Pse - 1
Pse - 1
Pse - 1
Question 1 of 30.
In an attack intended to exfiltrate data, the attack's first landing in the target network is not its target server.
Which three steps are likely to be part of the continuation of that attack? (Choose three.)
obtaining credentials
denial of service
Question 2 of 30.
tracks all firewall uses of logs including log export to syslog, email servers, Panorama, SNMP, and HTTP
servers
feeds network Security logs and Endpoint Protection logs into a data lake that is used by applications in the
Application Framework
logs and tracks operational errors that occur in any firewalls in a single environment and provides a report
of those errors to Panorama
collects logs from all firewalls in a deployment, reformats them, and provides them to the firewall running
the service
Question 3 of 30.
Traps
Magnifier
firewall
Question 4 of 30.
Which three SLR findings are commonly discussed with customers? (Choose three.)
Question 5 of 30.
Question 6 of 30.
A customer evolving its computing from on-premises through private cloud, public cloud, and SaaS computing
has which three main security challenges? (Choose three.)
Security cannot be made consistent across the different places applications are deployed.
If they keep remnants from each step in their evolution, the resulting security architecture can be so
fragmented that is impossible to operate.
Security processes in the cloud environment cannot be automated so the benefits of cloud computing
cannot be fully leveraged.
With manual processes, managing policy and investigating incidents across multiple cloud environments
and various tools can be difficult.
With cloud computing, small human errors can result in sensitive data being exposed to scripts and bots
that scan the internet for public leaks.
Question 7 of 30.
configuring a rule that allows traffic only for specific applications to reach a zone
Question 8 of 30.
comparing customer behavior to known behaviors found in environments with good security hygiene
comparing customer traffic behavior to a huge database of that customer’s competitors’ traffic behavior
comparing new traffic and host profile data to a baseline of normal customer¬-specific activity built by
analyzing collected data over 30 days and
comparing differences among data from Traps, Aperture, the next¬-generation firewall, and GlobalProtect
agents
Question 9 of 30.
What is the difference between a BPA Report for a registered opportunity and a report without a registered
opportunity?
Reports for registered opportunities are based on Tech Support Files and reports outside of registered
opportunities are based on Prospect Tech Support Files.
The report for a registered opportunity is free, but there is a fee for generating a report when there is no
registered opportunity.
Reports for registered opportunities include information about licensing entered when the opportunity was
registered.
Question 10 of 30.
Which feature or option helps find the security rule that allowed traffic from a particular application at a particular
time?
WildFire® verdict
BPA heatmap
Question 11 of 30.
customer breaches against those that would be blocked by a properly licensed and configured firewall
Question 12 of 30.
A BPA Heatmap is filtered by source and destination zone. What does this mean for the Heatmap display?
Security rules in the Heatmap's firewall will be reconfigured to limit traffic to the specified source and
destination.
Profile adoption will be shown only for rules with that source and destination.
The virtual router in the Heatmap's firewall will route traffic from the specified source to the specified
destination.
Question 13 of 30.
To configure a firewall for SLR data collection, how is the data to be logged specified?
from Monitor > Manage Custom Reports on the firewall web interface
Question 14 of 30.
Which demo of the Palo Alto Networks Security Operating Platform can show a customer how to determine who
has access to a certain Box cloud storage file?
Traps
BPA
NGFW
Aperture
Question 15 of 30.
upload Stats Dump file, access the Partner Portal, select the Opportunity, provide Report Input Filters
upload Stats Dump file, click TRACK DEALS, select the Opportunity, provide Account Information, provide
Report Input Filters
access the Partner Portal, select Opportunity, click TRACK DEALS, upload Stats Dump file, provide
Account Information
access the Partner Portal, click TRACK DEALS, provide Report Input Filters, upload Stats Dump file
Question 16 of 30.
For Tap mode installation of an NGFW to collect data for an SLR, where is the NGFW placed?
off a SPAN port of a firewall that will be the competition for the NGFW
off a SPAN port of a switch that sees all north-south traffic of the network to be reviewed
Question 17 of 30.
Which three options are firewall configuration steps to prepare for SLR data collection? (Choose three.)
From Device > Setup > Services, edit DNS settings and set the update server to
updates.paloaltonetworks.com.
From Objects > Security Profiles > Antivirus, edit the Antivirus Profile and set its WildFire® action to "reset
both" for all decoders.
From Device > Setup > Services, edit DNS settings and set the update server to the address of one of the
existing firewalls.
From Device > Setup > Interfaces > Management, edit Management Interface Settings and add an address
and default gateway.
Question 18 of 30.
Which configuration step is part of setting up the firewall to collect data for an SLR?
From Network > Virtual Routers, add a static route from the interface connected to the switch to the default
gateway.
From Policies > Security, add a security policy that blocks all traffic.
From Network > Interfaces, open an interface and set its Interface Type to Tap.
Question 19 of 30.
Which option best describes the role of App-¬ID in Palo Alto Networks NGFW security policy?
App-¬ID is the firewall’s way of identifying which user’s traffic is associated with an application.
Application recognition is considered as part of the NGFW security rule matching process.
Question 20 of 30.
Which part of the Palo Alto Networks Security Operating Platform helps customers accelerate their consumption
of innovative cloud security offerings?
Application Framework
Magnifier
Aperture
Question 21 of 30.
Question 22 of 30.
Which file should be used to provide data for a BPA or Heatmap?
Question 23 of 30.
Which product protects against threats moving between servers in the cloud?
GlobalProtect
next-generation firewall VM
Magnifier
Aperture
Question 24 of 30.
From Device > Dynamic Updates, click Check Now once each for Antivirus, Application, GlobalProtect,
Threats, and WildFire® updates.
Log in to the Partner Portal or Customer Success Portal, and specify the IP address of the firewall to
receive dynamic updates.
From Device > Dynamic Updates, click Check Now once for Antivirus, then once again for Application,
GlobalProtect, Threats, and WildFire® updates.
Question 25 of 30.
In addition to reporting deviations from best practice, the BPA Report provides which two pieces of information?
(Choose two.)
a reason to follow best practice for each best-practice fail that the BPA identifies
a configuration file that when used by the firewall will enable it to pass all best-practice tests
a recommendation to achieve a pass for each best-practice fail that the BPA identifies
all the parameters used by any security rules or other rules configured for the firewall
Which selections should be used for applications, destinations, and users in the Security policy rule used by a
firewall to collect data for an SLR?
Question 27 of 30.
How do security rules and security profiles work together to create security policy?
Security rules specify what happens to traffic that an attached security profile would otherwise allow.
The firewall forwards traffic when it finds either a security rule or a security profile that allows that traffic.
Security profiles specify what happens to traffic that an attached security rule blocks.
Security profiles specify what happens to traffic that an attached security rule would otherwise allow.
Question 28 of 30.
How can an analyst identify which cloud-based data is accessible by outside users that have credentials?
generate a Data Access report from the Monitor page of the next-generation firewall
Question 29 of 30.
Which answer best describes the sales cycle role that a Security Lifecycle Review provides?
It can provide automated enforcement for best practices when a single NGFW is left at the customer for six
months or more.
It often lengthens the firewall sales cycle because it takes so much time.
It is a way to use a prospect’s own data to show where the Palo Alto Networks Security Operating Platform
can help them.
It is a way to show the kind of reports that can be generated after a customer purchases a comprehensive
security platform from Palo Alto Networks.
What should be specified in Antivirus, Anti-Spyware, URL Filtering, and Vulnerability Protection profiles when a
firewall is configured to collect data for an SLR?
packet capture