Palo Alto Networks System Engineer Professional - Strata
Last exam update: Dec 18 ,2024
Page 1 out of 9. Viewing questions 1-10 out of 91
Question 1
What is the correct behavior when a Palo Alto Networks next-generation firewall (NGFW) is unable to retrieve a DNS verdict from DNS service cloud in the configured lookup time?
A.
NGFW discard a response from the DNS server.
B.
NGFW temporarily disable DNS Security function.
C.
NGFW permit a response from the DNS server.
D.
NGFW resend a verdict challenge to DNS service cloud.
WildFire can discover zero-day malware in which three types of traffic? (Choose three.)
A.
TFTP
B.
SMTP
C.
DNS
D.
FTP
E.
HTTPS
Answer:
bde
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
0/ 1000
Question 3
If a Palo Alto Networks Next-Generation Firewall (NGFW) already has Advanced Threat Prevention (ATP) enabled what is the throughput impact of also enabling Wildfire and Advanced URL Filtering (AURLF)?
A.
The throughput will decrease with each additional subscription enabled.
B.
The throughput will remain consistent, but the maximum number of simultaneous sessions will decrease.
C.
The throughput will remain consistent regardless of the additional subscriptions enabled.
D.
The throughput will decrease, but the maximum simultaneous sessions will remain consistent.
Answer:
d
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 4
What is the default behavior in PAN-OS when a 12 MB portable executable (PE) file is forwarded to the WildFire cloud service?
A.
Flash file is not forwarded.
B.
Flash file is forwarded.
C.
PE File is forwarded.
D.
PE File is not forwarded.
Answer:
c
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 5
Which two statements correctly describe what a Network Packet Broker does for a Palo Alto Networks NGFW? (Choose two.)
A.
It provides a third-party SSL decryption option, which can increase the total number of third-party devices performing analysis and enforcement.
B.
It allows SSL decryption to be offloaded to the NGFW and traffic to be decrypted only once.
C.
It eliminates the need for a third-party SSL decryption option, which reduces the total number of third-party devices performing decryption.
D.
It allows SSL decryption to be offloaded to the NGFW and traffic to be decrypted multiple times.
Answer:
bc
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 6
The WildFire Inline Machine Learning is configured using which Content-ID profiles?
In Panorama, which three reports or logs will help identify the inclusion of a host / source in a command-and-control (C2) incident? (Choose three.)
A.
WildFire analysis reports
B.
data filtering logs
C.
hotnet reports
D.
threat logs
E.
SaaS reports
Answer:
abc
User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
0/ 1000
Question 9
What will a Palo Alto Networks next-generation firewall (NGFW) do when it is unable to retrieve a DNS verdict from the DNS cloud service in the configured lookup time?
A.
block the query
B.
allow the request and all subsequent responses
C.
temporarily disable the DNS Security function
D.
discard the request and all subsequent responses
Answer:
b
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 10
A customer with a legacy firewall architecture is focused on port and protocol level security, and has heard that next generation firewalls open all ports by default. What is the appropriate rebuttal that positions the value of a NGFW over a legacy firewall?
A.
Palo Alto Networks does not consider port information, instead relying on App-ID signatures that do not reference ports
B.
Default policies block all interzone traffic. Palo Alto Networks empowers you to control applications by default ports or a configurable list of approved ports on a per-policy basis
C.
Palo Alto Networks keep ports closed by default, only opening ports after understanding the application request, and then opening only the application- specified ports
D.
Palo Alto Networks NGFW protects all applications on all ports while leaving all ports opened by default