PSE-STRATA-ASSOCIATE Online Practice Questions and Answers

Which feature allows a customer to gain visibility and respond to changes in user behavior or potential threats without manual policy changes?

A. User-ID agent

B. dynamic user groups (DUGs)

C. Lightweight Directory Access Protocol (LDAP) sync

D. dynamic address objects

Which traffic will be blocked when application-default service is set on a Security policy?

A. SSH traffic on TCP/22

B. HTTPS traffic on TCP/443

C. HTTP traffic on TCP/81

D. DNS traffic on UDP/53

Which of the following is an appropriate first step for a customer interested in moving to Zero Trust?

A. Ask administrators to switch on the Zero Trust options and features of their current products.

B. Secure the funding required to incorporate the new architecture into their existing networks.

C. Set priorities by identifying the most valuable and critical assets and data on their networks.

D. Request a statement ofcompliance from their IT vendors against the Zero Trust standard.

Which two of the following are ways that Palo Alto Networks CloudDelivered Security Services (CDSS) use confidential information collected from users? (Choose two.)

Select 2 Correct Responses

A. legal compliance

B. attack retaliation attribution

C. verification of entitlements

D. verification of applicant statements

Which three key functions are processed as part of the Palo Alto Networks single-pass architecture (SPA)?

(Choose three.)

Select 3 Correct Responses

A. User-ID

B. Content-ID

C. Intruder-ID

D. Device-ID

E. Virus-ID

In which two of the following scenarios is personal data excluded fromprotection under the General Data Protection Regulation (GDPR)?

Select 2 Correct Responses

A. The data was automated as part of an information filing system.

B. The data was generated in the course of a purely personal or household activity.

C. The data will be used for the prevention of criminal offenses.

D. The data is related to a person's economic or cultural identity.

A Human Resources (HR) application has the URL of https://hr.company.com:4433/.

How should the "Service" column of the Security policy be set to match and permit this application?

A. Define and then select a new custom Transmission Control Protocol (TCP) service with port 4433.

B. Edit "service-https" to use port 4433.

C. Set to "service-http".

D. Set to "application-defaults," which will locate and match the HR application.

Which of the following statements applies to enabling App-ID on a Next-Generation Firewall (NGFW)?

A. No additional purchase is required, but App-ID must be enabled for the customer to use it.

B. An App-ID subscription must be purchased and enabled.

C. No configuration is required, because App-ID is always enabled by default.

D. A Threat Protection license must be purchased and enabled.

Which Next-Generation Firewall (NGFW) deployment model allows an organization to monitor trafficduring evaluations without interruption to network traffic?

A. Layer 2

B. TAP mode

C. virtual wire

D. Layer 3

Which Palo Alto Networks product offers a centrally managed firewall update process?

A. SD_WAN

B. Prisma SaaS

C. Panorama

D. WildFire