows Palo Alto Networks to add new functions to existing hardware
  • B. It allows Palo Alto Networks to add new devices to existing hardware
  • C. Only one processor is needed to complete all the functions within the box
  • D. There are no benefits other than slight performance upgrades

Answer: C


NEW QUESTION # 70
A potential customer requires an NGFW solution that enables high-throughput, low-latency network security and also inspects the application.
Which aspect of the Palo Alto Networks NGFW capabilities should be highlighted to help address these requirements?

  • A. threat prevention
  • B. Elastic Load Balancing (ELB)
  • C. single-pass architecture (SPA)
  • D. GlobalProtect

Answer: C


NEW QUESTION # 71
Which license is required to receive weekly dynamic updates to the correlation objects on the firewall and Panorama?

  • A. Threat Prevention on the firewall, and Support on Panorama
  • B. GlobalProtect on the firewall, and Threat Prevention on Panorama
  • C. URL Filtering on the firewall, and MindMeld on Panorama
  • D. WildFire on the firewall, and AutoFocus on Panorama

Answer: A


NEW QUESTION # 72
An endpoint, inside an organization, is infected with known malware that attempts to make a command-and-control connection to a C2 server via the destination IP address Which mechanism prevents this connection from succeeding?

  • A. Anti-Spyware Signatures
  • B. Wildfire Analysis
  • C. DNS Sinkholing
  • D. DNS Proxy

Answer: A

Explanation:
Anti-Spyware Signatures are designed to detect and block known malware, including those that attempt to establish command-and-control (C2) connections with external servers. When an endpoint inside an organization is infected with known malware, the anti-spyware signatures on the firewall can recognize the malicious traffic and prevent the connection from being established. This mechanism works by inspecting traffic against a database of known spyware and malware signatures, thereby stopping the malware from communicating with its C2 server.


NEW QUESTION # 73
Which two components must be configured within User-ID on a new firewall that has been implemented?
(Choose two.)

  • A. User Mapping
  • B. 802.1X Authentication
  • C. Group Mapping
  • D. Proxy Authentication

Answer: A,C

Explanation:
In a Palo Alto Networks firewall, when configuring User-ID, there are two essential components that must be configured: User Mapping and Group Mapping.
* User Mapping involves identifying users by their usernames, which helps in associating network traffic with user activity. This is critical for applying user-specific policies and monitoring user activities.
* Group Mapping involves associating users with their respective groups, typically pulled from a directory
* service like LDAP. This allows the firewall to apply policies based on group membership, making it easier to manage policies for large numbers of users.
These components enable the firewall to enforce security policies based on user identity and group membership, enhancing overall network security by ensuring that policies are applied accurately.


NEW QUESTION # 74
Which two components must to be configured within User-ID on a new firewall that has been implemented? (Choose two.)

  • A. 802.1X Authentication
  • B. Group Mapping
  • C. User mapping
  • D. Proxy Authentication

Answer: B,C

Explanation:
https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/user-id/enable-user-id


NEW QUESTION # 75
What component is needed if there is a large scale deployment of Next Generation Firewalls with multiple Panorama Management Servers?

  • A. Panorama Interconnect Plugin
  • B. M-600 Appliance
  • C. Palo Alto Networks Cluster License
  • D. Panorama Large Scale VPN Plugin

Answer: A

Explanation:
https://savantsolutions.net/wp-content/uploads/woocommerce_uploads/2019/05/pcnse-study- guide-v9.pdf (27)


NEW QUESTION # 76
When a malware-infected host attempts to resolve a known command-and-control server, the traffic matches a security policy with DNS sinkhole enabled, generating a traffic log. What will be the destination IP address in that log entry?

  • A. The IP address of the command-and-control server.
  • B. The IP address of sinkhole.paloaltonetworks.com
  • C. The IP address of one of the external DNS servers identified in the anti-spyware database.
  • D. The IP address specified in the sinkhole configuration.

Answer: D


NEW QUESTION # 77
Which three settings must be configured to enable Credential Phishing Prevention? (Choose three.)

  • A. define an SSL decryption rulebase
  • B. enable App-ID
  • C. define URL Filtering Profile
  • D. enable User-ID
  • E. validate credential submission detection

Answer: C,D,E

Explanation:
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/threat-prevention/prevent-credential-phishing.html


NEW QUESTION # 78
A customer next-generation firewall (NGFW) proof-of-concept (POC) and final presentation have just been completed.
Which CLI command is used to clear data, remove all logs, and restore default configuration?

  • A. >reset system public-data-reset
  • B. >request private-data-reset system
  • C. >request system private-data-reset
  • D. >request reset system public-data-reset

Answer: C


NEW QUESTION # 79
Which domain permissions are required by the User-ID Agent for WMI Authentication on a Windows Server?
(Choose three.)

  • A. Distributed COM Users
  • B. Server Operator
  • C. Event Log Readers
  • D. Enterprise Administrators
  • E. Domain Administrators

Answer: B,C,E

Explanation:
Explanation
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/user-identification/device-user-identific


NEW QUESTION # 80
What are two advantages of the DNS Sinkholing feature? (Choose two.)

  • A. It monitors DNS requests passively for malware domains.
  • B. It can work upstream from the internal DNS server.
  • C. It can be deployed independently of an Anti-Spyware Profile.
  • D. It forges DNS replies to known malicious domains.

Answer: B,D

Explanation:
DNS Sinkholing is a powerful feature in network security that offers several advantages:
* Forging DNS replies to known malicious domains: This technique redirects malicious domain queries to a designated IP address (sinkhole), effectively preventing the malware from communicating with its command and control servers, thereby neutralizing its threat.
* Working upstream from the internal DNS server: DNS Sinkholing can be implemented upstream, meaning it intercepts and manipulates DNS queries before they reach the internal DNS server. This preemptive action helps in blocking threats early in the DNS resolution process, providing an additional security layer (Palo Alto Networks) (Palo Alto Networks).


NEW QUESTION # 81
Which two features are found in a Palo Alto Networks NGFW but are absent in a legacy firewall product?
(Choose two.)

  • A. Traffic is separated by zones
  • B. Policy match is based on application
  • C. Identification of application is possible on any port
  • D. Traffic control is based on IP port, and protocol

Answer: B,C

Explanation:
Palo Alto Networks Next-Generation Firewalls (NGFWs) offer advanced features that are not typically found in legacy firewall products, including:
* Policy Match is Based on Application: Unlike legacy firewalls that base policies primarily on IP addresses, ports, and protocols, Palo Alto Networks NGFWs can create policies based on specific applications (App-ID). This allows for more precise control over network traffic, ensuring that only legitimate application traffic is allowed while blocking unwanted or malicious applications.
* Identification of Application is Possible on Any Port: Traditional firewalls often rely on static port numbers to identify traffic, which can be easily bypassed by applications using non-standard ports. Palo Alto Networks NGFWs can identify applications regardless of the port they use, providing more accurate application identification and better security enforcement.
These features enhance the ability to manage and secure network traffic effectively, providing superior protection compared to legacy firewall solutions.


NEW QUESTION # 82
Which two tabs in Panorama can be used to identify templates to define a common base configuration? (Choose two.)

  • A. Policies Tab
  • B. Objects Tab
  • C. Network Tab
  • D. Device Tab

Answer: C,D

Explanation:
https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/panorama-web-interface/panorama-templates/template-stacks


NEW QUESTION # 83
Which statement is true about Deviating Devices and metrics?

  • A. Deviating Device Tab is only available for hardware-based firewalls
  • B. Deviating Device Tab is only available with a SD-WAN Subscription
  • C. An Administrator can set the metric health baseline along with a valid standard deviation
  • D. A metric health baseline is determined by averaging the health performance for a given metric over seven days plus the standard deviation

Answer: D

Explanation:
The metric health baseline for devices is typically calculated by taking the average performance of a specific metric over a period (such as seven days) and then adding the standard deviation to account for variability.
This helps in identifying deviations from normal performance, which can indicate potential issues or anomalies in device behavior.
References:
* Network Performance Monitoring and Diagnostics (NPMD) methodologies
* ITIL (Information Technology Infrastructure Library) standards for performance baselines


NEW QUESTION # 84
A packet that is already associated with a current session arrives at the firewall.
What is the flow of the packet after the firewall determines that it is matched with an existing session?

  • A. It is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through multiple content inspection engines before egress
  • B. It is sent through the slow path for further inspection. If subject to content inspection, it will pass through a single stream-based content inspection engines before egress
  • C. It is sent through the slow path for further inspection. If subject to content inspection, it will pass through multiple content inspection engines before egress
  • D. it is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through a single stream-based content inspection engine before egress.

Answer: D


NEW QUESTION # 85
The ability to prevent users from resolving internet protocol (IP) addresses to malicious, grayware, or newly registered domains is provided by which Security service?

  • A. WildFire
  • B. loT Security
  • C. Threat Prevention
  • D. DNS Security

Answer: D


NEW QUESTION # 86
Which two tabs in Panorama can be used to identify templates to define a common base configuration?
(Choose two.)

  • A. Policies Tab
  • B. Objects Tab
  • C. Network Tab
  • D. Device Tab

Answer: C,D

Explanation:
Explanation
https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/panorama-web-interface/panora


NEW QUESTION # 87
Which three features are used to prevent abuse of stolen credentials? (Choose three.)

  • A. multi-factor authentication
  • B. Prisma Access
  • C. URL Filtering Profiles
  • D. WildFire Profiles
  • E. SSL decryption rules

Answer: A,C,E

Explanation:
Multi-factor authentication (MFA) significantly enhances security by requiring multiple forms of verification to access accounts, reducing the risk of abuse from stolen credentials. URL Filtering Profiles block access to malicious or high-risk websites that might be used to harvest credentials or facilitate phishing attacks. SSL decryption rules allow security systems to inspect encrypted traffic, ensuring that malicious content is not being hidden within encrypted sessions, thereby preventing the use of stolen credentials on secure sites. These measures collectively help in reducing the risk of credential theft and misuse.
References:
* National Institute of Standards and Technology (NIST) guidelines on authentication
* Palo Alto Networks' Best Practices for URL Filtering
* SSL Decryption in Network Security (SANS Institute)


NEW QUESTION # 88
......

Get Ready with PSE-Strata Exam Dumps (2025): https://certlibrary.itpassleader.com/Palo-Alto-Networks/PSE-Strata-dumps-pass-exam.html

0
0
0
0