PSE Platform Associate

Question 1 of 30.

Which file should be used to provide data for a BPA or Heatmap?

exported config file
SaaS Risk Assessment report
exported Traffic log csv
Tech Support File
Mark for follow up

Question 2 of 30.

Which selections should be used for applications, destinations, and users in the Security policy
rule used by a firewall to collect data for an SLR?
pre-logon, all-palo-alto-base, trust
any, any, any
any, any, untrust
pre-logon, any, trust
Mark for follow up

Question 3 of 30.

To configure a firewall to collect data for an SLR, what should the WildFire® action be in the
Antivirus Profile attached to the security rule used by the interface receiving customer traffic?
"reset client" for all actions
"alert" for all actions
"default" for all actions
 "alert" for FTP and HTTP, and "reset both" for all other decoders
Mark for follow up

Question 4 of 30.

Which two features provide visibility into malware delivery? (Choose two.)
WildFire®
decryption
anti-spyware
antivirus protection
Mark for follow up

Question 5 of 30.

To create a BPA report without a registered opportunity, which URL is accessed?

NGFW Security Portal
Support Portal
Partner Portal
Customer Success Portal
Mark for follow up

Question 6 of 30.

Which comparison does a BPA Report present?

signatures in the firewall against signatures available from WildFire®
a customer's NGFW configuration against best practices
customer breaches against those that would be blocked by a properly licensed and
configured firewall
a customer's configuration against the results of a customer interview
Mark for follow up
Question 7 of 30.

Which answer describes Security Lifecycle Reviews?

They are limited to use with competitive security products documented as compatible with
SLR data collection.
They provide value only before a customer purchases Palo Alto Networks security products.
They are based on non-intrusive collection of data.
They provide value only after a customer purchases Palo Alto Networks security products.
Mark for follow up

Question 8 of 30.

After a Tech Support File is uploaded to the partner portal to create a BPA report, what does
Zone Mapping do?
It allows a user to rename zones for clarity in the BPA report.
It allows a user an additional opportunity to specify source and destination zones for firewall
rules analyzed in the BPA.
It allows a user to map each zone in the Tech Support File to its area of architecture,
such as internet, DMZ, remote/VPN, or other areas.
When the Tech Support File is from Panorama and reflects multiple firewalls, it allows a
user to specify whether each firewall is physical or virtual.
Mark for follow up

Question 9 of 30.

Which three options are firewall configuration steps to prepare for SLR data collection? (Choose
three.)
Receive license keys from the license server.
From Device > Setup > Interfaces > Management, edit Management Interface Settings
and add an address and default gateway.
From Device > Setup > Services, edit DNS settings and set the update server to the address
of one of the existing firewalls.
 From Device > Setup > Services, edit DNS settings and set the update server to
updates.paloaltonetworks.com.
From Objects > Security Profiles > Antivirus, edit the Antivirus Profile and set its
WildFire® action to "reset both" for all decoders.
Mark for follow up

Question 10 of 30.

What does the Cortex Data Lake do?

collects logs from all firewalls in a deployment, reformats them, and provides them to the
firewall running the service
feeds network Security logs and Endpoint Protection logs into a data lake that is used
by applications in the Cortex Hub
tracks all firewall uses of logs including log export to syslog, email servers, Panorama,
SNMP, and HTTP servers
logs and tracks operational errors that occur in any firewalls in a single environment and
provides a report of those errors to Panorama
Mark for follow up

Question 11 of 30.

How does use of User-ID in a security rule help implement the Palo Alto Networks security
posture?
specifies traffic data pattern matching to support Zero Trust
reduces the attack surface to support Zero Trust
specifies the exfiltration zones to which security profiles apply
increases the attack surface to support positive enforcement
Mark for follow up

Question 12 of 30.

When a customer is using competitors’ security products, which two tools are appropriate to help
the customer reassess their security posture? (Choose two.)
 BPA
PPA
TMS
SLR
Mark for follow up

Question 13 of 30.

How can User-ID connectivity be verified for an NGFW?

Check traffic load on the network's LDAP server.
Check the CPU load on the network's domain controller.
Check WMI logs.
Check Device > User Identification > User Mapping > Server Monitoring.
Mark for follow up

Question 14 of 30.

A customer evolving its computing from on-premises through private cloud, public cloud, and
SaaS computing has which three main security challenges? (Choose three.)
With cloud computing, small human errors can result in sensitive data being exposed to
scripts and bots that scan the internet for public leaks.
Security processes in the cloud environment cannot be automated so the benefits of cloud
computing cannot be fully leveraged.
Security cannot be made consistent across the different places applications are deployed.
With manual processes, managing policy and investigating incidents across multiple
cloud environments and various tools can be difficult.
If they keep remnants from each step in their evolution, the resulting security
architecture can be so fragmented that is impossible to operate.
Mark for follow up

Question 15 of 30.
In addition to reporting deviations from best practice, the BPA Report provides which two pieces
of information? (Choose two.)
a reason to follow best practice for each best-practice fail that the BPA identifies
a recommendation to achieve a pass for each best-practice fail that the BPA identifies
a configuration file that when used by the firewall will enable it to pass all best-practice tests
all the parameters used by any security rules or other rules configured for the firewall
Mark for follow up

Question 16 of 30.

What does a BPA adoption Heatmap show?

the feature sets of a particular firewall that are currently licensed
the rules of a particular firewall that are hit most often
the distribution of traffic among firewall ports
the feature sets of a particular firewall that actually are used
Mark for follow up

Question 17 of 30.

How can an external list of malicious domains be leveraged by an NGFW?

