Palo Alto PSE Strata Professional
Which 2 profile types can block a C2 channel? (Choose 2.) a) Anti-Spyware b) Certification c) Command and Control d) Decryption e) URL Filtering
Anti-spyware; URL Filtering
Which of the following tools uses a file from an org's existing firewall or Panorama to assess and report on their security feature and capability adoption and results in a report and heatmap? - BPA - PPA - Skillet - Capture the Flag
BPA Heatmaps shows App-ID, User-ID, service and port adoption- they show the current state w/ respect to feature use
What would you recommend for a prospect or new customer that is looking for quality assurance? - BPA - PPA - Skillet - Capture the Flag
BPA w/ Heatmaps
Which tool requires a file from the customer's firewall or from Panorama and shows the customer's feature capability adoption? - BPA - PPA - Skillet - Capture the Flag
BPA w/ Heatmaps; it shows what's been done during the deployment and what still needs to be done to meet the deployments SoW
Which of the following is not a UTD? - NGFW - Threat Prevention - Virtualized data center - Migration Process - AEP - VM-Series for AWS - CASB
CASB doesn't have a UTD offering yet
The CEO is concerned that employees are using too much of the organization's bandwidth for YouTube, thus causing a performance problem. Which section of the SLR confirms or allays this concern? a) High-Risk Applications b) Bandwidth Consumed by Applications c) Categories Consuming the Most Bandwidth d) Categories with the Most Applications
Categories consuming the most bandwidth
Which Palo product directly protects corporate laptops when people use them from home? a) next-generation firewall b) Cortex XDR Prevent (AEP) c) Panorama d) WildFire
Cortex XDR Prevent
Which of the following methods does Wildfire NOT use? - Static analysis - Machine learning - DEP - Dynamic Unpacking - Dynamic Analysis - Bare metal Analysis
DEP; dynamic unpacking (in cloud) identifies and unpacks files that have been encrypted using custom or open source methods and prepares it for static analysis
Which of the following is Not included in the Wildfire Analysis Center? a) sandbox based analysis inspects more than 80 malicious behaviors b) Generates detailed forensics report c) DNS filtering d) Creates AV & C2 signatures
DNS filtering isn't included in Wildfire
Which of the following is Not nest practice to include on a FW BOM? - Pairs to Support HA - Wildfire - Threat Prevention - DoS Protection - PAN_DB - DNS Security Service - Support License
DoS Protection isn't needed on the BOM as its included in the FW
Which of the following tools assist in migration from competitive firewalls? - BPA - PPA - Expedition - Skillet
Expedition- it guides the conversation from port and protocol rules to application rules- it ensures that security profiles for AV, vulnerability scanning, and C2 are included w/in the config
What tool's main purpose is to help reduce the time and effort involved in migrating a configuration from one of the supported security vendors to Palo?
