Tag - PSE-Strata Associate exam

Which of the following is an appropriate first step for a customer interested in moving to Zero Trust?A . Ask administrators to switch on the Zero Trust options and features of their current products. B. Secure the funding required to incorporate the new architecture into their existing networks. C. Set...

Which feature allows a customer to gain visibility and respond to changes in user behavior or potential threats without manual policy changes?A . User-ID agent B. dynamic user groups (DUGs) C. Lightweight Directory Access Protocol (LDAP) sync D. dynamic address objectsView AnswerAnswer: B

Which section of a Security Lifecycle Review (SLR) report summarizes risk exposure by breaking down a detected attack on the network?A . Advanced URL Filtering Analysis B. SaaSApplications C. Threats at a Glance D. Applications that Introduce RiskView AnswerAnswer: C

Which architecture is unique to Palo Alto Networks and results in no additional performance overhead when enabling additional features?A . multi-pass B. multiple-core threaded C. single-pass D. no-passView AnswerAnswer: C

An administrator wants to deploy a pair of firewalls in an active/active high availability (HA) architecture. Which two deployment types are supported in this circumstance? (Choose two.)A . Layer 3 B. TAP mode C. Virtual Wire D. Layer 2View AnswerAnswer: A,C Explanation: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClzkCAC https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/high-availability/ha-concepts/hamodes#id15a9d293-d220-431a-b616-bea9eedfdab2

How does Cloud Identity Engine (CIE) simplify deployment of cloudbased services to provide user authentication?A . It allows configuration of an authentication source once instead of for eachauthentication method. B. It expands the capability to filter and forward decrypted and non-decrypted Transport Layer Security (TLS) traffic. C. It ensures that...

Which two of the following are benefits of the Palo AltoNetworks Zero Trust architecture? (Choose two.)A . tighter access control B. increased detection of threats and infiltration C. more network segments D. cloud-based virtual private network (VPN)View AnswerAnswer: A,B

The Security Operations Center (SOC) has noticed that a user has large amounts of data going to and coming from an external encrypted website. The SOC would like to identify the data being sent to and received from this website. Which Secure Sockets Layer (SSL) decryption method supported by Palo...

Which architecture allows a Palo Alto Networks Next-Generation Firewall (NGFW) to achieve high performance with all security features enabled?A . single-pass parallel processing B. dual-pass processing C. multi-core processing D. parallel-pass single processingView AnswerAnswer: A

Which traffic will be blocked when application-default service is set on a Security policy?A . SSH traffic on TCP/22 B. HTTPS traffic on TCP/443 C. HTTP traffic on TCP/81 D. DNS traffic on UDP/53View AnswerAnswer: C