Unique Top-selling PSE-PrismaCloud Exams - New 2022 Palo Alto Networks Pratice Exam
PSE-Prisma Cloud Professional Dumps PSE-PrismaCloud Exam for Full Questions - Exam Study Guide
Palo Alto Networks PSE-PrismaCloud Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
| Topic 9 |
|
NEW QUESTION 13
What are three examples of outbound traffic flow? (Choose three.)
- A. issue apt-get install command on an instance inside Amazon Web Services
- B. Microsoft Windows inside Azure requesting a security patch
- C. issue yum update command on an instance inside Amazon Web Services
- D. web server inside Amazon Web Services receiving web requests from internet
- E. outgoing Prisma Public Cloud API calls
Answer: A,B,E
NEW QUESTION 14
A customer CSO has asked you to demonstrate how to identify all "Amazon RDS" resources deployed and the region that they are deployed in. What are two ways that Prisma Public Cloud can show the relevant information?(Choose two.)
- A. Open the Asset dashboard, filter on Amazon Web Services, and click "Amazon RDS" resources.
- B. Write an RQL query from the "Investigate" tab.
- C. Generate a compliance report from the Compliance dashboard
- D. Configure an Inventory report from the "Alerts" tab
Answer: A,C
NEW QUESTION 15
Which two statements are true about CloudFormation? (Choose two.)
- A. CloudFormation templates can be used on both Amazon Web Services and Microsoft Azure
- B. CloudFormation templates can be written in JSON or YAML
- C. CloudFormation is a procedural configuration management tool.
- D. CloudFormation is a declarative orchestration tool.
Answer: A,B
NEW QUESTION 16
What are two ways to initially deploy a VM-Series NGFW in Microsoft Azure? (Choose two.)
- A. through Solution Templates in the Azure Marketplace
- B. through Expedition in the Customer Success Portal
- C. through ARM Templates in the GitHub Repository
- D. through Iron Skillets in the GitHub Repository
Answer: A,C
NEW QUESTION 17
In which two ways does Palo Alto Networks VM orchestration help service providers automatically provision security instances and policies? (Choose two.)
- A. support for Dynamic Address Groups
- B. VM Orchestration Policy Editor
- C. Aperture Orchestration Engine
- D. fully instrumented API
Answer: A,C
NEW QUESTION 18
What is the scope of the Amazon Web Services 1AM Service?
- A. zonal
- B. global
- C. VPC
- D. regional
Answer: B
NEW QUESTION 19
Which three services can Google Cloud Security Scanner assess? (Choose three.)
- A. Google Kubernetes Engine
- B. App Engine
- C. BigQuery
- D. Compute Engine
- E. Google Virtual Private Cloud
Answer: A,B,D
NEW QUESTION 20
What is required for an EC2 instance to access the internet directly from an AWS VPC?
- A. Virtual Private Gateway
- B. Customer Gateway
- C. Internet Gateway
- D. Transit Gateway
Answer: C
NEW QUESTION 21
Which RQL string returns a list of all Azure virtual machines that are not currently running?
- A. config where api.name = 'azure-vm-list' AND json.rule = powerState does not contain "running"
- B. config where api.name = 'azure-vm-list' AND json.rule = powerState = "off'
- C. config where api.name = 'azure-vm-list' AND json.rule = powerState = "running"
- D. config where api.name = 'azure-vm-list' AND json.rule = powerState contains "running"
Answer: D
NEW QUESTION 22
What are two ways to enable interface swap when deploying a VM-Series NGFW in Google Cloud Platform?
(Choose two.)
- A. create a bootstrap file that includes the mgmt-interface-swap command
- B. run the PAN-OS CLI command: set system mgmt-interface-swap enable yes
- C. in the Google Cloud Console Metadata Field, enter a key-value pair where mgmt-interface-swap is the key and enable is the value
- D. run the PAN-OS CLI command: set system mgmt-interface-swap setting enable yes
Answer: A,C
Explanation:
Explanation
https://docs.paloaltonetworks.com/vm-series/8-1/vm-series-deployment/set-up-the-vm-series-firewall-on-google
NEW QUESTION 23
Which three methods can provide application-level security for a web server instance on Amazon Web Services? (Choose three.)
- A. Traps
- B. VM-Series firewalls
- C. Security Groups
- D. Prisma SaaS
- E. Amazon Web Services WAF
Answer: B,C,D
NEW QUESTION 24
Match the query type with its corresponding search
Answer:
Explanation:
Explanation
network where,
event where,
config where
NEW QUESTION 25
Based on the diagram, how many routes will the virtual gateway advertise to the on-premises NGFW over the Amazon Web Services Direct Connect link?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: D
NEW QUESTION 26
Which RQL string monitors all traffic from the Internet and Suspicious IPs destined for your Amazon Web Services databases?