Expedition; the tool analyzes an existing environment to convert existing policies to those used by Palo
T or F? Wildfire makes extensive use of the PANW User-ID tech by identifying file transfers w/in all apps, not just in email attachments or browser based files downloads
F; Wildfire does this w/ App-ID
What would you use for an existing customer w/ a change in personnel or dark accounts? (Pick 2) - BPA - SLR - Skillet - Capture the Flag
Heatmaps & SLR
A potential customer has many satellite offices, each of which is connected to the internet using a 250Mbps link. The customer requirements include threat prevention for all the traffic. Which model is recommend to be deployed in those offices to fulfill these requirements, assuming a reduction in network capacity is unacceptable and cost is a concern? a) PA-100 b) PA-500 c) PA-2020 d) PA-3020
PA-3020
A price-sensitive customer requires 300,000 connections per second. Which firewall model should they purchase? a) PA-220 b) PA-3250 c) PA-5280 d) PA-7080
PA-5280
What does this SKU represent? PAN-SVC-PREM-TAM
PAN Premium Technical Account Management, Year 1
Which of the following tools is a Q&A session meant to determine how a customer wants to change their security environment? - BPA - PPA - Skillet - Capture the Flag
PPA (Prevention Posture Assessment)
What are the 4 main tools that should be used in the sales cycle? - PPA (Prevention Posture Assessment) - BPA - SLR - SKillet - Migration Tool: Expedition
PPA, BPA, SLR, Expedition
Which tool is used to provide a starting point for exploring a customer's current and future security posture and consists of about 80 questions? - BPA - PPA - Skillet - Capture the Flag
PPA; 15- to 20-pg report that describes the customer's current security prevention status, and it typically defines a roadmap for the next 12 to 18 months to help them to their desired security posture
Which 2 success tools are most appropriate for a prospective customer that is using a competitor's offerings but has no security prevention strategy? (Choose 2) a) Expedition b) Prevention Posture Assessment c) Security Lifecycle Review d) Best Practice Assessment with Heatmaps e) Data Center Segmentation Strategy Analyzer
PPA; SLR
Which of the following is NOT true about Cortex XDR? -It accesses logs through PAN Cortex Data Lake -It maintains profiles of users and devices -It has remediation capabilities -It was the 1st app in Cortex (Magnifier) -It uses other PAN SW to help its analytics and reporting functions -Cortex XDR Prevent, Pathfinder, Directory Sync helps behavioral analysis and provides context for alert analysis
There are no remediation capabilities yet
Which of the following is not a primary function of expedition? - 3rd party migration - Adoption of App-ID - Optimization (BPA) - Consolidation - Threat Scan - Centralized mgmt w/ Panorama - Auto-zoning = Customized response pages
Threat scan is not a primary function
T or F? Autofocus is a PANW TI service, accelerates analysis and response efforts for the most damaging, unique, and targeted attacks
True
T or F? Subscriptions must be purchased for both devices in an HA pair
True; but the SKus are not identical and they are discounted in the 2nd device (they have an HA2 suffix on the SKU)
T or F? Cortex XDR/ Magnifier is a cloud based network security device that natively integrates network, endpoint, and cloud data to detect and report on post intrusion threats
True; its a behavior analytics tools
Which component of Palo Alto Networks public cloud security solution protects against C2 communications in an AWS environment? a) Prisma Public Cloud b) Cortex XDR Prevent c) Prisma SaaS d) VM-Series
VM-Series
Which is Not a requirement consideration for firewalls? -Position in the customer's environment -Required FW throughput, capacity, and capabilities -Vendor Insurance Policy -High Availability
Vendor insurance policy isn't considered; SKUS are specified for Threat prevention, Wildfire, PAN_DB URL, DNS subscriptions
Which of the following is Not one of the methods used by URL filtering and pattern matching (content based) to stop C2 attacks? - URL Matches - Virus Total Matches - Vulnerability Matches - Botnet & C2 Matches - Filetype Matches - Data MAtches - Malware Matches
Virtus Total isn't explicitly listed as a method used in the report and enforce policy for C2 detection
Which source does Not contribute to Cortex XDR? -FW logs -Prisma Access logs -Directory Sync data sent to Cortex Hub -Pathfinder data -Virustotal logs
Virustotal logs are not included as part of Cortex XDR; Cortex XDR uses directory sync data sent to Cortex hub rather than cortex data lake and uses pathfinder data that is sent to Cortex XDR apps
In wildfire, what actions are taken if a file is obfuscated using customer or open source methods?
