暗記メーカー

暗記メーカー

ログイン
PSE-Strata
問題数 183 • 2024/06/14
  • His Taro
    • 通報

    問題一覧

  • 1

    What is the key benefit of Palo Alto Networks Single Pass Parallel Processing design?

    Only one processor is needed to complete all the functions within the box

  • 2

    Which security profile on the NGFW includes signatures to protect you from brute force attacks?

    Vulnerability Protection Profile

  • 3

    The need for a file proxy solution, virus and spyware scanner, a vulnerability scanner, and HTTP decoder for URL filtering is handled by which component in the NGFW?

    Stream-based Signature Engine

  • 4

    A customer is looking for an analytics tool that uses the logs on the firewall to detect actionable events on the network. They require something to automatically process a series of related threat events that, when combined, indicate a likely compromised host on their network or some other higher level conclusion. They need to pinpoint the area of risk, such as compromised hosts on the network, allows you to assess the risk and take action to prevent exploitation of network resources. Which feature of PAN-OS can you talk about to address their requirement to optimize their business outcomes?

    The Automated Correlation Engine

  • 5

    Which two email links, contained in SMTP and POP3, can be submitted from WildFire analysis with a WildFire subscription? (Choose two.)

    HTTPS , HTTP

  • 6

    What two types of certificates are used to configure SSL Forward Proxy? (Choose two.)

    Enterprise CA-signed certificates , Self-Signed certificates

  • 7

    Which two of the following does decryption broker provide on a NGFW? (Choose two.)

    Decryption broker allows you to offload SSL decryption to the Palo Alto Networks next-generation firewall and decrypt traffic only once , Eliminates the need for a third party SSL decryption option which allows you to reduce the total number of third party devices performing analysis and enforcement

  • 8

    There are different Master Keys on Panorama and managed firewalls. What is the result if a Panorama Administrator pushes configuration to managed firewalls?

    The push operation will fail regardless of an error or not within the configuration itself

  • 9

    Which task would be identified in Best Practice Assessment tool?

    identify and provide recommendations for device management access

  • 10

    A customer requests that a known spyware threat signature be triggered based on a rate of occurrence, for example, 10 hits in 5 seconds. How is this goal accomplished?

    Create a custom spyware signature matching the known signature with the time attribute

  • 11

    Which two features are found in Palo Alto Networks NGFW but are absent in a legacy firewall product? (Choose two.)

    Policy match is based on application , Identification of application is possible on any port

  • 12

    For customers with high bandwidth requirements for Service Connections, what two limitations exist when onboarding multiple Service Connections to the same Prisma Access location servicing a single Datacenter? (Choose two.)

    Network segments in the Datacenter need to be advertised to only one Service Connection , The customer edge device needs to support policy-based routing with symmetric return functionality

  • 13

    Which three categories are identified as best practices in the Best Practice Assessment tool? (Choose three.)

    use of device management access and settings , measure the adoption of URL filters, App-ID, User-ID, use of decryption policies

  • 14

    You have a prospective customer that is looking for a way to provide secure temporary access to contractors for a designated period of time. They currently add contractors to existing user groups and create ad hoc policies to provide network access. They admit that once the contractor no longer needs access to the network, administrators are usually too busy to manually delete policies that provided access to the contractor. This has resulted in over-provisioned access that has allowed unauthorized access to their systems. They are looking for a solution to automatically remove access for contractors once access is no longer required. You address their concern by describing which feature in the NGFW?

    Dynamic User Groups

  • 15

    Which methods are used to check for Corporate Credential Submissions? (Choose three.)

    Group Mapping , Domain Credential Filter, IP User Mapping

  • 16

    WildFire subscription supports analysis of which three types? (Choose three.)

    7-Zip , Flash , ISO

  • 17

    The WildFire Inline Machine Learning is configured using which Content-ID profiles?

    Threat Prevention Profile

  • 18

    n an HA pair running Active/Passive mode, over which interface do the dataplanes communicate?

