Special Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

PSE-Strata-Pro-24 Palo Alto Networks Systems Engineer Professional - Hardware Firewall Questions and Answers

Questions 4

An existing customer wants to expand their online business into physical stores for the first time. The customer requires NGFWs at the physical store to handle SD-WAN, security, and data protection needs, while also mandating a vendor-validated deployment method. Which two steps are valid actions for a systems engineer to take? (Choose two.)

Options:

A.

Recommend the customer purchase Palo Alto Networks or partner-provided professional services to meet the stated requirements.

B.

Use Golden Images and Day 1 configuration to create a consistent baseline from which the customer can efficiently work.

C.

Create a bespoke deployment plan with the customer that reviews their cloud architecture, store footprint, and security requirements.

D.

Use the reference architecture "On-Premises Network Security for the Branch Deployment Guide" to achieve a desired architecture.

Buy Now
Questions 5

Which statement appropriately describes performance tuning Intrusion Prevention System (IPS) functions on a Palo Alto Networks NGFW running Advanced Threat Prevention?

Options:

A.

Leave all signatures turned on because they do not impact performance.

B.

Create a new threat profile to use only signatures needed for the environment.

C.

Work with TAC to run a debug and receive exact measurements of performance utilization for the IPS.

D.

To increase performance, disable any threat signatures that do not apply to the environment.

Buy Now
Questions 6

A company has multiple business units, each of which manages its own user directories and identity providers (IdPs) with different domain names. The company’s network security team wants to deploy a shared GlobalProtect remote access service for all business units to authenticate users to each business unit's IdP.

Which configuration will enable the network security team to authenticate GlobalProtect users to multiple SAML IdPs?

Options:

A.

GlobalProtect with multiple authentication profiles for each SAML IdP

B.

Multiple authentication mode Cloud Identity Engine authentication profile for use on the GlobalProtect portals and gateways

C.

Authentication sequence that has multiple authentication profiles using different authentication methods

D.

Multiple Cloud Identity Engine tenants for each business unit

Buy Now
Questions 7

As a team plans for a meeting with a new customer in one week, the account manager prepares to pitch Zero Trust. The notes provided to the systems engineer (SE) in preparationfor the meeting read: "Customer is struggling with security as they move to cloud apps and remote users." What should the SE recommend to the team in preparation for the meeting?

Options:

A.

Lead with the account manager pitching Zero Trust with the aim of convincing the customer that the team's approach meets their needs.

B.

Design discovery questions to validate customer challenges with identity, devices, data, and access for applications and remote users.

C.

Lead with a product demonstration of GlobalProtect connecting to an NGFW and Prisma Access, and have SaaS security enabled.

D.

Guide the account manager into recommending Prisma SASE at the customer meeting to solve the issues raised.

Buy Now
Questions 8

A current NGFW customer has asked a systems engineer (SE) for a way to prove to their internal management team that its NGFW follows Zero Trust principles. Which action should the SE take?

Options:

A.

Use the "Monitor > PDF Reports" node to schedule a weekly email of the Zero Trust report to the internal management team.

B.

Help the customer build reports that align to their Zero Trust plan in the "Monitor > Manage Custom Reports" tab.

C.

Use a third-party tool to pull the NGFW Zero Trust logs, and create a report that meets the customer's needs.

D.

Use the "ACC" tab to help the customer build dashboards that highlight the historical tracking of the NGFW enforcing policies.

Buy Now
Questions 9

What is used to stop a DNS-based threat?

Options:

A.

DNS proxy

B.

Buffer overflow protection

C.

DNS tunneling

D.

DNS sinkholing

Buy Now
Questions 10

The efforts of a systems engineer (SE) with an industrial mining company account have yielded interest in Palo Alto Networks as part of its effort to incorporate innovative design into operations using robots and remote-controlled vehicles in dangerous situations. A discovery call confirms that the company will receive control signals to its machines over a private mobile network using radio towers that connect to cloud-based applications that run the control programs.

Which two sets of solutions should the SE recommend?

Options:

A.

