Palo Alto Networks PSE-Platform Exam Practice Test Instant Access

Question 1

Which license is required to receive weekly dynamic updates to the correlation objects on the firewall and Panorama?

AWildFire on the firewall, and AutoFocus on Panorama

BURL Filtering on the firewall, and MindMeld on Panorama

CThreat Prevention on the firewall, and Support on Panorama

DGlobalProtect on the firewall, and Threat Prevention on Panorama

Answer : C

Question 2

Which two tabs in Panorama can be used to identify templates to define a common base configuration? (Choose two)

AMonitor Tab

BNetwork Tab

CDevice Tab

DObjects Tab

EPolicies Tab

Answer : B, C

https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/panorama-web-interface/panorama-templates/template-stacks

Question 3

What two advantages of the DNS Sinkholing feature? (Choose two)

AIt can be deployed independently of an Anti-Spyware Profile.

BIt is monitoring DNS requests passively for malware domains.

CIt can work upstream from the internal DNS server.

DIt is forging DNS replies to known malicious domains.

Answer : C, D

https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/threat-prevention/dns-sinkholing

Question 4

What is the HA limitation specific to the PA-200 appliance?

ACan be deployed in either an active/passive or active/active HA pair

BCan only synchronize configurations and does not support session synchronization

CHas a dedicated HA1 and HA2 ports, but no HA3

DIs the only Palo Alto Networks firewall that does not have any HA capabilities

Answer : B

Question 5

Which three items contain information about Command and Control (C&C) hosts? (Choose three.)

AThreat logs

BData filtering logs

CBotnet reports

DSaaS reports

EWildFire analysts reports

Answer : B, C, E

Question 6

How does SSL Forward Proxy decryption work?

ASSL Forward Proxy decryption policy decrypts and inspects SSL/TLS traffic from internal users to the web.

BThe SSL Forward Proxy Firewall creates a certificate intended for the client that is intercepted and altered by the firewall.

CIf the server's certificate is signed by a CA that the firewall does not trust, the firewall will use the certificate only on Forward Trust.

DThe firewall resides between the internal client and internal server to intercept traffic between the two.

Answer : A

Question 7

What is the recommended way to ensure that firewalls have the most current set of signatures for up-to-date protection?

AStore updates on an intermediary server and point all the firewalls to it

BMonitor update announcements and manually push updates to firewalls

CUtilize dynamic updates with an aggressive update schedule

DRun a Perl script to regularly check for updates and alert when one in released

Answer : B

Palo Alto Networks PSE-Platform PSE Platform Exam Practice Test