Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Paloalto Networks PSE-PrismaCloud PSE Palo Alto Networks System Engineer Professional - Prisma Cloud Exam Practice Test

Demo: 34 questions
Total 115 questions

PSE Palo Alto Networks System Engineer Professional - Prisma Cloud Questions and Answers

Question 1

What are two ways to initially deploy a VM-Series NGFW in Microsoft Azure? (Choose two.)

Options:

A.

through ARM Templates in the GitHub Repository

B.

through Solution Templates in the Azure Marketplace

C.

through Expedition in the Customer Success Portal

D.

through Iron Skillets in the GitHub Repository

Question 2

Which two resources provide operational insight within the Prisma Cloud Asset Inventory? (Choose two.)

Options:

A.

Cortex Data Lake

B.

Cloud Storage buckets

C.

Prisma Access Gateways

D.

Compute Engine instance

Question 3

Which statement explains the correlation between the block and alert thresholds in a vulnerability management policy?

Options:

A.

The thresholds can be set to informational, low, medium, high, and critical.

B.

The alert threshold always has precedence over, and can be greater than, the block threshold.

C.

The block threshold must always be equal to or greater than the alert threshold.

D.

The block threshold always has precedence over, and can be less than, the alert threshold.

Question 4

Which framework in Prisma Public Cloud can be used to provide general best practices when no specific legal requirements or regulatory standards need to be met?

Options:

A.

HIPAA

B.

CIS Benchmark

C.

Payment Card Industry DSS V3

D.

GDPR

Question 5

Which two valid effects are used to deal with images within a rule for trusted images? (Choose two.)

Options:

A.

Deny

B.

Alert

C.

Block

D.

Ignore

Question 6

Which filter type is valid in Asset Explorer?

Options:

A.

resource name

B.

instance

C.

cloud region

D.

feature

Question 7

A client has a sensitive internet-facing application server in Microsoft Azure and is concerned about resource exhaustion because of distributed denial-of-service attacks What can be configured on the VM-Series firewall to specifically protect this server against this type of attack?

Options:

A.

Custom threat signature

B.

Zone Protection Profile

C.

QoS Profile to limit incoming requests

D.

DoS Protection Profile with specific session counts

Question 8

Which change represents a VM-Series NGFW license transfer?

Options:

A.

VM-100 BYOL on Microsoft Azure to VM-100 BYOL on Amazon Web Services

B.

VM-300 BYOL on Microsoft Azure to VM-300 PAY6 on Amazon Web Services

C.

VM-100 BYOL on Microsoft Azure to VM-300 BYOL on Microsoft Azure

D.

VM-100 BYOL on Microsoft Azure to VM-300 PAYG on Amazon Web Services

Question 9

Which configuration needs to be done to perform user entity behavior analysis with Prisma Public Cloud?

Options:

A.

Create alert rules.

B.

Whitelist IP addresses.

C.

Configure User-ID.

D.

Define enterprise settings.

Question 10

Which RQL string monitors all traffic from the Internet and Suspicious IPs destined for your Amazon Web Services databases''

Options:

A.

network where source.publicnetwork IN ('Suspicious IPs') and dest.resource IN (resource where role IN ('AWS RDS', 'Database'))

B.

network where source.publicnetwork IN ('Suspicious IPs', 'Internet IPs') and dest.resource IN (resource where role IN ('LDAP'))

C.

network where dest.resource IN (resource where role = 'Database'}

D.

network where source.publicnetwork IN ('Suspicious IPs', 'Internet IPs') and dest resource IN (resource where role IN ('AWS RDS'. 'Database'))

Question 11

Which pillar of the Prisma Cloud platform allows cloud entitlements to be quickly audited and secured?

Options:

A.

Cloud Security Posture Management

B.

Cloud Identity Security

C.

Cloud Network Security

D.

Cloud Code Security

Question 12

Which pillar of the Prisma Cloud platform provides support for both public and private clouds as well as flexible agentless scanning and agent-based protection?

Options:

A.

Cloud Network Security

B.

Cloud Security Posture Management

C.

Cloud Identity Security

D.

Cloud Workload Protection (CWP)

Question 13

Which regulatory framework in Prisma Cloud measures compliance with European Union (EU) data privacy regulations in Amazon Web services (AWS) workloads?

Options:

A.

General Data Protection Regulation (GDPR)

B.

International Organization for Standardization (ISO) 27001

C.

Payment Card Industry (PCI) Data Security Standard (DSS) 3.0

D.

EU Data Protection Directive 95/46/EC

Question 14

Which statement applies to vulnerability management policies?

Options:

A.

Host and serverless rules support blocking, whereas container rules do not.

B.

Rules explain the necessary actions when vulnerabilities are found in the resources of a customer environment.

C.

Policies for containers, hosts, and serverless functions are not separate.

D.

Rules are evaluated in an undefined order.

Question 15

Which two cloud providers support Load Balancers as next hop configurations for outbound connections? (Choose two.)

Options:

A.