That 5G Security be enabled and architected to ensure the cloud computing is not compromised in the commands it is sending to the onsite machines.

B.

That Cloud NGFW be included to protect the cloud-based applications from external access into the cloud service provider hosting them.

C.

That IoT Security be included for visibility into the machines and to ensure that other devices connected to the network are identified and given risk and behavior profiles.

D.

That an Advanced CDSS bundle (Advanced Threat Prevention, Advanced WildFire, and Advanced URL Filtering) be procured to ensure the design receives advanced protection.

Buy Now
Questions 11

Which two actions should a systems engineer take when a customer is concerned about how to remain aligned to Zero Trust principles as they adopt additional security features over time? (Choose two)

Options:

A.

Turn on all licensed Cloud-Delivered Security Services (CDSS) subscriptions in blocking mode for all policies.

B.

Apply decryption where possible to inspect and log all new and existing traffic flows.

C.

Use the Best Practice Assessment (BPA) tool to measure progress toward Zero Trust principles.

D.

Use the Policy Optimizer tool to understand security rules allowing users to bypass decryption.

Buy Now
Questions 12

Which two methods are valid ways to populate user-to-IP mappings? (Choose two.)

Options:

A.

XML API

B.

Captive portal

C.

User-ID

D.

SCP log ingestion

Buy Now
Questions 13

A company with Palo Alto Networks NGFWs protecting its physical data center servers is experiencing a performance issue on its Active Directory (AD) servers due to high numbers of requests and updates the NGFWs are placing on the servers. How can the NGFWs be enabled to efficiently identify users without overloading the AD servers?

Options:

A.

Configure Cloud Identity Engine to learn the users' IP address-user mappings from the AD authentication logs.

B.

Configure an NGFW as a GlobalProtect gateway, then have all users run GlobalProtect Windows SSO to gather user information.

C.

Configure data redistribution to redistribute IP address-user mappings from a hub NGFW to the other spoke NGFWs.

D.

Configure an NGFW as a GlobalProtect gateway, then have all users run GlobalProtect agents to gather user information.

Buy Now
Questions 14

In addition to DNS Security, which three Cloud-Delivered Security Services (CDSS) subscriptions are minimum recommendations for all NGFWs that handle north-south traffic? (Choose three)

Options:

A.

SaaS Security

B.

Advanced WildFire

C.

Enterprise DLP

D.

Advanced Threat Prevention

E.

Advanced URL Filtering

Buy Now
Questions 15

The PAN-OS User-ID integrated agent is included with PAN-OS software and comes in which two forms? (Choose two.)

Options:

A.

Integrated agent

B.

GlobalProtect agent

C.

Windows-based agent

D.

Cloud Identity Engine (CIE)

Buy Now
Questions 16

Which two tools should a systems engineer use to showcase the benefit of an evaluation that a customer has just concluded?

Options:

A.

Best Practice Assessment (BPA)

B.

Security Lifecycle Review (SLR)

C.

Firewall Sizing Guide

D.

Golden Images

Buy Now
Questions 17

What does Policy Optimizer allow a systems engineer to do for an NGFW?

Options:

A.

Recommend best practices on new policy creation

B.

Show unused licenses for Cloud-Delivered Security Services (CDSS) subscriptions and firewalls

C.

Identify Security policy rules with unused applications

D.

Act as a migration tool to import policies from third-party vendors

Buy Now
Questions 18

With Strata Cloud Manager (SCM) or Panorama, customers can monitor and manage which three solutions? (Choose three.)

Options:

A.

Prisma Access

B.

Prisma Cloud

C.

Cortex XSIAM

D.

NGFW

E.

Prisma SD-WAN

Buy Now
Exam Code: PSE-Strata-Pro-24
Exam Name: Palo Alto Networks Systems Engineer Professional - Hardware Firewall
Last Update: Apr 2, 2025
Questions: 60

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now PSE-Strata-Pro-24 testing engine

PDF (Q&A)

$36.75  $104.99
buy now PSE-Strata-Pro-24 pdf