Test - Palo Alto Networks Accredited Systems Engineer (PSE):

Platform Associate Accreditation Exam

PSE Platform Associate

Question 1 of 30.

In an attack intended to exfiltrate data, the attack's first landing in the target network is not its target server.
Which three steps are likely to be part of the continuation of that attack? (Choose three.)

accessing sensitive servers

probing the network

obtaining credentials

denial of service

Mark for follow up

Question 2 of 30.

What does the Logging Service do?

tracks all firewall uses of logs including log export to syslog, email servers, Panorama, SNMP, and HTTP
servers

feeds network Security logs and Endpoint Protection logs into a data lake that is used by applications in the
Application Framework

logs and tracks operational errors that occur in any firewalls in a single environment and provides a report
of those errors to Panorama

collects logs from all firewalls in a deployment, reformats them, and provides them to the firewall running
the service

Mark for follow up

Question 3 of 30.

Which demo would you present to showcase abnormalities in network traffic?

Traps

Magnifier

firewall

Best Practices Analysis Report

Question 4 of 30.

Which three SLR findings are commonly discussed with customers? (Choose three.)

use of encrypted traffic

access of malicious, newly registered, or inappropriate websites

social media usage

sensitive data in traffic

presence of lateral port scans

Mark for follow up

Question 5 of 30.

What does a BPA adoption Heatmap show?

the rules of a particular firewall that are hit most often

the feature sets of a particular firewall that actually are used

the feature sets of a particular firewall that are currently licensed

the distribution of traffic among firewall ports

Mark for follow up

Question 6 of 30.

A customer evolving its computing from on-premises through private cloud, public cloud, and SaaS computing
has which three main security challenges? (Choose three.)

Security cannot be made consistent across the different places applications are deployed.

If they keep remnants from each step in their evolution, the resulting security architecture can be so
fragmented that is impossible to operate.

Security processes in the cloud environment cannot be automated so the benefits of cloud computing
cannot be fully leveraged.

With manual processes, managing policy and investigating incidents across multiple cloud environments
and various tools can be difficult.

With cloud computing, small human errors can result in sensitive data being exposed to scripts and bots
that scan the internet for public leaks.

Mark for follow up

Question 7 of 30.

Which action or configuration contributes to positive enforcement?

defining zones according to business needs to access those zones

configuring a rule that allows traffic only for specific applications to reach a zone

configuring a security profile that logs all spyware.

Mark for follow up

Question 8 of 30.

How does Magnifier identify behavioral anomalies?

comparing customer behavior to known behaviors found in environments with good security hygiene

comparing customer traffic behavior to a huge database of that customer’s competitors’ traffic behavior

comparing new traffic and host profile data to a baseline of normal customer¬-specific activity built by
analyzing collected data over 30 days and

comparing customer behavior with a current list of abnormal behavior

comparing differences among data from Traps, Aperture, the next¬-generation firewall, and GlobalProtect
agents

Mark for follow up

Question 9 of 30.

What is the difference between a BPA Report for a registered opportunity and a report without a registered
opportunity?

Reports for registered opportunities are based on Tech Support Files and reports outside of registered
opportunities are based on Prospect Tech Support Files.

There is no difference between the two reports.

The report for a registered opportunity is free, but there is a fee for generating a report when there is no
registered opportunity.

Reports for registered opportunities include information about licensing entered when the opportunity was
registered.

Mark for follow up

Question 10 of 30.

Which feature or option helps find the security rule that allowed traffic from a particular application at a particular
time?

WildFire® verdict

Aperture SaaS Risk Assessment Report

BPA heatmap

log at NGFW Monitor > Traffic

Question 11 of 30.

Which comparison does a BPA Report present?

customer breaches against those that would be blocked by a properly licensed and configured firewall

a customer's NGFW configuration against best practices

a customer's configuration against the results of a customer interview

signatures in the firewall against signatures available from WildFire®

Mark for follow up

Question 12 of 30.

A BPA Heatmap is filtered by source and destination zone. What does this mean for the Heatmap display?

Security rules in the Heatmap's firewall will be reconfigured to limit traffic to the specified source and
destination.

Profile adoption will be shown only for rules with that source and destination.

Traffic shown will be limited to the specified source and destination.

The virtual router in the Heatmap's firewall will route traffic from the specified source to the specified
destination.

Mark for follow up

Question 13 of 30.

To configure a firewall for SLR data collection, how is the data to be logged specified?

from Monitor > Manage Custom Reports on the firewall web interface

by a Security Policy rule on the firewall

with an ACL on the customer switch SPAN port

from the Partner Portal or Support Portal

Mark for follow up

Question 14 of 30.

Which demo of the Palo Alto Networks Security Operating Platform can show a customer how to determine who
has access to a certain Box cloud storage file?

Traps

BPA

NGFW
 Aperture

Mark for follow up

Question 15 of 30.

What is the correct order of activity to create an SLR report?

upload Stats Dump file, access the Partner Portal, select the Opportunity, provide Report Input Filters

upload Stats Dump file, click TRACK DEALS, select the Opportunity, provide Account Information, provide
Report Input Filters

access the Partner Portal, select Opportunity, click TRACK DEALS, upload Stats Dump file, provide
Account Information

access the Partner Portal, click TRACK DEALS, provide Report Input Filters, upload Stats Dump file

Mark for follow up

Question 16 of 30.

