DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Pass Palo Alto PSE-Strata Exam with Realistic Practice Tests

SPOTO's Palo Alto PSE-Strata exam questions were instrumental in my success in passing the PSE: Strata Professional certification exam. SPOTO's exam questions and answers, coupled with practice questions and mock exams, provided a comprehensive and structured approach to mastering the necessary skills and knowledge required for the exam. The study materials offered by SPOTO covered key concepts and practical scenarios relevant to Palo Alto Networks Strata technology, enhancing my understanding and proficiency in this area. Additionally, SPOTO's exam resources and study aids allowed me to simulate the exam environment, assess my readiness, and improve my performance.
Take other online exams

Question #1
Which profile or policy should be applied to protect against port scans from the internet?
A. MB
B. epends on the Cortex Data Lake tier purchased
C. 8 bytes
D. 500 bytes
View answer
Correct Answer: B
Question #2
Which option describes Arista's micro-segmentation?
A. rista and VMware are extending secure segmentation with an open API (RESTZJSON)-based exchange, which allows NSX to federate with CloudVision to extend the micro-segmentation policy for physical workloads
B. rista and Kubernetes are extending secure segmentation with an open API (RESTVJSON)-based exchange, which allows Kubernetes to federate with CloudVision to extend the micro-segmentation policy for physical workloads
C. rista's micro-segmentation and macro-segmentation are identical concepts that can be used interchangeably
D. rista and VMware both perform identical functions for NGFW micro-segmentation
View answer
Correct Answer: B
Question #3
A customer is seeing an increase in the number of malicious files coming in from undetectable sources in their network. These files include doc and .pdf file types.The customer uses a firewall with User-ID enabledWhich feature must also be enabled to prevent these attacks?
A. ll hardware-based and VM-Series firewalls with the exception of VMware NSX
B. n hardware only
C. nly one the PA-5000 Series and higher
D. ll hardware-based and VM-Series firewalls regardless of where installed
View answer
Correct Answer: B
Question #4
A service provider has acquired a pair of PA-7080s for its data center to secure its customer base's traffic. The server provider's traffic is largely generated by smart phones and averages 6.000,000 concurrent sessions.Which Network Processing Card should be recommended in the Bill of Materials?
A. A-7000-20GQ-NPC
B. A-7000-40G-NPC
C. A-7000-20GQXM-NPC
D. A-7000-20G-NPC
View answer
Correct Answer: C
Question #5
Which three deployment modes of VM-Series firewalls are supported across NSX-T? (Choose three )
A. otify device groups within VMware Services Manager
B. User-ID agent on a Windows domain server
C. Mware Information Sources
D. one, sharing happens by default
View answer
Correct Answer: ADE
Question #6
An endpoint, inside an organization, is infected with known malware that attempts to make a command-and-control connection to a C2 server via the destination IP addressWhich mechanism prevents this connection from succeeding?
A. NS Sinkholing
B. NS Proxy
C. nti-Spyware Signatures
D. ildfire Analysis
View answer
Correct Answer: A
Question #7
What are three requirements to automate service deployment of a VM-Series firewall from an NSX Manager? (Choose three.)
A. o into vCenter/NSX and push the objects to Panorama
B. elete and re-add the security group
C. o into Panorama and synchronize the Address objects with NSX
D. heck the NSX Security policy to ensure the security group has been used in a policy
View answer
Correct Answer: ACD
Question #8
In which two ways can PAN-OS software consume MineMeld outputs? (Choose two.)
A. ildFire hybrid deployment
B. minute WildFire updates to threat signatures
C. ccess to the WildFire API
D. E file upload to WildFire
View answer
Correct Answer: AD
Question #9
Which three new script types can be analyzed in WildFire? (Choose three.)
A. M-200
B. M-100
C. M-50
D. M-300
View answer
Correct Answer: ABE
Question #10
Which VM series model is NOT supported on VMware NSX platform?
A. M-500
B. M-1000-HV
C. M-700
D. M-300
View answer
Correct Answer: C
Question #11
Which are two use cases for HSCI ports on the SMC module on PA-7000 Series? (Choose two )
A. reate security groups only
B. reate security groups and mark them as exchangeable
C. reate security groups with tags marked as shareable
D. reate security groups and use them in an NSX-to-Palo Alto Networks redirection policy
View answer
Correct Answer: CD
Question #12
How frequently do WildFire signatures move into the antivirus database?
