Palo Alto Networks PSE-Platform Exam Practice Test Instant Access

Question 1

What is a best practice when configuring a security policy to completely block a specific application?

AOne the Service/URL. Category tab, set the service to any

BOn the Actions tab, configure a file blocking security profile

COn the Service/URL. Category tab, set the service to application-default

DOn the Service/URL. Category tab, manually specify a port/service

Answer : A

Question 2

A prospective customer was the victim of a zero-day attack that compromised specific employees, who then became unwitting attack vectors. The customer does not want that to happen again.

Which two Palo Alto Networks platform components will help this customer? (Choose two.)

ATraps

BCorrelation Objects

CWildfire

DAutofocus

Answer : A, C

Question 3

Because of regulatory compliance a customer cannot decrypt specific types of traffic.

Which license should an SE recommend to the customer who will be decrypting traffic on the Palo Alto Networks firewall?

AApp-ID, to use applications as match criteria in the decryption policy rules

BSSL Decryption, for inbound inspection and granular Forward Proxy SSL decryption

CSupport, to request custom categories as match criteria in decryption policy rules

DURL Filtering, to use predefined URL categories as match criteria in the decryption policy rules

Answer : D

Question 4

An SE is preparing an SLR report for a school and wants to emphasize URL filtering capabilities because the school is concerned that its students are accessing inappropriate websites.

The URL categories being chosen by default in the report are not highlighting these types of websites.

How should the SE show the customer the firewall can detect that these websites are being accessed?

ARemove unwanted categories listed under ''High Risk'' and use relevant information

BCreate a footnote within the SLR generation tool

CEdit the Key-Findings text to list the other types of categories that may be of interest

DProduce the report and edit the PDF manually

Answer : A

Question 5

A service provider has acquired a pair of PA-7080s for its data center to secure its customer base's traffic. The server provider's traffic is largely generated by smart phones and averages 6,000,000 concurrent sessions.

Which Network Processing Card should be recommended in the Bill of Materials?

APA-7000-40G-NPC

BPA-7000-20GQ-NPC

CPA-7000-20GQXM-NPC

DPA-7000-20G-NPC

Answer : C

Question 6

What is the HA limitation specific to the PA-200 appliance?

ACan be deployed in either an active/passive or active/active HA pair

BCan only synchronize configurations and does not support session synchronization

CHas a dedicated HA1 and HA2 ports, but no HA3

DIs the only Palo Alto Networks firewall that does not have any HA capabilities

Answer : B

Question 7

An endpoint, inside an organization, is infected with known malware. The malware attempts to make a command and control connection to a C&C server via the destination IP address.

Which mechanism prevent this connection from succeeding?

ADNS Sinkholing

BDNS Proxy

CAnti-Spyware Signatures

DWildfire Analysis

Answer : A

Palo Alto Networks PSE Platform Exam Practice Test