- A. network where dest.resource IN (resource where role = 'Database'}
- B. network where source.publicnetwork IN ('Suspicious IPs', 'Internet IPs') and dest resource IN (resource where role IN ('AWS RDS'. 'Database'))
- C. network where source.publicnetwork IN ('Suspicious IPs') and dest.resource IN (resource where role IN ('AWS RDS', 'Database'))
- D. network where source.publicnetwork IN ('Suspicious IPs', 'Internet IPs') and dest.resource IN (resource where role IN ('LDAP'))
Answer: B
NEW QUESTION 27
How can you create a custom compliance standard in Prisma Public Cloud?
- A. From Compliance tab > Compliance Standards, click "Add New."
- B. Generate a new Compliance Report.
- C. From Compliance tab, clone a default framework and customize.
- D. Create compliance framework in a spreadsheet then import into Prisma Public Cloud.
Answer: A
Explanation:
Explanation
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-compliance/create-a-c
NEW QUESTION 28
Which option is true about VM-Series NGFW templates available from the Palo Alto Networks GitHub repository?
- A. Unless otherwise noted, these templates are released under an as-is. best effort support policy.
- B. The author of the template provides full support as long as the PAN-OS version specific to the template is supported.
- C. Support for the templates is available through Professional Services from Palo Alto Networks.
- D. Palo Alto Networks provides full support if a valid support license is in place.
Answer: A
NEW QUESTION 29
Which three anomaly policies are predefined in Prisma Public Cloud? (Choose three.)
- A. Account hijacking attempts
- B. Denial-of-service activity
- C. Suspicious file activity
- D. Unusual user activity
- E. Excessive login failures
Answer: A,D,E
Explanation:
Explanation
Account hijacking attempts
-Detect potential account hijacking attempts discovered by identifying unusual login activities. These can happen if there are concurrent login attempts made in short duration from two different geographic locations, which is impossible time travel
, or login from a previously unknown browser, operating system, or location.
Excessive login failures
-Detect potential account hijacking attempts discovered by identifying brute force login attempts. Excessive login failure attempts are evaluated dynamically based on the models observed with continuous learning.
Unusual user activity
-Discover insider threat and an account compromise using advanced data science. The Prisma Cloud machine learning algorithm profiles a user's activities on the console, as well as the usage of access keys based on the location and the type of cloud resources.
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/anomaly-poli
NEW QUESTION 30
Palo Alto Networks recommends which two options for outbound HA design in Amazon Web Services using VM-Series NGFW? (Choose two.)
- A. transit gateway and security VPC with VM-Series
- B. traditional active/standby HA on VM-Series
- C. iLB-as-next-hop
- D. transit VPC and security VPC with VM-Series
Answer: B,D
NEW QUESTION 31
Which three types of security checks can Prisma Public Cloud perform? (Choose three.)
- A. network where
- B. compliance where
- C. config where
- D. user where
- E. event where
Answer: A,B,E
NEW QUESTION 32
When protecting against attempts to exploit client-side and server-side vulnerabilities, what is the Palo Alto Networks best practice when using NGFW Vulnerability Protection Profiles?
- A. Use the default Vulnerability Protection Profile to protect servers from all known critical, high, and medium-severity threats
- B. Clone the predefined Strict Profile, with packet capture settings enabled
- C. Clone the predefined Strict Profile, with packet capture settings disabled
- D. Use the default Vulnerability Protection Profile to protect clients from all known critical, high, and medium-severity threats
Answer: D
NEW QUESTION 33
Which three methods can provide application-level security for a web server instance on Amazon Web Services? (Choose three.)
- A. Traps
- B. Prisma SaaS
- C. Security Groups
- D. VM-Series firewalls
- E. Amazon Web Services WAF
Answer: A,D,E
NEW QUESTION 34
Which cloud provider supports iLB-as-next-hop?
- A. Alibaba Cloud
- B. Oracle Cloud
- C. Microsoft Azure
- D. Amazon Web Services
Answer: C
NEW QUESTION 35
......
Best way to practice test for Palo Alto Networks PSE-PrismaCloud: https://www.test4sure.com/PSE-PrismaCloud-pass4sure-vce.html
PSE-PrismaCloud Dump Ready - Exam Questions and Answers: https://drive.google.com/open?id=1HHu3sS_fUxxx_ufOKkh2Z-eF32HZ2juR