無料2023年最新のPSE-Strata問題集で100%合格保証には最新の サンプル [Q114-Q132]

無料2023年最新のPSE-Strata問題集で100%合格保証には最新の サンプル

準備PSE-Strata問題解答無料更新には100%試験合格保証 [2023]

質問 # 114
Which profile or policy should be applied to protect against port scans from the internet?

• A. Security profiles to security policy rules for traffic sourcing from the untrust zone
• B. Interface management profile on the zone of the ingress interface
• C. An App-ID security policy rule to block traffic sourcing from the untrust zone
• D. Zone protection profile on the zone of the ingress interface

正解：D

質問 # 115
Match the functions to the appropriate processing engine within the dataplane.

正解：

解説：

質問 # 116
XYZ Corporation has a legacy environment with asymmetric routing. The customer understands that Palo Alto Networks firewalls can support asymmetric routing with redundancy.
Which two features must be enabled to meet the customer's requirements? (Choose two.)

• A. Policy-based forwarding
• B. HA active/passive
• C. Virtual systems
• D. HA active/active

正解：A、D

質問 # 117
An administrator wants to justify the expense of a second Panorama appliance for HA of the management layer.
The customer already has multiple M-100s set up as a log collector group.
What are two valid reasons for deploying Panorama in High Availability? (Choose two.)

• A. Ensure management continuity
• B. Control of post rules
• C. Improve log collection redundancy
• D. Control local firewall rules

正解：A、C

質問 # 118
Which selection must be configured on PAN-OS External Dynamic Lists to support MineMeld indicators?

• A. Class
• B. Prototype
• C. Inputs
• D. Feed Base URL

正解：D

質問 # 119
A customer requests that a known spyware threat signature be triggered based on a rate of occurrence, for example, 10 hits in 5 seconds.
How is this goal accomplished?

• A. Submit a request to Palo Alto Networks to change the behavior at the next update
• B. Configure the Anti-Spyware profile with the number of rule counts to match the occurrence frequency
• C. Create a custom spyware signature matching the known signature with the time attribute
• D. Add a correlation object that tracks the occurrences and triggers above the desired threshold

正解：C

質問 # 120
Which decryption requirement ensures that inspection can be provided to all inbound traffic routed to internal application and database servers?

• A. Installation of a trusted root CA certificate on the NGFW and configuration of an SSL Inbound Decryption policy
• B. Configuration of an SSL Inbound Decryption policy using one of the built-in certificates included in the certificate store
• C. Installation of certificates from the application server and database server on the NGFW and configuration of an SSL Inbound Decryption policy
• D. Configuration of an SSL Inbound Decryption policy without installing certificates

正解：C

質問 # 121
Which two methods will help avoid Split Brain when running HA in Active/Active mode? (Choose two.)

• A. Place your management interface in an Aggregate Interface Group configuration
• B. Configure a Backup HA1 Interface
• C. Configure a Heartbeat Backup
• D. Create a loopback IP address and use that as a Source Interface

正解：B、C

解説：
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/high-availability/set-up-activeactive-ha/configure-activeactive-ha.html

質問 # 122
Which three categories are identified as best practices in the Best Practice Assessment tool? (Choose three.)

• A. identify sanctioned and unsanctioned SaaS applications
• B. expose the visibility and presence of command-and-control sessions
• C. use of decryption policies
• D. use of device management access and settings
• E. measure the adoption of URL filters. App-ID. User-ID

正解：A、C、E

質問 # 123
An SE is preparing an SLR report for a school and wants to emphasize URL filtering capabilities because the school is concerned that its students are accessing inappropriate websites.
The URL categories being chosen by default in the report are not highlighting these types of websites.
How should the SE show the customer the firewall can detect that these websites are being accessed?

• A. Create a footnote within the SLR generation tool
• B. Produce the report and edit the PDF manually
• C. Remove unwanted categories listed under "High Risk" and use relevant information
• D. Edit the Key-Findings text to list the other types of categories that may be of interest

正解：C

質問 # 124
The firewall includes predefined reports, custom reports can be built for specific data and actionable tasks, or predefined and custom reports can be combined to compile information needed to monitor network security The firewall provides which three types of reports? (Choose three.)

• A. SNMP Reports
• B. Netflow Reports
• C. PDF Summary Reports
• D. User or Group Activity Reports
• E. Botnet Reports

正解：B、D、E

質問 # 125
A price-sensitive customer wants to prevent attacks on a Windows Virtual Server. The server will max out at 100Mbps but needs to have 45.000 sessions to connect to multiple hosts within a data center Which VM instance should be used to secure the network by this customer?

• A. VM-300
• B. VM-200
• C. VM-50
• D. VM-100

正解：C

質問 # 126
What are the three possible verdicts in WildFire Submissions log entries for a submitted sample? (Choose four.)

• A. Benign
• B. Phishing
• C. Malicious
• D. Spyware
• E. Grayware

正解：A、B、C、E

質問 # 127
Which two components must be configured within User-ID on a new firewall that has been implemented? (Choose two.)

• A. Group Mapping
• B. User Mapping
• C. Proxy Authentication
• D. 802.1X Authentication

正解：A、B

質問 # 128
When HTTP header logging is enabled on a URL Filtering profile, which attribute-value can be logged?

• A. HTTP method
• B. X-Forwarded-For
• C. Content type
• D. HTTP response status code

正解：B

解説：
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/url-filtering/http-header-logging

質問 # 129
A price-sensitive customer wants to prevent attacks on a Windows Virtual Server. The server will max out at
100Mbps but needs to have 45.000 sessions to connect to multiple hosts within a data center Which VM instance should be used to secure the network by this customer?

• A. VM-300
• B. VM-200
• C. VM-50
• D. VM-100

正解：C

質問 # 130
Which built-in feature of PAN-OS allows the NGFW administrator to create a policy that provides autoremediation for anomalous user behavior and malicious activity while maintaining user visibility?

• A. remote device User-ID groups
• B. tagging groups
• C. dynamic address groups (DAGs)
• D. Dynamic user groups (DUGS)

正解：D

質問 # 131
Which two features are found in a Palo Alto Networks NGFW but are absent in a legacy firewall product?
(Choose two.)

• A. Traffic control is based on IP port, and protocol
• B. Traffic is separated by zones
• C. Policy match is based on application
• D. Identification of application is possible on any port

正解：C、D

質問 # 132
......

リアル問題集Palo Alto Networks PSE-Strata試験問題 [更新されたのは2023年]：https://www.jpntest.com/shiken/PSE-Strata-mondaishu