Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: clap70

PSE-Strata-Pro-24 Palo Alto Networks Systems Engineer Professional - Hardware Firewall Questions and Answers

Questions 4

Which two tools should a systems engineer use to showcase the benefit of an evaluation that a customer has just concluded?

Options:

A.

Best Practice Assessment (BPA)

B.

Security Lifecycle Review (SLR)

C.

Firewall Sizing Guide

D.

Golden Images

Buy Now
Questions 5

A prospective customer wants to validate an NGFW solution and seeks the advice of a systems engineer (SE) regarding a design to meet the following stated requirements:

"We need an NGFW that can handle 72 Gbps inside of our core network. Our core switches only have up to 40 Gbps links available to which new devices can connect. We cannot change the IP address structure of the environment, and we need protection for threat prevention, DNS, and perhaps sandboxing."

Which hardware and architecture/design recommendations should the SE make?

Options:

A.

PA-5445 or larger to cover the bandwidth need and the link types; Architect aggregate interface groups in Layer-2 or virtual wire mode that include 2 x 40Gbps interfaces on both sides of the path.

B.

PA-5430 or larger to cover the bandwidth need and the link types; Architect aggregate interface groups in Layer-3 mode that include 40Gbps interfaces on both sides of the path.

C.

PA-5445 or larger to cover the bandwidth need and the link types; Architect aggregate interface groups in Layer-3 mode that include 40Gbps interfaces on both sides of the path.

D.

PA-5430 or larger to cover the bandwidth need and the link types; Architect aggregate interface groups in Layer-2 or virtual wire mode that include 2 x 40Gbps interfaces on both sides of the path.

Buy Now
Questions 6

Which two files are used to deploy CN-Series firewalls in Kubernetes clusters? (Choose two.)

Options:

A.

PAN-CN-NGFW-CONFIG

B.

PAN-CN-MGMT-CONFIGMAP

C.

PAN-CN-MGMT

D.

PAN-CNI-MULTUS

Buy Now
Questions 7

There are no Advanced Threat Prevention log events in a company's SIEM instance. However, the systems administrator has confirmed that the Advanced Threat Prevention subscription is licensed and that threat events are visible in the threat logs on the firewall.

Which action should the systems administrator take next?

Options:

A.

Enable the company's Threat Prevention license.

B.

Check with the SIEM vendor to verify that Advanced Threat Prevention logs are reaching the company's SIEM instance.

C.

Have the SIEM vendor troubleshoot its software.

D.

Ensure the Security policy rules that use Advanced Threat Prevention are set for log forwarding to the correct SIEM.

Buy Now
Questions 8

A large global company plans to acquire 500 NGFWs to replace its legacy firewalls and has a specific requirement for centralized logging and reporting capabilities.

What should a systems engineer recommend?

Options:

A.

Combine Panorama for firewall management with Palo Alto Networks' cloud-based Strata Logging Service to offer scalability for the company's logging and reporting infrastructure.

B.

Use Panorama for firewall management and to transfer logs from the 500 firewalls directly to a third-party SIEM for centralized logging and reporting.

C.

Highlight the efficiency of PAN-OS, which employs AI to automatically extract critical logs and generate daily executive reports, and confirm that the purchase of 500 NGFWs is sufficient.

D.

Deploy a pair of M-1000 log collectors in the customer data center, and route logs from all 500 firewalls to the log collectors for centralized logging and reporting.

Buy Now
Questions 9

A systems engineer (SE) has joined a team to work with a managed security services provider (MSSP) that is evaluating PAN-OS for edge connections to their customer base. The MSSP is concerned about how to efficiently handle routing with all of its customers, especially how to handle BGP peering, because it has created a standard set of rules and settings that it wants to apply to each customer, as well as to maintain and update them. The solution requires logically separated BGP peering setups for each customer. What should the SE do to increase the probability of Palo Alto Networks being awarded the deal?

Options:

A.

Work with the MSSP to plan for the enabling of logical routers in the PAN-OS Advanced Routing Engine to allow sharing of routing profiles across the logical routers.

B.

Collaborate with the MSSP to create an API call with a standard set of routing filters, maps, and related actions, then the MSSP can call the API whenever they bring on a new customer.

C.

Confirm to the MSSP that the existing virtual routers will allow them to have logically separated BGP peering setups, but that there is no method to handle the standard criteria across all of the routers.

D.

Establish with the MSSP the use of vsys as the better way to segregate their environment so that customer data does not intermingle.

Buy Now
Questions 10

A customer asks a systems engineer (SE) how Palo Alto Networks can claim it does not lose throughput performance as more Cloud-Delivered Security Services (CDSS) subscriptions are enabled on the firewall.

Which two concepts should the SE explain to address the customer's concern? (Choose two.)

Options:

A.

Parallel Processing

B.

Advanced Routing Engine

C.

Single Pass Architecture

D.

Management Data Plane Separation

Buy Now
Questions 11

What does Policy Optimizer allow a systems engineer to do for an NGFW?

Options:

A.

Recommend best practices on new policy creation

B.

Show unused licenses for Cloud-Delivered Security Services (CDSS) subscriptions and firewalls

C.

Identify Security policy rules with unused applications

D.

Act as a migration tool to import policies from third-party vendors

Buy Now
Questions 12

A customer claims that Advanced WildFire miscategorized a file as malicious and wants proof, because another vendor has said that the file is benign.

How could the systems engineer assure the customer that Advanced WildFire was accurate?

Options:

A.

Review the threat logs for information to provide to the customer.

B.

Use the WildFire Analysis Report in the log to show the customer the malicious actions the file took when it was detonated.

C.

Open a TAG ticket for the customer and allow support engineers to determine the appropriate action.

D.

Do nothing because the customer will realize Advanced WildFire is right.

Buy Now
Questions 13

According to a customer’s CIO, who is upgrading PAN-OS versions, “Finding issues and then engaging with your support people requires expertise that our operations team can better utilize elsewhere on more valuable tasks for the business.” The upgrade project was initiated in a rush because the company did not have the appropriate tools to indicate that their current NGFWs werereaching capacity.

Which two actions by the Palo Alto Networks team offer a long-term solution for the customer? (Choose two.)

Options:

A.

Recommend that the operations team use the free machine learning-powered AIOps for NGFW tool.

B.

Suggest the inclusion of training into the proposal so that the operations team is informed and confident in working on their firewalls.

C.

Inform the CIO that the new enhanced security features they will gain from the PAN-OS upgrades will fix any future problems with upgrading and capacity.

D.

Propose AIOps Premium within Strata Cloud Manager (SCM) to address the company’s issues from within the existing technology.

Buy Now
Questions 14

What are two methods that a NGFW uses to determine if submitted credentials are valid corporate credentials? (Choose two.)

Options:

A.

Group mapping

B.

LDAP query

C.

Domain credential filter

D.

WMI client probing

Buy Now
Questions 15

A company has multiple business units, each of which manages its own user directories and identity providers (IdPs) with different domain names. The company’s network security team wants to deploy a shared GlobalProtect remote access service for all business units to authenticate users to each business unit's IdP.

Which configuration will enable the network security team to authenticate GlobalProtect users to multiple SAML IdPs?

Options:

A.

GlobalProtect with multiple authentication profiles for each SAML IdP

B.

Multiple authentication mode Cloud Identity Engine authentication profile for use on the GlobalProtect portals and gateways

C.

Authentication sequence that has multiple authentication profiles using different authentication methods

D.

Multiple Cloud Identity Engine tenants for each business unit

Buy Now
Questions 16

Regarding APIs, a customer RFP states: "The vendor’s firewall solution must provide an API with an enforcement mechanism to deactivate API keys after two hours." How should the response address this clause?

Options:

A.

Yes - This is the default setting for API keys.

B.

No - The PAN-OS XML API does not support keys.

C.

No - The API keys can be made, but there is no method to deactivate them based on time.

D.

Yes - The default setting must be changed from no limit to 120 minutes.

Buy Now
Questions 17

A security engineer has been tasked with protecting a company's on-premises web servers but is not authorized to purchase a web application firewall (WAF).

Which Palo Alto Networks solution will protect the company from SQL injection zero-day, command injection zero-day, Cross-Site Scripting (XSS) attacks, and IIS exploits?

Options:

A.

Threat Prevention and PAN-OS 11.x

B.

Advanced Threat Prevention and PAN-OS 11.x

C.

Threat Prevention, Advanced URL Filtering, and PAN-OS 10.2 (and higher)

D.

Advanced WildFire and PAN-OS 10.0 (and higher)

Buy Now
Questions 18

The PAN-OS User-ID integrated agent is included with PAN-OS software and comes in which two forms? (Choose two.)

Options:

A.

Integrated agent

B.

GlobalProtect agent

C.

Windows-based agent

D.

Cloud Identity Engine (CIE)

Buy Now
Exam Code: PSE-Strata-Pro-24
Exam Name: Palo Alto Networks Systems Engineer Professional - Hardware Firewall
Last Update: Apr 1, 2025
Questions: 60
PSE-Strata-Pro-24 pdf

PSE-Strata-Pro-24 PDF

$25.5  $84.99
PSE-Strata-Pro-24 Engine

PSE-Strata-Pro-24 Testing Engine

$30  $99.99
PSE-Strata-Pro-24 PDF + Engine

PSE-Strata-Pro-24 PDF + Testing Engine

$40.5  $134.99