    HA2

  • 19

    A potential customer requires an NGFW solution which enables high-throughput, low-latency network security, all while incorporating unprecedented features and technology. They need a solution that solves the performance problems that plague today's security infrastructure. Which aspect of the Palo Alto Networks NGFW capabilities can you highlight to help them address the requirements?

    SP3 (Single Pass Parallel Processing)

  • 20

    What filtering criteria is used to determine what users to include as members of a dynamic user group?

    Tags

  • 21

    Which three features are used to prevent abuse of stolen credentials? (Choose three.)

    multi-factor authentication , URL Filtering Profiles , SSL decryption rules

  • 22

    A customer has business-critical applications that rely on the general web-browsing application. Which security profile can help prevent drive-by-downloads while still allowing web-browsing traffic?

    File Blocking Profile

  • 23

    Which three settings must be configured to enable Credential Phishing Prevention? (Choose three.)

    enable User-ID, define an SSL decryption rulebase, define URL Filtering Profile

  • 24

    A customer with a legacy firewall architecture is focused on port and protocol level security, and has heard that next generation firewalls open all ports by default. What is the appropriate rebuttal that positions the value of a NGFW over a legacy firewall?

    Default policies block all interzone traffic. Palo Alto Networks empowers you to control applications by default ports or a configurable list of approved ports on a per-policy basis

  • 25

    Which four actions can be configured in an Anti-Spyware profile to address command-and-control traffic from compromised hosts? (Choose four.)

    Reset , Drop , Allow , Alert

  • 26

    What are three valid sources that are supported for user IP address mapping in Palo Alto Networks NGFW? (Choose three.)

    Client Probing , Active Directory monitoring , eDirectory monitoring

  • 27

    Which CLI allows you to view the names of SD-WAN policy rules that send traffic to the specified virtual SD-WAN interface, along with the performance metrics?

    >show sdwan rule vif sdwan.x

  • 28

    Which two actions can be taken to enforce protection from brute force attacks in the security policy? (Choose two.)

    Attach the vulnerability profile to a security rule , Install content updates that include new signatures to protect against emerging threats

  • 29

    A customer is concerned about zero-day targeted attacks against its intellectual property. Which solution informs a customer whether an attack is specifically targeted at them?

    Cortex XDR Prevent

  • 30

    Which three actions should be taken before deploying a firewall evaluation unit in the customer's environment? (Choose three.)

    Reset the evaluation unit to factory default to ensure that data from any previous customer evaluation is removed , Upgrade the evaluation unit to the most current recommended firmware, unless a demo of the upgrade process is planned , Inform the customer that they will need to provide a SPAN port for the evaluation unit assuming a TAP mode deployment

  • 31

    Which three activities can the botnet report track? (Choose three.)

    Accessing domains registered in the last 30 days, Visiting a malicious URL, Using dynamic DNS domain providers

  • 32

    A customer requires protections and verdicts for PE (portable executable) and ELF (executable and linkable format) as well as integration with products and services can also access the immediate verdicts to coordinate enforcement to prevent successful attacks. What competitive feature does Palo Alto Networks provide that will address this requirement?

    WildFire

  • 33

    Which statement is true about Deviating Devices and metrics?

    A metric health baseline is determined by averaging the health performance for a given metric over seven days plus the standard deviation

  • 34

    Palo Alto Networks publishes updated Command-and-Control signatures. How frequently should the related signatures schedule be set?

    Once a week

  • 35

    Which two methods will help avoid Split Brain when running HA in Active/Active mode? (Choose two.)

    Configure a Backup HA1 Interface , Configure a Heartbeat Backup

  • 36

    Which three script types can be analyzed in WildFire? (Choose three.)

    JScript, PowerShell Script, VBScript

  • 37

    What helps avoid split brain in active/passive HA pair deployment?

    Use the management interface as the HA1 backup link

  • 38

    What are three considerations when deploying User-ID? (Choose three.)

    Specify included and excluded networks when configuring User-ID , Only enable User-ID on trusted zones , Use a dedicated service account for User-ID services with the minimal permissions necessary

  • 39

    Which three considerations should be made prior to installing a decryption policy on the NGFW? (Choose three.)

