PSE Strata Palo Alto Networks System Engineer Professional – Strata exam is a hot Paloalto Networks certification exam, Exam4Training offers you the latest free online PSE Strata dumps to practice. You can get online training in the following questions, all these questions are verified by Paloalto Networks experts. If this exam changed, we will share new update questions.
Which three considerations should be made prior to installing a decryption policy on the NGFW? (Choose three.)
A . Include all traffic types in decryption policy
B . Inability to access websites
C . Exclude certain types of traffic in decryption policy
D . Deploy decryption setting all at one time
E . Ensure throughput is not an issue
Answer: B,C,E
DRAG DROP
Match the functions to the appropriate processing engine within the dataplane.
Answer: 
An administrator wants to justify the expense of a second Panorama appliance for HA of the management layer.
The customer already has multiple M-100s set up as a log collector group .
What are two valid reasons for deploying Panorama in High Availability? (Choose two.)
A . Control of post rules
B . Control local firewall rules
C . Ensure management continuity
D . Improve log collection redundancy
Answer: C,D
When having a customer pre-sales call, which aspects of the NGFW should be covered?
A . The NGFW simplifies your operations through analytics and automation while giving you consistent protection through exceptional visibility and control across the data center, perimeter, branch, mobile and cloud networks
B . The Palo Alto Networks-developed URL filtering database, PAN-DB provides high-performance local caching for maximum inline performance on URL lookups, and offers coverage against malicious URLs and IP addresses. As WildFire identifies unknown malware, zero-day exploits, and advanced persistent threats (APTs), the PAN-DB database is updated with information on malicious URLs so that you can block malware downloads and disable Command and Control (C2) communications to protect your network from cyberthreats. URL categories that identify confirmed malicious content ― malware, phishing, and C2 are updated every five minutes ― to ensure that you can manage access to these sites within minutes of categorization
C . The NGFW creates tunnels that allow users/systems to connect securely over a public network, as if they were connecting over a local area network (LAN). To set up a VPN tunnel you need a pair of devices that can authenticate each other and encrypt the flow of information between them The devices can be a pair of Palo Alto Networks firewalls, or a Palo Alto Networks firewall along with a VPN-capable device from another vendor
D . Palo Alto Networks URL Filtering allows you to monitor and control the sites users can access, to prevent phishing attacks by controlling the sites to which users can submit valid corporate credentials, and to enforce safe search for search engines like Google and Bing
Answer: D
Explanation:
Reference: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/url-filtering
When the Cortex Data Lake is sized for Prisma Access mobile users, what is a valid log size range you would use per day. per user?
A . 1500 to 2500 bytes
B . 10MB to 30 MB
C . 1MB to 5 MB
D . 100MB to 200 MB
Answer: D
What are two advantages of the DNS Sinkholing feature? (Choose two.)
A . It forges DNS replies to known malicious domains.
B . It monitors DNS requests passively for malware domains.
C . It can be deployed independently of an Anti-Spyware Profile.
D . It can work upstream from the internal DNS server.
Answer: A,D
Explanation: https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/threat-prevention/dns-sinkholing
Which two tabs in Panorama can be used to identify templates to define a common base configuration? (Choose two.)
A . Network Tab
B . Policies Tab
C . Device Tab
D . Objects Tab
Answer: A,C
Explanation: https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/panorama-web-interface/panorama-templates/template-stacks
What are three considerations when deploying User-ID? (Choose three.)
A . Specify included and excluded networks when configuring User-ID
B . Only enable User-ID on trusted zones
C . Use a dedicated service account for User-ID services with the minimal permissions necessary
D . User-ID can support a maximum of 15 hops
E . Enable WMI probing in high security networks
Answer: A,B,C
What action would address the sub-optimal traffic path shown in the figure?
Key:
RN – Remote Network
SC – Service Connection
MU GW – Mobile User Gateway
A . Onboard a Service Connection in the Americas region
B . Remove the Service Connection in the EMEA region
C . Onboard a Service Connection in the APAC region
D . Onboard a Remote Network location in the EMEA region
Answer: C
Select the BOM for the Prisma Access, to provide access for 5500 mobile users and 10 remote locations (100Mbps each) for one year, including Base Support and minimal logging. The customer already has 4x PA5220r 8x PA3220,1x Panorama VM for 25 devices.
A . 5500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YR, 1x PAN-LGS-1TB-1YR
B . 5500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YR, 1x PAN-SVC-BAS-PRA-25. 1x PAN-PRA-25
C . 5500x PAN-GPCS-USER-C-BAS-1YR, 1000x PAN-GPCS-NET-B-BAS-1YRr 1x PAN-LGS-1TB-1YR, 1x PAN-PRA-25, 1x PAN-SVC-BAS-PRA-25
D . 1x PAN-GPCS-USER-C-BAS-1YR, 1x PAN-GPCS-NET-B-BAS-1YR, 1x PAN-LGS-1TB-1YR
Answer: A