A. very 24 hours
B. very 12 hours
C. nce a week
D. very 1 hour
View answer
Correct Answer: A
Question #13
Decryption port mirroring is now supported on which platform?
A. 500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YR, 1x PAN-LGS-1TB-1YR
B. 500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YR, 1x PAN-SVC-BAS-PRA-25
C. 500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YRr 1x PAN-LGS-1TB-1YR, 1x PAN-PRA-25, 1x PAN-SVC-BAS-PRA-25
D. x PAN-GPCS-USER-C-BAS-1YR, 1x PAN-GPCS-NET-B-BAS-1YR, 1x PAN-LGS-1TB-1YR
View answer
Correct Answer: D
Question #14
What is the basis for purchasing Cortex XDR licensing?
A. olume of logs being processed based on Datalake purchased
B. umber of nodes and endpoints providing logs
C. nlimited licenses
D. umber of NGFWs
View answer
Correct Answer: B
Question #15
Which configuration is required to share NSX security groups as tags to be used by Dynamic Address Groups in a non-NSX firewall?
A. ahoo Maps
B. icrosoft Office 365
C. icrosoft Azure
D. oogle Docs
View answer
Correct Answer: B
Question #16
As you prepare to scan your Amazon S3 account, what enables Prisma service permission to access Amazon S3?
A. ccess key ID
B. ecret access key
C. dministrative Password
D. WS account ID
View answer
Correct Answer: A
Question #17
A customer in a non-NSX VMware environment wants to add a VM-Series firewall and to partition an existing group of VMs in the same subnet into two groups. One group needs no additional security, but the second group requires substantially more security. How can this partition be accomplished without editing the IP addresses or the default gateways of any of the guest VMs?
A. reate a new virtual switch and use the VM-Series firewall to separate virtual switches using Virtual Wire mode Then move the guests that require more security into the new virtual switch
B. dit the IP address of all of the affected VMs
C. end the VLAN out of the virtual environment into a hardware Palo Alto Networks firewall in Layer 3 mode
D. reate a Layer 3 interface in the same subnet as the VMs and configure proxy ARP
View answer
Correct Answer: D
Question #18
When the Cortex Data Lake is sized for Prisma Access mobile users, what is a valid log size range you would use per day. per user?
A. alo Alto Networks keep ports closed by default, only opening ports after understanding the application request, and then opening only the application-specified ports
B. alo Alto Networks does not consider port information, instead relying on App-ID signatures that do not reference ports
C. efault policies block all interzone traffic
D. alo Alto Networks NGFW protects all applications on all ports while leaving all ports opened by default
View answer
Correct Answer: D
Question #19
What are the benefits of NSX-V?
A. upports the Data Plane Development Kit (DPDK) libraries; enables Stackdnver Monitoring on the VMware Series Firewall; works with Cloud Launcher
B. irt-manager wizard to help with the installation process; virsh command to deploy the VM-Series; virt-install command to install
C. turdier centralized management; automated deployment ease in administering tenants and dedicated compute infrastructure; tighter integration between virtual environment and security enforcement of dynamic security
D. everages Prism Central
View answer
Correct Answer: A
Question #20
Which license is required to receive weekly dynamic updates to the correlation objects on the firewall and Panorama?
A. ildFire on the firewall, and AutoFocus on Panorama
B. hreat Prevention on the firewall, and Support on Panorama
C. lobalProtect on the firewall, and Threat Prevention on Panorama
D. RL Filtering on the firewall, and MineMeld on Panorama
View answer
Correct Answer: B
Question #21
Which option is required to Activate/Retrieve a Device Management License on the M-100 Appliance after the Auth Codes have been activated on the Palo Alto Networks Support Site?
A. enerate a Stats Dump File and upload it to the Palo Alto Networks support portal
B. elect Panorama > Licenses and click Activate feature using authorization code
C. enerate a Tech Support File and call PANTAC
D. elect Device > Licenses and click Activate feature using authorization code
View answer
Correct Answer: B
Question #22
How is traffic directed to a Palo Alto Networks firewall integrated with Cisco ACI?
A. y creating an access policy
B. hrough a policy-based redirect (PBR)
C. ontracts between EPGs that send traffic to the firewall using a shared policy
D. hrough a virtual machine monitor (VMM) domain
View answer
Correct Answer: C
Question #23
Which selection must be configured on PAN-OS External Dynamic Lists to support MineMeld indicators?