For Tap mode installation of an NGFW to collect data for an SLR, where is the NGFW placed?

between an internal database server and its backup server

off a SPAN port of a firewall that will be the competition for the NGFW

off a SPAN port of a switch that sees all north-south traffic of the network to be reviewed

between the internet and existing perimeter security competitive firewalls

Mark for follow up

Question 17 of 30.

Which three options are firewall configuration steps to prepare for SLR data collection? (Choose three.)

From Device > Setup > Services, edit DNS settings and set the update server to
updates.paloaltonetworks.com.

From Objects > Security Profiles > Antivirus, edit the Antivirus Profile and set its WildFire® action to "reset
both" for all decoders.

Receive license keys from the license server.

From Device > Setup > Services, edit DNS settings and set the update server to the address of one of the
existing firewalls.

From Device > Setup > Interfaces > Management, edit Management Interface Settings and add an address
and default gateway.

Mark for follow up

Question 18 of 30.
Which configuration step is part of setting up the firewall to collect data for an SLR?

From Network > Interfaces, add a new SLR interface.

From Network > Virtual Routers, add a static route from the interface connected to the switch to the default
gateway.

From Policies > Security, add a security policy that blocks all traffic.

From Network > Interfaces, open an interface and set its Interface Type to Tap.

Mark for follow up

Question 19 of 30.

Which option best describes the role of App-¬ID in Palo Alto Networks NGFW security policy?

The firewall automatically disallows a competitor’s applications for security reasons.

App-¬ID is the firewall’s way of identifying which user’s traffic is associated with an application.

App-¬ID allows administrators to rename standard applications with internal nicknames.

Application recognition is considered as part of the NGFW security rule matching process.

Mark for follow up

Question 20 of 30.

Which part of the Palo Alto Networks Security Operating Platform helps customers accelerate their consumption
of innovative cloud security offerings?

Application Framework

Magnifier

Generation Alpha Firewall

Aperture

Mark for follow up

Question 21 of 30.

What are two ways attackers hide themselves? (Choose two.)

use of brute force attacks

use permitted applications

use known exploits against known vulnerabilities

use legitimate credentials

Mark for follow up

Question 22 of 30.
Which file should be used to provide data for a BPA or Heatmap?

Tech Support File

exported config file

exported Traffic log csv

SaaS Risk Assessment report

Mark for follow up

Question 23 of 30.

Which product protects against threats moving between servers in the cloud?

GlobalProtect

next-generation firewall VM

Magnifier

Aperture

Mark for follow up

Question 24 of 30.

How are dynamic content updates for the NGFW checked?

From Device > Dynamic Updates, click Check Now once each for Antivirus, Application, GlobalProtect,
Threats, and WildFire® updates.

Log in to the Partner Portal or Customer Success Portal, and specify the IP address of the firewall to
receive dynamic updates.

From Device > Dynamic Updates, click Check Now once for Antivirus, then once again for Application,
GlobalProtect, Threats, and WildFire® updates.

From Device > Dynamic Updates, click Check Now once.

Mark for follow up

Question 25 of 30.

In addition to reporting deviations from best practice, the BPA Report provides which two pieces of information?
(Choose two.)

a reason to follow best practice for each best-practice fail that the BPA identifies

a configuration file that when used by the firewall will enable it to pass all best-practice tests

a recommendation to achieve a pass for each best-practice fail that the BPA identifies

all the parameters used by any security rules or other rules configured for the firewall

Mark for follow up

Which selections should be used for applications, destinations, and users in the Security policy rule used by a
firewall to collect data for an SLR?

pre-logon, any, trust

pre-logon, all-palo-alto-base, trust

any, any, untrust

any, any, any

Mark for follow up

Question 27 of 30.

How do security rules and security profiles work together to create security policy?

Security rules specify what happens to traffic that an attached security profile would otherwise allow.

The firewall forwards traffic when it finds either a security rule or a security profile that allows that traffic.

Security profiles specify what happens to traffic that an attached security rule blocks.

Security profiles specify what happens to traffic that an attached security rule would otherwise allow.

Mark for follow up

Question 28 of 30.

How can an analyst identify which cloud-based data is accessible by outside users that have credentials?

view a SaaS Risk Assessment report

view the data section of an SLR report

define a Magnifier Alert for outside access to cloud-based data

generate a Data Access report from the Monitor page of the next-generation firewall

Mark for follow up

Question 29 of 30.

Which answer best describes the sales cycle role that a Security Lifecycle Review provides?

It can provide automated enforcement for best practices when a single NGFW is left at the customer for six
months or more.

It often lengthens the firewall sales cycle because it takes so much time.

It is a way to use a prospect’s own data to show where the Palo Alto Networks Security Operating Platform
can help them.

It is a way to show the kind of reports that can be generated after a customer purchases a comprehensive
security platform from Palo Alto Networks.

Mark for follow up

What should be specified in Antivirus, Anti-Spyware, URL Filtering, and Vulnerability Protection profiles when a
firewall is configured to collect data for an SLR?

selection of "critical" and "high" severity for alerts

profile name of "default"

an HTTPS application exception

packet capture

Mark for follow up