あなたを合格させる試験には100%確認済みPSE-Strata-Associate試験問題
PSE-Strata-Associate問題集PDFでPSE-Strata-Associateリアル試験問題解答
質問 21
Which feature allows a customer to gain visibility and respond to changes in user behavior or potential threats without manual policy changes?
- A. dynamic user groups (DUGs)
- B. User-ID agent
- C. Lightweight Directory Access Protocol (LDAP) sync
- D. dynamic address objects
正解: A
質問 22
Which section of a Security Lifecycle Review (SLR) report summarizes risk exposure by breaking down a detected attack on the network?
- A. Advanced URL Filtering Analysis
- B. Applications that Introduce Risk
- C. SaaS Applications
- D. Threats at a Glance
正解: D
質問 23
Implementation of which PAN-OS feature improves visibility and prevention of malware?
- A. Antivirus profiles
- B. Data Filtering profiles
- C. Decryption profiles
- D. Anti-Spyware profiles
正解: D
質問 24
What are three unique benefits of the Palo Alto Networks Content-ID? (Choose three.) Select 3 Correct Responses
- A. micro-segmenting network traffic based on the unique identification number of the content
- B. enforcing policy control over unapproved web surfing
- C. increasing latency as new threat prevention features are enabled
- D. proactively identifying and defending against unknown, new, or custom malware and exploits
- E. detecting and preventing known and unknown threats in a single pass
正解: B,D,E
質問 25
Which of the following statements applies to enabling App-ID on a Next-Generation Firewall (NGFW)?
- A. No configuration is required, because App-ID is always enabled by default.
- B. An App-ID subscription must be purchased and enabled.
- C. No additional purchase is required, but App-ID must be enabled for the customer to use it.
- D. A Threat Protection license must be purchased and enabled.
正解: A
質問 26
A firewall enabled as a decryption broker will take which of the following actions?
- A. correlate a series of related threat events that indicate a likely compromised host on the network
- B. identify potential denial-of-service (DoS) attacks and take protective action
- C. forward clear text traffic to security chains for additional enforcement
- D. monitor the state of active connections to determine which network packets to allow through
正解: A
質問 27
Which two Cloud-Delivered Security Services (CDSS) would be appropriate for an organization that wants to secure internet traffic on a perimeter firewall? (Choose two.) Select 2 Correct Responses
- A. SD-WAN
- B. WildFire
- C. Advanced URL Filtering (AURLF)
- D. Autonomous Digital Experience Management (ADEM)
正解: B,C
質問 28
What file is needed from a firewall to generate a Security Lifecycle Review (SLR) report when creating the SLR?
- A. system process core file
- B. Panorama plugin registration file
- C. stats dump file
- D. tech support file
正解: C
質問 29
A customer has enabled the Threat Prevention subscription on their Palo Alto Networks Next-Generation Firewall.
How will the performance of the firewall be affected if the customer also enables both WildFire and User-ID?
- A. Enabling User-ID will have no additional performance impact, but enabling WildFire will reduce throughput.
- B. Enabling WildFire will have no additional performance impact, but enabling User-ID will reduce throughput.
- C. There will be no additional performance impact to the firewall, and throughput will remain the same, regardless of firewall model.
- D. The maximum throughput performance will be reduced, but the impact will vary based on the firewall model being used.
正解: C
質問 30
Which two of the following are benefits of the Palo Alto Networks Zero Trust architecture? (Choose two.) Select 2 Correct Responses
- A. increased detection of threats and infiltration
- B. more network segments
- C. cloud-based virtual private network (VPN)
- D. tighter access control
正解: A,D
質問 31
The ability of a Next-Generation Firewall (NGFW) to logically group physical and virtual interfaces and then control traffic based on that grouping is known as what?
- A. security profile groups
- B. DHCP groups
- C. security zones
- D. LLDP profiles
正解: C
質問 32
To use App-ID effectively in Security policies, which three best practices should be followed? (Choose three.) Select 3 Correct Responses
- A. Whenever possible, enable App-ID override.
- B. Use phased transition to safely enable applications.
- C. Use Policy Optimizer to migrate to an application-based policy.
- D. Use Expedition to migrate a port-based policy to PAN-OS.
- E. After the application is specified in policy, set the 7 service to "any".
正解: B,C,D
解説:
Explanation
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/2142345/original/inde x.html?_courseId=854529#/page/60ae7d9f1b558f0b3aa50e6e
質問 33
Which Palo Alto Networks product offers a centrally managed firewall update process?
- A. Prisma SaaS
- B. WildFire
- C. SD_WAN
- D. Panorama
正解: D
質問 34
Which two of the following are ways that Palo Alto Networks CloudDelivered Security Services (CDSS) use confidential information collected from users? (Choose two.) Select 2 Correct Responses
- A. verification of applicant statements
- B. verification of entitlements
- C. attack retaliation attribution
- D. legal compliance
正解: A,D
質問 35
......
PSE-Strata-Associate問題集100合保証には最新のサンプル:https://www.jpntest.com/shiken/PSE-Strata-Associate-mondaishu