A customer requests that a known spyware threat signature be triggered based on a rate of occurrence, for example, 10 hits in 5 seconds.
How is this goal accomplished?
A. Create a custom spyware signature matching the known signature with the time attribute
B. Add a correlation object that tracks the occurrences and triggers above the desired threshold
C. Submit a request to Palo Alto Networks to change the behavior at the next update
D. Configure the Anti-Spyware profile with the number of rule counts to match the occurrence frequency
A packet that is already associated with a current session arrives at the firewall.
What is the flow of the packet after the firewall determines that it is matched with an existing session?
A. it is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through a single stream-based content inspection engine before egress.
B. It is sent through the slow path for further inspection. If subject to content inspection, it will pass through a single stream-based content inspection engines before egress
C. It is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through multiple content inspection engines before egress
D. It is sent through the slow path for further inspection. If subject to content inspection, it will pass through multiple content inspection engines before egress
What are two ways to manually add and remove members of dynamic user groups (DUGs)? (Choose two)
A. Add the user to an external dynamic list (EDL).
B. Tag the user using Panorama or the Web Ul of the firewall.
C. Tag the user through the firewalls XML API.
D. Tag the user through Active Directory
In an HA pair running Active/Passive mode, over which interface do the dataplanes communicate?
A. HA3
B. HA1
C. HA2
D. HA4
A customer is looking for an analytics tool that uses the logs on the firewall to detect actionable events on the network. They require something to automatically process a series of related threat events that, when combined, indicate a likely compromised host on their network or some other higher level conclusion. They need to pinpoint the area of risk, such as compromised hosts on the network, allows you to assess the risk and take action to prevent exploitation of network resources.
Which feature of PAN-OS can you talk about to address their requirement to optimize their business outcomes?
A. The Automated Correlation Engine
B. Cortex XDR and Cortex Data Lake
C. WildFire with API calls for automation
D. 3rd Party SIEM which can ingest NGFW logs and perform event correlation
A client chooses to not block uncategorized websites. Which two additions should be made to help provide some protection? (Choose two.)
A. A URL filtering profile with the action set to continue for unknown URL categories to security policy rules that allow web access
B. A data filtering profile with a custom data pattern to security policy rules that deny uncategorized websites
C. A file blocking profile attached to security policy rules that allow uncategorized websites to help reduce the risk of drive by downloads
D. A security policy rule using only known URL categories with the action set to allow
In which two ways can PAN-OS software consume MineMeld outputs? (Choose two.)
A. TXT
B. API
C. CSV
D. EDL
Which are the three mandatory components needed to run Cortex XDR? (Choose three.)
A. Panorama
B. NGFW with PANOS 8 0.5 or later
C. Cortex Data Lake
D. Traps
E. Pathfinder
F. Directory Syn Service
Which statement best describes the business value of Palo Alto Networks Zero Touch Provisioning (ZTP)?
A. It is designed to simplify and automate the onboarding of new firewalls to the Panorama management server.
B. When it is in place, it removes the need for an onsite firewall
C. When the service is purchased, Palo Alto Networks sends an engineer to physically deploy the firewall to the customer environment
D. It allows a firewall to be automatically connected to the local network wirelessly
Which three mechanisms are valid for enabling user mapping? (Choose three.)
A. Captive Portal
B. Domain server monitoring
C. Reverse DNS lookup
D. User behaviour recognition
E. Client probing
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PSE-STRATA exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.