    Inability to access websites, Exclude certain types of traffic in decryption policy , Include all traffic types in decryption policy

  • 40

    Which three components are specific to the Query Builder found in the Custom Report creation dialog of the firewall? (Choose three.)

    Connector , Operator , Attribute

  • 41

    Which CLI commands allows you to view SD-WAN events such as path selection and path quality measurements?

    show sdwan event

  • 42

    Which three steps in the cyberattack lifecycle does Palo Alto Networks Security Operating Platform prevent? (Choose three.)

    deliver the malware , exfiltrate data , lateral movement

  • 43

    Which profile or policy should be applied to protect against port scans from the internet?

    Zone protection profile on the zone of the ingress interface

  • 44

    Which two products are included in the Prisma Brand? (Choose two.)

    Prisma Cloud Compute , Prisma Cloud Enterprise

  • 45

    Which three platform components can identify and protect against malicious email links? (Choose three.)

    WildFire hybrid cloud solution, WildFire public cloud, WF-500

  • 46

    When having a customer pre-sales call, which aspects of the NGFW should be covered?

    The NGFW simplifies your operations through analytics and automation while giving you consistent protection through exceptional visibility and control across the data center, perimeter, branch, mobile and cloud networks

  • 47

    What aspect of PAN-OS allows for the NGFW admin to create a policy that provides auto-remediation for anomalous user behavior and malicious activity while maintaining user visibility?

    Dynamic User Groups

  • 48

    You have enabled the WildFire ML for PE files in the antivirus profile and have added the profile to the appropriate firewall rules. When you go to Palo Alto Networks WildFire test av file and attempt to download the test file it is allowed through. In order to verify that the machine learning is working from the command line, which command returns a valid result?

    show mlav cloud-status

  • 49

    What action would address the sub-optimal traffic path shown in the figure? Key: RN - Remote Network - SC - Service Connection - MU GW - Mobile User Gateway - A. Onboard a Service Connection in the Americas region B. Remove the Service Connection in the EMEA region C. Onboard a Service Connection in the APAC region D. Onboard a Remote Network location in the EMEA region

    Onboard a Service Connection in the Americas region

  • 50

    What are the three possible verdicts in WildFire Submissions log entries for a submitted sample? (Choose four.)

    Benign, Malicious, Phishing, Grayware

  • 51

    What two types of traffic should you exclude from a decryption policy? (Choose two.)

    All Business and regulatory traffic, All Mutual Authentication traffic

  • 52

    Which functionality is available to firewall users with an active Threat Prevention subscription, but no WildFire license?

    PE file upload to WildFire

  • 53

    What is the recommended way to ensure that firewalls have the most current set of signatures for up-to-date protection?

    Utilize dynamic updates with an aggressive update schedule

  • 54

    What three Tabs are available in the Detailed Device Health on Panorama for hardware-based firewalls? (Choose three.)

    Environments, Interfaces , Sessions

  • 55

    What component is needed if there is a large scale deployment of Next Generation Firewalls with multiple Panorama Management Servers?

    Panorama Interconnect Plugin

  • 56

    Which is the smallest Panorama solution that can be used to manage up to 2500 Palo Alto Networks Next Generation firewalls?

    Panorama VM-Series

  • 57

    XYZ Corporation has a legacy environment with asymmetric routing. The customer understands that Palo Alto Networks firewalls can support asymmetric routing with redundancy. Which two features must be enabled to meet the customer's requirements? (Choose two.)

    HA active/active, Policy-based forwarding

  • 58

    What is the correct behavior when a Palo Alto Networks next-generation firewall (NGFW) is unable to retrieve a DNS verdict from DNS service cloud in the configured lookup time?

    NGFW permit a response from the DNS server.

  • 59

    Which statement best describes the business value of Palo Alto Networks' Zero Touch Provisioning (ZTP)?

    It is designed to simplify and automate the onboarding of new firewalls to the Panorama management server.