A. rototype
B. nputs
C. lass
D. eed Base URL
View answer
Correct Answer: D
Question #24
Which three new script types can be analyzed in WildFire? (Choose three.)
A. M-200
B. M-100
C. M-50
D. M-300
View answer
Correct Answer: ABE
Question #25
Which two new file types are supported on the WF-500 in PAN-OS 9? (Choose two)
A. raps TMS
B. utoFocus
C. anorama Correlation Report
D. irewall Botnet Report
View answer
Correct Answer: BD
Question #26
Which interface mode do you use to generate the statdump file that can be converted into an SLR? Assume that the SE wants to make the evaluation as unintrusive as possible.
A. irtual Wire
B. ayer 2
C. AP
D. ayer 3
View answer
Correct Answer: C
Question #27
Which two components must be configured within User-ID on a new firewall that has been implemented? (Choose two.)
A. reate a footnote within the SLR generation tool
B. dit the Key-Findings text to list the other types of categories that may be of interest
C. emove unwanted categories listed under 'High Risk' and use relevant information
D. roduce the report and edit the PDF manually
View answer
Correct Answer: AC
Question #28
When log sizing is factored for the Cortex Data Lake on the NGFW, what is the average log size used in calculation?
A. vulnerability profile to security policy rules that deny general web access
B. n antivirus profile to security policy rules that deny general web access
C. zone protection profile to the untrust zone
D. file blocking profile to security policy rules that allow general web access
View answer
Correct Answer: D
Question #29
Which license is required to receive weekly dynamic updates to the correlation objects on the firewall and Panorama?
A. ildFire on the firewall, and AutoFocus on Panorama
B. hreat Prevention on the firewall, and Support on Panorama
C. lobalProtect on the firewall, and Threat Prevention on Panorama
D. RL Filtering on the firewall, and MineMeld on Panorama
View answer
Correct Answer: B
Question #30
A company has deployed the following:-VM-300 firewalls in AWS-endpoint protection with the Traps Management Service-a Panorama M-200 for managing its VM-Series firewalls-PA-5220s for its internet perimeter,-Prisma SaaS for SaaS security.Which two products can send logs to the Cortex Data Lake? (Choose two).
A. nterface management profile on the zone of the ingress interface
B. one protection profile on the zone of the ingress interface
C. n App-ID security policy rule to block traffic sourcing from the untrust zone
D. ecurity profiles to security policy rules for traffic sourcing from the untrust zone
View answer
Correct Answer: CD
Question #31
When the Cortex Data Lake is sized for Prisma Access mobile users, what is a valid log size range you would use per day. per user?
A. alo Alto Networks keep ports closed by default, only opening ports after understanding the application request, and then opening only the application-specified ports
B. alo Alto Networks does not consider port information, instead relying on App-ID signatures that do not reference ports
C. efault policies block all interzone traffic
D. alo Alto Networks NGFW protects all applications on all ports while leaving all ports opened by default
View answer
Correct Answer: D
Question #32
Decryption port mirroring is now supported on which platform?
A. 500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YR, 1x PAN-LGS-1TB-1YR
B. 500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YR, 1x PAN-SVC-BAS-PRA-25
C. 500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YRr 1x PAN-LGS-1TB-1YR, 1x PAN-PRA-25, 1x PAN-SVC-BAS-PRA-25
D. x PAN-GPCS-USER-C-BAS-1YR, 1x PAN-GPCS-NET-B-BAS-1YR, 1x PAN-LGS-1TB-1YR
View answer
Correct Answer: D
Question #33
Which two options describe use cases of internal and external tags in Panorama? (Choose two.)
A. DN code hooks can help to detonate malicious file samples designed to detect virtual environments
B. raffic can be automatically redirected using static Address objects
C. XLAN or NVGRE traffic is terminated and inspected for translation to VLANs
D. ontrollers can program firewalls using a REST-based API
View answer
Correct Answer: AC
Question #34
Which capacity license does an administrator get with a pay-as-you-go license on Public Cloud market places?
A. M-100
B. M-1000
C. M-300
D. M-200
View answer
Correct Answer: A
Question #35
Which two components must be configured within User-ID on a new firewall that has been implemented? (Choose two.)
A. reate a footnote within the SLR generation tool
B. dit the Key-Findings text to list the other types of categories that may be of interest
C. emove unwanted categories listed under 'High Risk' and use relevant information
D. roduce the report and edit the PDF manually
View answer
Correct Answer: AC

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: