1. Home
  2. Palo Alto Networks
  3. PSE-STRATA

Palo Alto Networks System Engineer Professional-Strata

Exam Details

  • Exam Code
    :PSE-STRATA
  • Exam Name
    :Palo Alto Networks System Engineer Professional-Strata
  • Certification
    :PSE-Platform Professional
  • Vendor
    :Palo Alto Networks
  • Total Questions
    :139 Q&As
  • Last Updated
    :May 12, 2024

Palo Alto Networks PSE-Platform Professional PSE-STRATA Questions & Answers

  • Question 41:

    A service provider has acquired a pair of PA-7080s for its data center to secure its customer base's traffic. The server provider's traffic is largely generated by smart phones and averages 6.000,000 concurrent sessions.

    Which Network Processing Card should be recommended in the Bill of Materials?

    A. PA-7000-20GQ-NPC

    B. PA-7000-40G-NPC

    C. PA-7000-20GQXM-NPC

    D. PA-7000-20G-NPC

  • Question 42:

    Which option is required to Activate/Retrieve a Device Management License on the M-100 Appliance after the Auth Codes have been activated on the Palo Alto Networks Support Site?

    A. Generate a Stats Dump File and upload it to the Palo Alto Networks support portal

    B. Select Panorama > Licenses and click Activate feature using authorization code

    C. Generate a Tech Support File and call PANTAC

    D. Select Device > Licenses and click Activate feature using authorization code

  • Question 43:

    Which two of the following does decryption broker provide on a NGFW? (Choose two.)

    A. Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic only once

    B. Eliminates the need for a third party SSL decryption option which allows you to reduce the total number of third party devices performing analysis and enforcement

    C. Provides a third party SSL decryption option which allows you to increase the total number of third party devices performing analysis and enforcement

    D. Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic multiple times

  • Question 44:

    What will a Palo Alto Networks next-generation firewall (NGFW) do when it is unable to retrieve a DNS verdict from the DNS cloud service in the configured lookup time?

    A. allow the request and all subsequent responses

    B. temporarily disable the DNS Security function

    C. block the query

    D. discard the request and all subsequent responses

  • Question 45:

    Palo Alto Networks publishes updated Command-and-Control signatures. How frequently should the related signatures schedule be set?

    A. Once a day

    B. Once a week

    C. Once every minute

    D. Once an hour

  • Question 46:

    Which two features can be enabled to support asymmetric routing with redundancy on a Palo Alto networks next-generation firewall (NGFW)? (Choose two.)

    A. Active / active high availability (HA)

    B. Multiple virtual systems

    C. non-SYN first packet

    D. Asymmetric routing profile

  • Question 47:

    A customer requires protections and verdicts for portable executable (PE) and executable and linkable format (ELF), as well as the ability to integrate with existing security tools.

    Which Cloud-Delivered Security Service (CDSS) does Palo Alto Networks provide that will address this requirement?

    A. Dynamic Unpacking

    B. WildFire

    C. DNS Security

    D. File Blocking profile

  • Question 48:

    A customer with a legacy firewall architecture is focused on port and protocol level security, and has heard that next generation firewalls open all ports by default. What is the appropriate rebuttal that positions the value of a NGFW over a legacy firewall?

    A. Palo Alto Networks keep ports closed by default, only opening ports after understanding the application request, and then opening only the application-specified ports.

    B. Palo Alto Networks does not consider port information, instead relying on App-ID signatures that do not reference ports.

    C. Default policies block all interzone traffic. Palo Alto Networks empowers you to control applications by default ports or a configurable list of approved ports on a per-policy basis.

    D. Palo Alto Networks NGFW protects all applications on all ports while leaving all ports opened by default.

  • Question 49:

    Which three considerations should be made prior to installing a decryption policy on the NGFW? (Choose three.)

    A. Include all traffic types in decryption policy

    B. Inability to access websites

    C. Exclude certain types of traffic in decryption policy

    D. Deploy decryption setting all at one time

    E. Ensure throughput is not an issue

  • Question 50:

    Which CLI allows you to view the names of SD-WAN policy rules that send traffic to the specified virtual SD-WAN interface, along with the performance metrics?

    A. Option A

    B. Option B

    C. Option C

    D. Option D

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PSE-STRATA exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.