Palo Alto Networks PSE-Platform Exam Practice Test Instant Access

Question 1

Palo Alto Networks publishes updated Command and Control signatures.

How frequently should the related signatures schedule be set?

AOnce an hour

BOnce every minute

COnce a week

DOnce a day

Answer : D

Question 2

What are three sources of malware sample data for the Palo Alto Networks Threat Intelligence Cloud? (Choose three.)

AThird-Party data feeds, like the partnership with ProofPoint and the Cyber Threat Alliance

BPalo Alto Networks AutoFocus generated Correlation Objects

CPalo Alto Networks Next Generation Firewalls deployed with Wildfire Analysis Security Profiles

DWF-500 configured as private clouds for privacy concerns

EPalo Alto Networks non-firewall products, like Traps and Aperture

Answer : A, B, E

https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/autofocus

Question 3

Which three methods used to map users to IP addresses are supported in Palo Alto Networks firewalls? (Choose three.)

AClient Probing

BTACACS

CeDirectory monitoring

DSNMP server

ELotus Domino

FRADIUS

GActive Directory monitoring

Answer : A, B, F

https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/user-id/user-id-concepts/user-mapping

Question 4

A customer is seeing an increase in the number of malicious files coming in from undetectable sources in their network. These files include doc and .pdf file types. The customer believes that someone has clicked an email that might have contained a malicious file type. The customer already uses a firewall with User-ID enabled.

Which feature must also be enabled to prevent these attacks?

AWildFire

BApp-ID

CCustom App-ID rules

DContent Filtering

Answer : A

Question 5

What is the recommended way to ensure that firewalls have the most current set of signatures for up-to-date protection?

AStore updates on an intermediary server and point all the firewalls to it

BMonitor update announcements and manually push updates to firewalls

CUtilize dynamic updates with an aggressive update schedule

DRun a Perl script to regularly check for updates and alert when one in released

Answer : B

Question 6

Which three application options can be selected in the security policy rule? (Choose three.)

AApplication Group

BIndividual Application

CApplication Risk

DApplication Filter

EApplication Category

Answer : A, B, D

Question 7

What two advantages of the DNS Sinkholing feature? (Choose two)

AIt can be deployed independently of an Anti-Spyware Profile.

BIt is monitoring DNS requests passively for malware domains.

CIt can work upstream from the internal DNS server.

DIt is forging DNS replies to known malicious domains.

Answer : C, D

https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/threat-prevention/dns-sinkholing

Palo Alto Networks PSE Platform PSE-Platform Exam Practice Test