PSE-STRATA-PRO-24 Exam Questions
60 real PSE-STRATA-PRO-24 exam questions with expert-verified answers and explanations. Page 1 of 2.
- Question #1
A customer sees unusually high DNS traffic to an unfamiliar IP address. Which Palo Alto Networks Cloud-Delivered Security Services (CDSS) subscription should be enabled to further...
- Question #2
While responding to a customer RFP, a systems engineer (SE) is presented the question, "How do PANW firewalls enable the mapping of transactions as part of Zero Trust principles?"...
- Question #3
Which two files are used to deploy CN-Series firewalls in Kubernetes clusters? (Choose two.)
- Question #4
A current NGFW customer has asked a systems engineer (SE) for a way to prove to their internal management team that its NGFW follows Zero Trust principles. Which action should the...
- Question #5
A company with Palo Alto Networks NGFWs protecting its physical data center servers is experiencing a performance issue on its Active Directory (AD) servers due to high numbers of...
- Question #6
As a team plans for a meeting with a new customer in one week, the account manager prepares to pitch Zero Trust. The notes provided to the systems engineer (SE) in preparation for...
- Question #7
According to a customer's CIO, who is upgrading PAN-OS versions, "Finding issues and then engaging with your support people requires expertise that our operations team can better u...
- Question #8
A prospective customer is concerned about stopping data exfiltration, data infiltration, and command-and-control (C2) activities over port 53. Which subscription(s) should the syst...
- Question #9
Which statement appropriately describes performance tuning Intrusion Prevention System (IPS) functions on a Palo Alto Networks NGFW running Advanced Threat Prevention?
- Question #10
A systems engineer (SE) successfully demonstrates NGFW managed by Strata Cloud Manager (SCM) to a company. In the resulting planning phase of the proof of value (POV), the CISO req...
- Question #11
Which three use cases are specific to Policy Optimizer? (Choose three.)
- Question #12
A systems engineer should create a profile that blocks which category to protect a customer from ransomware URLs by using Advanced URL Filtering?
- Question #13
Which technique is an example of a DNS attack that Advanced DNS Security can detect and prevent?
- Question #14
A security engineer has been tasked with protecting a company's on-premises web servers but is not authorized to purchase a web application firewall (WAF). Which Palo Alto Networks...
- Question #15
When a customer needs to understand how Palo Alto Networks NGFWs lower the risk of exploitation by newly announced vulnerabilities known to be actively attacked, which solution and...
- Question #16
Which two methods are valid ways to populate user-to-IP mappings? (Choose two.)
- Question #17
What are three valid Panorama deployment options? (Choose three.)
- Question #18
What does Policy Optimizer allow a systems engineer to do for an NGFW?
- Question #19
What is the minimum configuration to stop a Cobalt Strike Malleable C2 attack inline and in real time?
- Question #20
Which two statements clarify the functionality and purchase options for Palo Alto Networks AIOps for NGFW? (Choose two.)
- Question #21
In which two locations can a Best Practice Assessment (BPA) report be generated for review by a customer? (Choose two.)
- Question #22
Which two tools should a systems engineer use to showcase the benefit of an evaluation that a customer has just concluded?
- Question #23
What is used to stop a DNS-based threat?
- Question #24
A company with a large Active Directory (AD) of over 20,000 groups has user roles based on group membership in the directory. Up to 1,000 groups may be used in Security policies. T...
- Question #25
Which two actions should a systems engineer take when a customer is concerned about how to remain aligned to Zero Trust principles as they adopt additional security features over t...
- Question #26
Which three tools can a prospective customer use to evaluate Palo Alto Networks products to assess where they will fit in the existing architecture? (Choose three)
- Question #27
Which two statements correctly describe best practices for sizing a firewall deployment with decryption enabled? (Choose two.)
- Question #28
While a quote is being finalized for a customer that is purchasing multiple PA-5400 series firewalls, the customer specifies the need for protection against zero-day malware attack...
- Question #29
A prospective customer is interested in Palo Alto Networks NGFWs and wants to evaluate the ability to segregate its internal network into unique BGP environments. Which statement d...
- Question #30
In addition to Advanced DNS Security, which three Cloud-Delivered Security Services (CDSS) subscriptions utilize inline machine learning (ML)? (Choose three)
- Question #31
Which two compliance frameworks are included with the Premium version of Strata Cloud Manager (SCM)? (Choose two)
- Question #32
Which use case is valid for Palo Alto Networks Next-Generation Firewalls (NGFWs)?
- Question #33
What would make a customer choose an on-premises solution over a cloud-based SASE solution for their network?
- Question #34
In addition to DNS Security, which three Cloud-Delivered Security Services (CDSS) subscriptions are minimum recommendations for all NGFWs that handle north-south traffic? (Choose t...
- Question #35
A systems engineer (SE) has joined a team to work with a managed security services provider (MSSP) that is evaluating PAN-OS for edge connections to their customer base. The MSSP i...
- Question #36
A customer has acquired 10 new branch offices, each with fewer than 50 users and no existing firewall. The systems engineer wants to recommend a PA-Series NGFW with Advanced Threat...
- Question #37
Which two products can be integrated and managed by Strata Cloud Manager (SCM)? (Choose two)
- Question #38
What are the first two steps a customer should perform as they begin to understand and adopt Zero Trust principles? (Choose two)
- Question #39
Which action can help alleviate a prospective customer's concerns about transitioning from a legacy firewall with port-based policies to a Palo Alto Networks NGFW with application-...
- Question #40
A company plans to deploy identity for improved visibility and identity-based controls for least privilege access to applications and data. The company does not have an on-premises...
- Question #41
A systems engineer (SE) is working with a customer that is fully cloud-deployed for all applications. The customer is interested in Palo Alto Networks NGFWs but describes the follo...
- Question #42
A customer claims that Advanced WildFire miscategorized a file as malicious and wants proof, because another vendor has said that the file is benign. How could the systems engineer...
- Question #43
Which three known variables can assist with sizing an NGFW appliance? (Choose three.)
- Question #44
Which statement applies to the default configuration of a Palo Alto Networks NGFW?
- Question #45
A company has multiple business units, each of which manages its own user directories and identity providers (IdPs) with different domain names. The company's network security team...
- Question #46
Device-ID can be used in which three policies? (Choose three.)
- Question #47
A prospective customer wants to validate an NGFW solution and seeks the advice of a systems engineer (SE) regarding a design to meet the following stated requirements: "We need an...
- Question #48
The efforts of a systems engineer (SE) with an industrial mining company account have yielded interest in Palo Alto Networks as part of its effort to incorporate innovative design...
- Question #49
There are no Advanced Threat Prevention log events in a company's SIEM instance. However, the systems administrator has confirmed that the Advanced Threat Prevention subscription i...
- Question #50
A customer asks a systems engineer (SE) how Palo Alto Networks can claim it does not lose throughput performance as more Cloud-Delivered Security Services (CDSS) subscriptions are...