PSE Strata : Palo Alto Networks System Engineer Professional – Strata : Part 01

PSE Strata : Palo Alto Networks System Engineer Professional – Strata : Part 01

1. What is the key benefit of Palo Alto Networks Single Pass Parallel Processing design?

   • There are no benefits other than slight performance upgrades
   • It allows Palo Alto Networks to add new functions to existing hardware
   • Only one processor is needed to complete all the functions within the box
   • It allows Palo Alto Networks to add new devices to existing hardware

2. Which security profile on the NGFW includes signatures to protect you from brute force attacks?

   • Zone Protection Profile
   • URL Filtering Profile
   • Vulnerability Protection Profile
   • Anti-Spyware Profile

3. The need for a file proxy solution, virus and spyware scanner, a vulnerability scanner, and HTTP decoder for URL filtering is handled by which component in the NGFW?

   • First Packet Processor
   • Stream-based Signature Engine
   • SIA (Scan It All) Processing Engine
   • Security Processing Engine

   Explanation:

   Reference:

   https://media.paloaltonetworks.com/documents/Single_Pass_Parallel_Processing_Architecture.pdfn (page 6)

4. A customer is looking for an analytics tool that uses the logs on the firewall to detect actionable events on the network. They require something to automatically process a series of related threat events that, when combined, indicate a likely compromised host on their network or some other higher level conclusion. They need to pinpoint the area of risk, such as compromised hosts on the network, allows you to assess the risk and take action to prevent exploitation of network resources.

   Which feature of PAN-OS can you talk about to address their requirement to optimize their business outcomes?

   • The Automated Correlation Engine
   • Cortex XDR and Cortex Data Lake
   • WildFire with API calls for automation
   • 3rd Party SIEM which can ingest NGFW logs and perform event correlation
   Explanation:
   Reference:
   https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/monitoring/use-the-automated-correlation-engine.html

5. Which two email links, contained in SMTP and POP3, can be submitted from WildFire analysis with a WildFire subscription? (Choose two.)

   • FTP
   • HTTPS
   • RTP
   • HTTP

6. What two types of certificates are used to configure SSL Forward Proxy? (Сhoose two.)

   • Enterprise CA-signed certificates
   • Self-Signed certificates
   • Intermediate certificates
   • Private key certificates
   Explanation:
   Reference:
   https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/decryption/configure-ssl-forward-proxy#:~:text=You%20can%20use%20an%20enterprise,as%20the%20forward%20trust%20certificate.&text=Certificate%20Name-,.,unique%20name%20for%20each%20firewall

7. Which two of the following does decryption broker provide on a NGFW? (Choose two.)

   • Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic only once
   • Eliminates the need for a third party SSL decryption option which allows you to reduce the total number of third party devices performing analysis and enforcement
   • Provides a third party SSL decryption option which allows you to increase the total number of third party devices performing analysis and enforcement
   • Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic multiple times
   Explanation:
   Reference:
   https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/decryption/decryption-broker.html

8. There are different Master Keys on Panorama and managed firewalls.

   What is the result if a Panorama Administrator pushes configuration to managed firewalls?

   • The push operation will fail regardless of an error or not within the configuration itself
   • Provided there’s no error within the configuration to be pushed, the push will succeed
   • The Master Key from the managed firewalls will be overwritten with the Master Key from Panorama
   • There will be a popup to ask if the Master Key from the Panorama should replace the Master Key from the managed firewalls
   Explanation:
   Reference: https://www.reddit.com/r/paloaltonetworks/comments/onz15y/what_is_the_result_if_a_panorama_administrator/

9. Which task would be identified in Best Practice Assessment tool?

   • identify the visibility and presence of command-and-control sessions
   • identify sanctioned and unsanctioned SaaS applications
   • identify the threats associated with each application
   • identify and provide recommendations for device management access

10. A customer requests that a known spyware threat signature be triggered based on a rate of occurrence, for example, 10 hits in 5 seconds.

    How is this goal accomplished?

    • Create a custom spyware signature matching the known signature with the time attribute
    • Add a correlation object that tracks the occurrences and triggers above the desired threshold
    • Submit a request to Palo Alto Networks to change the behavior at the next update
    • Configure the Anti-Spyware profile with the number of rule counts to match the occurrence frequency

11. Which two features are found in Palo Alto Networks NGFW but are absent in a legacy firewall product? (Choose two.)

    • Policy match is based on application
    • Traffic control is based on IP, port, and protocol
    • Traffic is separated by zones
    • Identification of application is possible on any port

12. For customers with high bandwidth requirements for Service Connections, what two limitations exist when onboarding multiple Service Connections to the same Prisma Access location servicing a single Datacenter? (Choose two.)

    • Network segments in the Datacenter need to be advertised to only one Service Connection
    • The customer edge device needs to support policy-based routing with symmetric return functionality
    • The resources in the Datacenter will only be able to reach remote network resources that share the same region
    • A maximum of four service connections per Datacenter are supported with this topology

13. Which three categories are identified as best practices in the Best Practice Assessment tool? (Choose three.)

    • use of device management access and settings
    • identify sanctioned and unsanctioned SaaS applications
    • expose the visibility and presence of command-and-control sessions
    • measure the adoption of URL filters, App-ID, User-ID
    • use of decryption policies

14. You have a prospective customer that is looking for a way to provide secure temporary access to contractors for a designated period of time. They currently add contractors to existing user groups and create ad hoc policies to provide network access. They admit that once the contractor no longer needs access to the network, administrators are usually too busy to manually delete policies that provided access to the contractor. This has resulted in over-provisioned access that has allowed unauthorized access to their systems.

    They are looking for a solution to automatically remove access for contractors once access is no longer required.

    You address their concern by describing which feature in the NGFW?

    • Dynamic User Groups
    • Dynamic Address Groups
    • Multi-factor Authentication
    • External Dynamic Lists

15. Which methods are used to check for Corporate Credential Submissions? (Choose three.)

    • Group Mapping
    • IP User Mapping
    • LDAP query
    • Domain Credential Filter
    • User ID Credential Check
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/threat-prevention/prevent-credential-phishing/methods-to-check-for-corporate-credential-submissions.html#id29eff481-13de-45b9-b73c-83e2e932ba20

16. WildFire subscription supports analysis of which three types? (Choose three.)

    • GIF
    • 7-Zip
    • Flash
    • RPM
    • ISO
    • DMG
    Explanation:
    Reference:
    https://www.niap-ccevs.org/MMO/Product/st_vid11032-agd1.pdf

17. The WildFire Inline Machine Learning is configured using which Content-ID profiles?

    • Antivirus Profile
    • WildFire Analysis Profile
    • Threat Prevention Profile
    • File Blocking Profile
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-new-features/wildfire-features/configure-wildfire-inline-ml.html

18. In an HA pair running Active/Passive mode, over which interface do the dataplanes communicate?

    • HA3
    • HA1
    • HA2
    • HA4
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/vm-series/8-1/vm-series-deployment/set-up-the-vm-series-firewall-on-aws/high-availability-for-vm-series-firewall-on-aws/configure-activepassive-ha-on-aws.html

19. A potential customer requires an NGFW solution which enables high-throughput, low-latency network security, all while incorporating unprecedented features and technology. They need a solution that solves the performance problems that plague today’s security infrastructure.

    Which aspect of the Palo Alto Networks NGFW capabilities can you highlight to help them address the requirements?

    • SP3 (Single Pass Parallel Processing)
    • GlobalProtect
    • Threat Prevention
    • Elastic Load Balancers
    Explanation:
    Reference:
    https://www.paloguard.com/SP3-Architecture.asp

20. What filtering criteria is used to determine what users to include as members of a dynamic user group?

    • Tags
    • Login IDs
    • Security Policy Rules
    • IP Addresses
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-new-features/user-id-features/dynamic-user-groups