Wildfire cloud decompresses and decrypts the file in memory within the dynamic analysis environment before analyzing it using static analysis
Should a Cortex XDR Prevent agent be installed on desktop PCs that stay behind the corporate firewall? a) No, b/c they are protected by the fw b) Yes, b/c sometimes people take desktops from behind the corporate fw home to work, and corporation might properly deploy Prisma Access to extend the fw's protection to mobile users c) Yes, b/c a network connection from a desktop PC behind the corp fw could bypass the corp fw d) Yes, b/c malware and exploit files might be able to traverse the network before they are identified by WildFire, and file propagation methods such as the use of USB drives bypass the fw
Yes b/c malware and exploit files might be able to traverse the network before they are identified by Wildfire, and file propagation methods such as the use of USB drives bypass the fw
The fw of a defense contractor is not connected to the internet. However, it is connected to the classified SIPRNet. The contractor is concerned about getting malware files through that network. Can this defense contractor use the WildFire service for protection? a) No, b/c there is no network path to the WildFire cloud. b) No, b/c all SIPRNet files are encrypted. c) Yes, but only for PE-type file analysis. d) Yes, they can use a WF-500 appliance.
Yes, they can use a WF-500 appliance
The customer wants a monthly report of the number of connections (of a particular application) per day. Where do you specify that the report is by days? a) Query Builder b) "Group By" field c) "Order By" field d) "Time Frame" field
b) Group by field
Which information does Tanium get from WildFire? a) none; it provides information to WildFire b) indicators of compromise (IoCs) c) hashes of malware for EXE and MSI files d) hashes of malware for APK files
b) IOCs
Which kind of attack cannot be stopped by the PAN Security Operating Platform? a) attacks through SaaS aps, such as exfiltration through Box b) attacks that do not cross the firewall, regardless of source or destination c) attacks based on social engineering that mimic normal user behavior d) denial-of-service attacks from a trusted source e) intrazone attacks, regardless of source or destination
c) attacks based on social engineering that mimic normal user behavior
Can you get WildFire functionality without an internet connection? a) no b) yes, using a WF-400 appliance c) yes, using a WF-500 appliance d) yes, using a WF-600 appliance
c) yes, using a WF-500 appliance
Which option is an example of how the NGFW can provide visibility & enforcement around SaaS applications? a) Through partnership with SaaS application vendors, special virtual firewalls that support a subset of full firewall functionality are used inside the SaaS applications themselves. b) A built-in default security rule in the firewall blocks dangerous SaaS applications based on an automatically updated database of dangerous SaaS applications. c) Built-in default functionality in the firewall sends all files sent or received by SaaS applications to WildFire. d) The firewall can filter SaaS applications based on whether they comply with industry certifications such as SOC1, HIPAA, and FINRAA.
d) NGFW can filter SaaS apps based on whether they comply w/ industry certs like SOC1, HIPAA, & FINRAA
The customer wants a monthly connections report for a particular application to be generated based on hourly activity. Where is this setting specified? a) Query Builder b) "Group By" field c) "Sort By" field d) "Time Frame" field
"Group By" Field
Which of the following is Not a major feature of the PAN operating platform that enables the prevention of successful cyberattacks? - Natively integrated technologies - Automated creation & delivery of protection mechanisms - API Integrations - Extensibility & Flexibility - Threat Intelligence Sharing
- API integrations isn't considered to be 1 of the 4 major features
What does this SKU represent? PAN-SVC-4HR-XXXX
4 Hr Premium Support (HW Replacement)
Which of the following is NOT included in a SaaS risk assessment report: - provides a summary of key findings - Lists FISMA template - summarizes info about policy violations - captures how sensitive content is exposed - lists top domains w/ which your users are sharing files - identifies users with the most incidents - enumerates the most popular file types and incidents per file type across managed cloud applications
A SaaS risk assessment report doesn't list FISMA specific items
An author of malware buys 5 new domain names each week and uses those domains for C2. How does that practice affect a botnet report for the network the malware is attacking? a) It helps disguise the malware. b) It fails to disguise the malware because access to new domains (registered in the last week) is counted as suspicious. c) It fails to disguise the malware because access to new domains (registered in the last 30 days) is counted as suspicious. d) It fails to disguise the malware because access to new domains (registered in the last 60 days) is counted as suspicious.