  • 60

    When HTTP header logging is enabled on a URL Filtering profile, which attribute-value can be logged?

    X-Forwarded-For

  • 61

    In PAN-OS 10.0 and later, DNS Security allows policy actions to be applied based on which three domains? (Choose three.)

    command and control (C2) , malware , grayware

  • 62

    Which two features are key in preventing unknown targeted attacks? (Choose two.)

    App-ID with the Zero Trust model, WildFire Cloud threat analysis

  • 63

    Which of the following statements is valid with regard to Domain Name System (DNS) sinkholing?

    Infected hosts connecting to the Sinkhole Internet Protocol (IP) address can be identified in the traffic logs.

  • 64

    Which two features can be enabled to support asymmetric routing with redundancy on a Palo Alto Networks next-generation firewall (NGFW)? (Choose two.)

    active / active high availability (HA) , non-SYN first packet

  • 65

    What is an advantage public cloud WildFire has over the private WildFire appliance?

    signatures being available within minutes to protect global users once malware has been submitted

  • 66

    Which two platform components can identify and protect against malicious email links? (Choose two.)

    WildFire appliance, WildFire public cloud

  • 67

    Which action can prevent users from unknowingly downloading potentially malicious file types from the internet?

    Apply a File Blocking profile to Security policy rules that allow general web access.

  • 68

    Which functionality is available to firewall users who have an active Threat Prevention subscription but no WildFire license?

    PE file upload to WildFire

  • 69

    A potential customer requires an NGFW solution that enables high-throughput, low-latency network security and also inspects the application. Which aspect of the Palo Alto Networks NGFW capabilities should be highlighted to help address these requirements?

    single-pass architecture (SPA)

  • 70

    The ability to prevent users from resolving internet protocol (IP) addresses to malicious, grayware, or newly registered domains is provided by which Security service?

    DNS Security

  • 71

    What are two ways to manually add and remove members of dynamic user groups (DUGs)? (Choose two.)

    Tag the user using Panorama or the Web UI of the firewall. , Tag the user through the firewall's XML API.

  • 72

    A customer is starting to understand their Zero Trust protect surface using the Palo Alto Networks Zero Trust reference architecture. What are two steps in this process? (Choose two.)

    Categorize data and applications by levels of sensitivity. , Validate user identities through authentication.

  • 73

    Which task would be included in the Best Practice Assessment (BPA) tool?

    Identify and provide recommendations for device configurations.

  • 74

    Within the Five-Step Methodology of Zero Trust, in which step would application access and user access be defined?

    Step 4: Create the Zero Trust Policy

  • 75

    Which proprietary technology solutions will allow a customer to identify and control traffic sources regardless of internet protocol (IP) address or network segment?

    User-ID and Device-ID

  • 76

    What are two benefits of the sinkhole Internet Protocol (IP) address that DNS Security sends to the client in place of malicious IP addresses? (Choose two.)

    In situations where the internal DNS server is between the client and the firewall, it gives the firewall the ability to identify the clients who originated the query to the malicious domain., The client communicates with it instead of the malicious IP address.

  • 77

    In which step of the Palo Alto Networks Five-Step Zero Trust Methodology would an organization's critical data, applications, assets, and services (DAAS) be identified?

    Step 1: Define the protect surface.

  • 78

    What are three key benefits of the Palo Alto Networks platform approach to security? (Choose three.)

    cost savings due reduction in IT management effort and device consolidation , operational efficiencies due to reduction in manual incident review and decrease in mean time to resolution (MTTR) , increased security due to scalable cloud-delivered security services (CDSS)

  • 79

    A prospective customer currently uses a firewall that provides only Layer 4 inspection and protections. The customer sees traffic going to an external destination, port 53, but cannot determine what Layer 7 application traffic is going over that port. Which capability of PAN-OS would address the customer's lack of visibility?

    App-ID, because it will give visibility into what exact applications are being run over that port and allow the customer to block unsanctioned applications using port 53

  • 80

    Which two statements apply to a Palo Alto Networks NGFW but not to a legacy firewall product? (Choose two.)