Google Cloud Platform

B.

Microsoft Azure

C.

Oracle Cloud

D.

Amazon Web Services

Question 16

Which two actions are appropriate when configuring Prisma Cloud to scan a registry? (Choose two.)

Options:

A.

Allow Prisma Cloud to automatically optimize registry scans with version pattern matching.

B.

Allow Prisma Cloud to automatically distribute the scan job across a pool of available Defenders.

C.

Explicitly specify the Defender to do the job.

D.

Explicitly specify the predefined version pattern-matching algorithm.

Question 17

Based on the diagram, prioritize the order in which the Virtual Gateway evaluates the best route based on the deterministic B6P Path selection process.

Options:

Question 18

Which three anomaly policies are predefined in Prisma Public Cloud? (Choose three.)

Options:

A.

Excessive login failures

B.

Unusual user activity

C.

Denial-of-service activity

D.

Account hijacking attempts

E.

Suspicious file activity

Question 19

Which two resource types are included in the Prisma Cloud Enterprise licensing count? (Choose two.)

Options:

A.

Elastic Compute Cloud (EC2) instances

B.

Network Address Translation (NAT) gateways

C.

CloudFront distributions

D.

Security groups

Question 20

Which two cloud-native providers are supported by Prisma Cloud? (Choose two.)

Options:

A.

DigitalOcean

B.

Azure

C.

IBM Cloud

D.

Oracle Cloud

Question 21

How does Prisma Cloud Enterprise autoremediate unwanted violations to public cloud infrastructure?

Options:

A.

It inspects the application program interface (API) call made to public cloud and blocks the change if a policy violation is found.

B.

It makes changes after a policy violation has been identified in monitoring.

C.

It locks all changes to public cloud infrastructure and stops any configuration changes without prior approval.

D.

It uses machine learning (ML) to identify unusual changes to infrastructure.

Question 22

Which statement is specific for Prisma Cloud when integrating into cloud environments?

Options:

A.

An AutoFocus license is included in Prisma Cloud.

B.

For multi-cloud environment licenses are required for the number of Prisma Cloud instances.

C.

Can be natively integrated into Prisma Access.

D.

No agents or proxies are required.

Question 23

How can you modify a range of dates default policy in Prisma Public Cloud?

Options:

A.

Override the value and commit the configuration.

B.

Clone the existing policy and change the value.

C.

Manually create the RQL statement.

D.

Click the Gear icon next to the policy name to open the Edit Policy dialog

Question 24

Under which operating systems (OSs) is twistcli supported?

Options:

A.

Linux, macOS, and Windows

B.

Windows only

C.

Linux and Windows

D.

Linux, macOS, PAN-OS, and Windows

Question 25

The following error is received when performing a manual twistcli scan on an image:

What is missing from the command?

Options:

A.

registry path for image name

B.

password

C.

console address

D.

username

Question 26

The VM-Series integration with Amazon GuardDuty feeds malicious IP addresses to the VM-Series NGFW using XML API to populate a Dynamic Address Group within a Security policy that blocks traffic.

How does Amazon Web Services achieve this integration?

Options:

A.

SNS

B.

SQS

C.

CodeDeploy

D.

Lambda

Question 27

Which Resource Query Language (RQL) query monitors all "delete" activities for the user "user1"?

Options:

A.

event where crud = 'delete’ AND subject = 'user1'

B.

event where crud = 'delete'

C.

event where crud = 'delete' AND subject = 'user1' AND cloud.type = 'aws'

D.

event where subject = 'user1'

Question 28

Which two types of Resource Query Language (RQL) queries can be used to create policies? (Choose two.)

Options:

A.

hose from

B.

network from

C.

system from

D.

event from

Question 29

Which two elements does Prisma Cloud monitor when analyzing for unusual user activity? (Choose two.)

Options:

A.

Operating System (OS)

B.

browser

C.

location

D.

time

Question 30

Which Amazon Web Services security service can provide host vulnerability information to Prisma Public Cloud?

Options:

A.

Shield

B.

Inspector

C.

GuardDuty

D.

Amazon Web Services WAF

Question 31

What is the Palo Alto Networks default Prisma Cloud setting for Alert Disposition to reduce the number of false positives?

Options:

A.

Conservative

B.

Moderate

C.

High

D.

Aggressive

Question 32

Match the logging service with its cloud provider.

Options:

Question 33

Which type of alert captures unusual user activity and excessive login failures?

Options:

A.

Anomaly

B.

Audit Event

C.

Configuration

D.

Network

Question 34

An administrator has deployed an AWS transit gateway and used multiple VPC spokes to segregate a multi-tier application. The administrator also created a security VPC with multiple VM-Series NGFWs in an active/active deployment model via ECMP using Amazon Web Services VPN-based attachments.

What must be configured on the firewall to avoid asymmetric routing?

Options:

A.

source address translation

B.

destination address translation

C.

port address translation

D.

source and destination address translation

Demo: 34 questions
Total 115 questions