[Nov 13, 2023] Achive your Success with Latest Palo Alto Networks PSE-PrismaCloud Exam [Q21-Q44]

Achive your Success with Latest Palo Alto Networks PSE-PrismaCloud Exam [Nov 13, 2023]

The PSE-PrismaCloud Exam Test For Brief Preparation 

Palo Alto Networks is a global cybersecurity company that is committed to securing the digital way of life. The company provides leading-edge security solutions to protect networks, cloud environments, and mobile devices from cyber threats. The company's certified professionals are trained to design, install, configure, and manage Palo Alto Networks security solutions. Palo Alto Networks offers a range of certifications to validate the skills and expertise of security professionals.

 

NEW QUESTION # 21
When protecting against attempts to exploit client-side and server-side vulnerabilities, what is the Palo Alto Networks best practice when using NGFW Vulnerability Protection Profiles?

• A. Clone the predefined Strict Profile, with packet capture settings enabled
• B. Use the default Vulnerability Protection Profile to protect clients from all known critical, high, and medium-severity threats
• C. Clone the predefined Strict Profile, with packet capture settings disabled
• D. Use the default Vulnerability Protection Profile to protect servers from all known critical, high, and medium-severity threats

Answer: B

NEW QUESTION # 22
When an on-premises NGFW (customer gateway) is used to connect to the Virtual Gateway, which two IKE profiles cannot be used? (Choose two.)

• A. Group14 / SHA-256 / AES-256-GCM / IKE-V1
• B. Group14 / SHA-256 / AES-256-CBC / IKE-V1
• C. Group2 / SHA-1 / AES-128-CBC / IKE-V1
• D. Group2 / SHA-1 / AES-128-CBC
• E. Group2 / SHA-1 / AES-128-GCM / IKE-V1

Answer: A,B

NEW QUESTION # 23
Which two cloud providers support Load Balancers as next hop configurations for outbound connections?
(Choose two.)

• A. Microsoft Azure
• B. Google Cloud Platform
• C. Oracle Cloud
• D. Amazon Web Services

Answer: B,C

NEW QUESTION # 24
What is a permanent public IP called on Amazon Web Services?

• A. Floating IP
• B. EIP
• C. PIP
• D. Reserved IP

Answer: B

NEW QUESTION # 25
Which configuration needs to be done to perform user entity behavior analysis with Prisma Public Cloud?

• A. Configure User-ID.
• B. Whitelist IP addresses.
• C. Define enterprise settings.
• D. Create alert rules.

Answer: C

Explanation:
Explanation
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/anomaly-poli

NEW QUESTION # 26
Which RQL string searches for all EBS volumes that do not have a "DataClassification" tag?

• A. config where api.name = 'aws-ec2-describe-volumes' AND json.rule = tags[*].key = 1
• B. config where api.name = 'aws-ec2-describe-volumes, AND json.rule = tags[*]key contains DataClassification
• C. config where api.name = ,aws-ec2-describe-volumes' AND json.rule = tags[*].key exists
• D. config where api.name = ,aws-ec2-describe-volumes' AND json.rule = tags[*]key != DataClassification

Answer: A

NEW QUESTION # 27
Match the logging service with its cloud provider.

Answer:

Explanation:

NEW QUESTION # 28
Which two items are required when a VM-100 BYOL instance is upgraded to a VM-300 BYOL instance?
(Choose two.)

• A. CPU ID
• B. new Auth Code
• C. API Key
• D. UUID

Answer: B,C

Explanation:
Explanation
In a public cloud deployment, if your firewall is licensed with the BYOL option, you must Deactivate VM before you change the instance type or VM type and apply the license again on the firewall after you complete the model or instance upgrade. When you change the instance type, because the firewall has a new UUID and CPU ID, the existing license will no longer be valid.
https://docs.paloaltonetworks.com/vm-series/9-0/vm-series-deployment/about-the-vm-series-firewall/upgrade-th

NEW QUESTION # 29
Which three features are not supported by VM-Series NGFWs on Azure Stack? (Choose three.)

• A. Azure Application Insight
• B. ARM Template
• C. Resource Group
• D. Bootstrapping
• E. Azure Security Center

Answer: A,B,D

NEW QUESTION # 30
An administrator has deployed an AWS transit gateway and used multiple VPC spokes to segregate a multi-tier application. The administrator also created a security VPC with multiple VM-Series NGFWs in an active/active deployment model via ECMP using Amazon Web Services VPN-based attachments.
What must be configured on the firewall to avoid asymmetric routing?

• A. source and destination address translation
• B. port address translation
• C. source address translation
• D. destination address translation

Answer: B

NEW QUESTION # 31
A client has a sensitive internet-facing application server in Microsoft Azure and is concerned about resource exhaustion because of distributed denial-of-service attacks What can be configured on the VM-Series firewall to specifically protect this server against this type of attack?