    Policy match is based on application. , Identification of application is possible on any port.

  • 81

    Which Security profile on the Next-Generation Firewall (NGFW) includes signatures to protect against brute force attacks?

    Vulnerability Protection profile

  • 82

    Which built-in feature of PAN-OS allows the NGFW administrator to create a policy that provides auto remediation for anomalous user behavior and malicious activity while maintaining user visibility?

    dynamic user groups (DUGs)

  • 83

    A customer is designing a private data center to host their new web application along with a separate headquarters for users. Which cloud-delivered security service (CDSS) would be recommended for the headquarters only?

    Advanced URL Filtering (AURLF)

  • 84

    Which three mechanisms are valid for enabling user mapping? (Choose three.)

    client probing, domain server monitoring, Captive Portal

  • 85

    Which Palo Alto Networks security component should an administrator use to extend NGFW policies to remote users?

    GlobalProtect

  • 86

    What is the default behavior in PAN-OS when a 12 MB portable executable (PE) file is forwarded to the WildFire cloud service?

    PE File is forwarded.

  • 87

    What is an advantage of having WildFire machine learning (ML) capability inline on the firewall?

    It enables the firewall to block unknown malicious files in real time and prevent patient zero without disrupting business productivity.

  • 88

    What is the default behavior in PAN-OS when a 12 MB portable executable (PE) file is forwarded to the WildFire cloud service?

    PE File is forwarded.

  • 89

    What is an advantage of having WildFire machine learning (ML) capability inline on the firewall?

    It enables the firewall to block unknown malicious files in real time and prevent patient zero without disrupting business productivity.

  • 90

    What is the key benefit of Palo Alto Networks single-pass architecture (SPA) design?

    It requires only one processor to complete all the functions within the box.

  • 91

    Which two actions should be taken prior to installing a decryption policy on an NGFW? (Choose two.)

    Ensure throughput will not be an issue. , Determine whether local / regional decryption laws apply.

  • 92

    Access to a business site is blocked by URL Filtering inline machine learning (ML) and considered as a false-positive. How should the site be made available?

    Create a custom URL category and add it on exception of the inline ML profile.

  • 93

    Which two methods are used to check for Corporate Credential Submissions? (Choose two.)

    domain credential filter, IP user mapping

  • 94

    A WildFire subscription is required for which two of the following activities? (Choose two.)

    Use the WildFire Application Programming Interface (API) to submit website links for analysis. , Forward advanced file types from the firewall for analysis.

  • 95

    Which two actions should be taken to provide some protection when a client chooses not to block uncategorized websites? (Choose two.)

    Add a URL-filtering profile with the action set to "Continue" for unknown URL categories attached to Security policy rules that allow web access. , Add a Security policy rule using only known URL categories with the action set to "Allow."

  • 96

    A packet that is already associated with a current session arrives at the firewall. What is the flow of the packet after the firewall determines that it is matched with an existing session?

    It is sent through the fast path because session establishment is not required. If subject to content inspection, it will pass through a single stream-based content inspection engine before egress.

  • 97

    A customer with a fully licensed Palo Alto Networks firewall is concerned about threats based on domain generation algorithms (DGAs). Which Security profile is used to configure Domain Name Security (DNS) to identify and block previously unknown DGA-based threats in real time?

    Anti-Spyware profile

  • 98

    Which two actions can be configured in an Anti-Spyware profile to address command-and-control (C2) traffic from compromised hosts? (Choose two.)

    Alert, Reset

  • 99

    The Palo Alto Networks Cloud Identity Engine (CIE) includes which service that supports Identity Providers (IdP)?

    Directory Sync and Cloud Authentication Service that support IdP using SAML 2.0

  • 100

    A customer worried about unknown attacks is hesitant to enable SSL decryption due to privacy and regulatory issues. How does the platform address the customer's concern?

    It allows a list of websites or URL categories to be defined for exclusion from decryption.

    • 関連する問題集

    ANS-C01_N01

    ANS-C01_N01

    問題数 1682023/11/15