The external list can be specified as a URL in a security rule's zone configuration to
block traffic from the zone containing these domains.
The external list can be specified as an External Dynamic List in an Anti-Spyware Security
Profile that need not be attached to a security rule.
An Anti-Spyware Profile can define access to any of the domains on the list to be an
application, and the profile can use App-ID to block that application.
The external list can be specified as an External Dynamic List in an Anti-Spyware Security
Profile that is attached to a security rule.
Mark for follow up

Question 18 of 30.
Which answer best describes the meaning of the above picture in the context of Palo Alto
Networks Security Lifecycle Reviews?
The firewall essentially is a router on a stick.
Firewalls can connect only to customer switches, they cannot connect to customer routers.
Firewalls involved in Security Lifecycle Reviews use wireless interfaces only.
The firewall in Tap mode connects to a switch and does not impact customer traffic at
all.
Mark for follow up

Question 19 of 30.

To prepare for data collection for an SLR, what needs to be done about licenses and dynamic
updates?
Licenses and dynamic updates are provided by the Partner Portal or Support Portal as part of
deal registration.
Licenses and dynamic updates are configured on the firewall.
The customer can use their existing licenses and dynamic updates.
The firewall is in Tap mode so licenses and dynamic updates are unnecessary.
Mark for follow up

Question 20 of 30.

What allows an SLR evaluation firewall to collect data to obtain information about who is
sending or receiving traffic?
The customer provides endpoint Traffic logs.
Syslog data is uploaded while the SLR report is generated.
Data about who sends or receives traffic is not collected for an SLR.
User-ID is configured on the firewall.
Mark for follow up

Question 21 of 30.
App-ID provides value protecting against threats in which two ways? (Choose two.)
With application dependency, the identified application depends on the intent of the attacker
and App-ID can be used this way to block malicious intent.
App-ID can be used in a security rule to specify that traffic initiating from a specific group
of users is blocked.
Once an application is identified, App-ID provides interpretation of the application's payload
to ensure that the application is used only as intended.
App-ID can be used with User-ID and Content-ID to reduce the attack surface.
App-ID can be used in a security rule to specify that traffic belonging to a set of
applications is blocked.
Mark for follow up

Question 22 of 30.

How do security rules and security profiles work together to create security policy?
Security rules specify what happens to traffic that an attached security profile would
otherwise allow.
Security profiles specify what happens to traffic that an attached security rule blocks.
The firewall forwards traffic when it finds either a security rule or a security profile that
allows that traffic.
Security profiles specify what happens to traffic that an attached security rule would
otherwise allow.
Mark for follow up

Question 23 of 30.

What does WildFire® do when a file or URL is uploaded to it by an NGFW?

WildFire provides a WildFire Analysis Profile back to the NGFW to be attached to the rule
that allowed the file or URL.
WildFire replies to the NGFW with a hash of a signature that matches the sent file or URL.
WildFire updates PAN-OS® software with its analysis and the NGFW gets that information
the next time it updates PAN-OS® software.
WildFire determines a verdict of Benign, Grayware, Malware, or Phishing.
Mark for follow up
Question 24 of 30.

Which statement describes the BPA Report password?

must be 13 characters long but once entered is never again required
defined at report generation time and is required to view the password-protected
report
allows access to encrypted data stored by the firewall and uploaded to the Support Portal
the same as the Panorama or firewall admin password and is required to access the report
generator
Mark for follow up

Question 25 of 30.

Which feature or option helps find the security rule that allowed traffic from a particular
application at a particular time?
BPA heatmap
WildFire® verdict
log at NGFW Monitor > Traffic
Prisma SaaS Risk Assessment Report
Mark for follow up

Question 26 of 30.

Which three security capabilities can be combined to provide necessary protection for current
multi-platform cloud application architecture? (Choose three.)
detection and prevention of zero-day attacks by securing applications and operating systems
from within their workload or host
inline security with the ability to protect and segment traffic that’s entering
applications, going between applications, and leaving applications
use of IaaS and PaaS APIs to obtain good insight into how services are consumed,
configured, and deployed
 a set of point products from multiple vendors that provide frictionless security for specific
corner use cases, along with a corresponding set of security administration and reporting tools
native cloud-platform security offerings that provide security for multiple platforms and on-
premises data center infrastructures
Mark for follow up

Question 27 of 30.

Which file should be uploaded to the Security Lifecycle Review tool?

SLR report csv
SaaS Risk Assessment report
Stats Dump file
exported config file
Mark for follow up

Question 28 of 30.

How is the data in a Stats Dump file made available for SLR Report creation?
automatically pulled by Panorama and uploaded to the Partner Portal
uploaded directly from the firewall to the Partner Portal
downloaded from the firewall to a computer, then uploaded when requested from the
Partner Portal
fed through the Cortex Data Lake and made available to the SLR app
Mark for follow up

Question 29 of 30.

For Tap mode installation of an NGFW to collect data for an SLR, where is the NGFW placed?
off a SPAN port of a switch that sees all north-south traffic of the network to be
reviewed
between the internet and existing perimeter security competitive firewalls
between an internal database server and its backup server
 off a SPAN port of a firewall that will be the competition for the NGFW
Mark for follow up

Question 30 of 30.

How are dynamic content updates for the NGFW checked?

From Device > Dynamic Updates, click Check Now once for Antivirus, then once again
for Application, Prisma Access, Threats, and WildFire® updates.
From Device > Dynamic Updates, click Check Now once.
From Device > Dynamic Updates, click Check Now once each for Antivirus, Application,
Prisma Access, Threats, and WildFire® updates.
Log in to the Partner Portal or Customer Success Portal, and specify the IP address of the
firewall to receive dynamic updates.
Mark for follow up