It fails to disguise the malware b/c access to new domains (registered in the last 30 days) is counted as suspicious
How many predefined reports is the firewall able to generate everyday?
More than 40
WildFire functionality is like that of a sandbox. Is the statement an accurate description? - Yes, WildFire functionality is exactly that of a virtual sandbox in the cloud, provided to test applications that customers run in the cloud. - No, WildFire does not supply sandbox functionality, although it competes with products that do. - No, WildFire provides dynamic analysis, machine learning, and other techniques along with sandbox functionality. - Yes, WildFire provides all its functionality as part of its virtual-physical hybrid sandbox environment.
No, WildFire provides dynamic analysis, machine learning, and other techniques along with sandbox functionality.
Wildfire functionality is like that of a sandbox. Is the statement an accurate description? - Yes, wildfire functionality is exactly that of a virtual sandbox in the cloud, provided to test apps that customers run in the cloud - No, wildfire does not supply sandbox functionality, although it competes w/ products that do - No, wildfire provides dynamic analysis, machine learning and other techniques along w/ sandbox functionality - Yes, wildfire provides its functionality as part of its virtual physical hybrid sandbox
No, wildfire provides dynamic analysis, machine learning and other techniques along w/ sandbox functionality
Which of the following App-ID ACC filters was Not introduced in PAN-OS 9.0? - data breaches - OWASP Score - poor terms of service - no certifications - poor financial viability - IP based restrictions
OWASP score isn't one of the new unfavorable hosting characteristics available for filtering in ACC (application command center)
What does this SKU represent? PAN-PA-XXX-OSS
On site spare unit does Not include any subscription or support, license/subscriptions must be transferred from original device
Which 2 steps are essential parts of the PPA process? (Choose 2) a) a structured interview with the customer about their security prevention capabilities b) upload of a file generated by the customer's firewall capturing the threats they are facing c) a report to the customer about how to improve their security posture a discussion about expectations of threat prevention in a proof-of-concept
PPA= Prevention Posture Assessment; a structured interview w/ the customer about their security prevention capabilities; a report to the customer about how to improve their security posture
What does this SKU represent? PAN-SVC-BKLN-XXXX
Partner enabled premium support year 1, PA-XXXX
You can receive regularly scheduled reports in which 2 ways? (Choose 2) a) Retrieve the reports from the Palo Alto Networks web-based user interface. b) Upload the report to a document repository using FTP. c) Configure automatic email delivery for regularly scheduled reports. d) Configure automatic printing to the office printer. e) Upload the report to the domain's document repository using a shared drive.
Retrieve the reports from PAN web based user interface; Configure automatic email delivery for regularly scheduled reports
Which of the following requires separate subscription on top of a FW? -Data filtering -File blocking -DoS Protection -PAN_DB URL -Zone Protection -Fwd'ing PE files to the Wildfire Cloud
SKUS are specified for Threat prevention, Wildfire, PAN_DB URL, DNS subscriptions
Which option is not a feature of Expedition? a) policy migration b) auto-zoning c) adoption of App-ID d) Best Practice Assessment Tool e) Security Lifecycle Review
SLR
Which tool uses a Stats Dump file collected from a customer's fw to examine all the apps that are running in the customer's environment, all the SaaS apps that the customer is using, all the known viruses and vulnerabilities that they have? - BPA - PPA - SLR - Skillet
SLR
Which tool looks at a stat dump file to determine all apps running in the customer's network, SaaS apps whose data passes through the fw, and threats? - BPA - SLR - Skillet - Capture the Flag
SLR is used for ongoing measurement and assessment
What would you recommend for a prospect using a competitor and are looking to reassess? (Pick 2) - SLR - PPA - Skillet - Capture the Flag
SLR w/ PPA
What component does Not contribute to enforcement in the public cloud? -Fws/VM-Series provide inline security and protect and segment traffic coming into apps -Host (Traps/Cortex XDR Prevent) agent secures OS and App w/in workloads -Sandboxing -API (Prisma SaaS; Prisma Public Cloud) Continuous security and compliance
Sandboxing isn't a specific component that's highlighted for offering visibility and enforcement w/ public cloud
What time are scheduled reports executed/sent on the firewall?