• A. DoS Protection Profile with specific session counts
• B. Custom threat signature
• C. QoS Profile to limit incoming requests
• D. Zone Protection Profile

Answer: D

NEW QUESTION # 32
What configuration on AWS is required in order for VM-Series to forward traffic between its network interfaces?

• A. Both Source and Destination Checks are enabled
• B. Both Source and Destination Checks are disabled
• C. Source Check is disabled and Destination Check is enabled
• D. Source Check is enabled and Destination Check is disabled

Answer: B

Explanation:
Explanation
https://docs.paloaltonetworks.com/vm-series/9-0/vm-series-deployment/set-up-the-vm-series-firewall-on-aws/us

NEW QUESTION # 33
A customer CSO has asked you to demonstrate how to identify all "Amazon RDS" resources deployed and the region that they are deployed in. What are two ways that Prisma Public Cloud can show the relevant information?(Choose two.)

• A. Open the Asset dashboard, filter on Amazon Web Services, and click "Amazon RDS" resources.
• B. Generate a compliance report from the Compliance dashboard
• C. Configure an Inventory report from the "Alerts" tab
• D. Write an RQL query from the "Investigate" tab.

Answer: A,B

NEW QUESTION # 34
Which RQL string using network query attributes returns all traffic destined for Internet or for Suspicious IPs that also exceeds 1GB?

• A. network where dest.publicnetwork IN ('Internet IPs', 'Suspicious IPs') AND bytes > 1000000000
• B. network where publicnetwork = ('Internet IPs', 'Suspicious IPs') AND bytes > 1000000000
• C. network where bytes > 1GB and destination = 'Internet IPs' OR 'Suspicious IPs'
• D. show traffic where destination.network = ('Internet IPs', 'Suspicious IPs') AND bytes > 1000000000

Answer: A

Explanation:
Explanation
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/rql-examples All network traffic that is greater than 1GB and destined to Internet or Suspicious IPs (allows you to identify data exfiltration attempt on any cloud environment).
network where dest.publicnetwork IN ( 'Internet IPs', 'Suspicious IPs' ) AND bytes > 1000000000

NEW QUESTION # 35
Palo Alto Networks recommends which two options for outbound HA design in Amazon Web Services using VM-Series NGFW? (Choose two.)

• A. traditional active/standby HA on VM-Series
• B. iLB-as-next-hop
• C. transit gateway and security VPC with VM-Series
• D. transit VPC and security VPC with VM-Series

Answer: A,C

NEW QUESTION # 36
An administrator deploys a VM-Series firewall into Amazon Web Services. Which attribute must be disabled on the data-plane elastic network interface for the instance to handle traffic that is not destined to its own IP address?

• A. tags
• B. security group
• C. elastic ip address
• D. source/destination checking

Answer: D

Explanation:
Explanation
https://docs.paloaltonetworks.com/vm-series/8-1/vm-series-deployment/set-up-the-vm-series-firewall-on-aws/de

NEW QUESTION # 37
Which option is defined by the creation and change of public cloud services managed in a repeatable and predictable fashion?

• A. software as code
• B. platform as a service
• C. infrastructure as a service
• D. infrastructure as code

Answer: C

NEW QUESTION # 38
Which regulatory framework in Prisma Public Cloud measures compliance with EU data privacy regulations in Amazon Web Services workloads?

• A. GDPR
• B. EU Data Protection Directive 95/46/EC
• C. ISO 27001
• D. Payment Card Industry 3.0

Answer: B

NEW QUESTION # 39
Match the query type with its corresponding search

Answer:

Explanation:

Explanation
network where,
event where,
config where

NEW QUESTION # 40
How can you use Prisma Public Cloud to identify Amazon EC2 instances that have been tagged as "Private?

• A. Create an RQL config query to identify resources with the tag "Private."
• B. Open the Asset Dashboard, filter on tags: and choose "Private."
• C. Generate a CIS compliance report and review the "Asset Summary."
• D. Create an RQL network query to identify traffic from resources tagged "Private."

Answer: D

NEW QUESTION # 41
A customer has deployed a VM-Series NGFW on Amazon Web Services using a PAYG license. What is the sequence required by the customer to switch to a BYOL license?

Answer:

Explanation:

NEW QUESTION # 42
Which three types of security checks can Prisma Public Cloud perform? (Choose three.)

• A. config where
• B. event where
• C. compliance where
• D. user where
• E. network where

Answer: B,C,E

NEW QUESTION # 43
Prisma Public Cloud enables compliance monitoring and reporting by mapping which configurations to compliance standards?

• A. policies
• B. RQL queries
• C. alert rules
• D. notification templates

Answer: A

NEW QUESTION # 44
......

Revolutionary Guide To Exam Palo Alto Networks Dumps: https://examsdocs.lead2passed.com/Palo-Alto-Networks/PSE-PrismaCloud-practice-exam-dumps.html