Scheduled reports are executed starting at 2am, email delivery starts after all scheduled reports have been generated
T or F? Prisma SaaS looks across all user, folder, and file activity within sanctioned SaaS apps, thus providing detailed analysis and analytics about use without requiring any additional hardware, software, or network changes
T :)
T or F? the PA-700 generation-two log processing modules do Not store logs locally, and NGFWs using those modules don't provide local ACC functionality
T- local ACC functionality depends on locally stored logs. ACC functionality for those NGFWs is available through Panorama
Which interface mode do you use to generate the Stats Dump file that can be converted into an SLR? Assume that you want to make the evaluation as non-intrusive as possible. a) Tap b) virtual wire c) Layer 2 d) Layer 3
Tap is the most non intrusive methods
When a cloud deployment is secured, which role does NGFW play? a) A member of the VM-Series is attached to each VM in the cloud environment, to stop malware, exploits, and ransomware before they can compromise the virtual systems they are attached to. b) The NGFW exports its Security policy through Panorama, which in turn distributes that policy to the cloud based Prisma SaaS service that enforces the NGFW Security policy against each VM used in the cloud environment. c) The NGFW exports its Security policy to WildFire, which lives in the cloud and enforces the NGFW Security policy throughout the cloud environment. d) The NGFW is used to consistently control access to apps & data based on user credentials & traffic payload content for private or public cloud, internet, data center, or SaaS apps.
d) NGFW is used to consistently control access to apps and data based on user credentials and traffic payload content for private or public cloud, internet, data center, or SaaS apps
Which fully populated firewall has the highest file forwarding capacity through its data ports? a) VM-100 b) PA-200 c) PA-5280 d) PA-7080
d) PA-7080
Autofocus can't perform which action? a) distinguish btw attacks that attempt to exfiltrate data (violate confidentiality) and attacks that attempt to modify it (violate integrity) b) display the processes started by specific malware c) display the network connections used by specific malware d) distinguish btw commodity attacks and ATPs directed against the customer's org or industry
distinguish btw attacks that attempt to exfiltrate data (violate confidentiality) and attacks that attempt to modify it (violate integrity)
Which 2 elements of the NGFW does the NGFW UTD show potential customers? (Choose 2) a) how to set up NGFW for the first time b) how to modify the Security policy c) how to view log entries and reports d) how to migrate from a different firewall to NGFW e) how to integrate with Advanced Endpoint Protection
how to modify the security policy; how to view log entries and reports
Which file types are not supported as an upload sample for file upload by wildfire from the wildfire.paloaltonetworks.com/wildfire/upload page? - ios applications - Android apps - Windows apps - MSFT excel files
ios applications
Which products describe the components of the Palo Alto Networks Security Operating Platform that contribute to endpoint security? a) Cortex XDR Prevent and the next-generation firewall b) WildFire and Cortex XDR Prevent c) Cortex XDR Prevent, WildFire, and the next-generation firewall d) next-generation firewall, Prisma Access, Cortex XDR Prevent, and WildFire
next-generation firewall, Prisma Access, Cortex XDR Prevent, and WildFire
What can the SaaS Risk Assessment Report show? a) sensitive content shared with untrusted users b) weak decryption policies employed for credential storage c) motion picture copyright violations d) unusual patterns of allowed data access
sensitive content shared w/ untrusted users
Which step is required to ensure that web storage is not used to exfiltrate sensitive data from an enterprise that must use web storage to collaborate with business partners? a) disconnect from the internet b) configure a local shared drive and use that instead of web storage c) install AEP/ Cortex XDR d) use the firewall to forbid uploads to other web storage instances
use the fw to forbid uploads to other web storage instances