2019年3月10日 星期日
# Test - Palo Alto Networks Accredited Systems Engineer (PSE): Foundation Accreditation Exam
PSE: Foundation
## ----- Take3 -----
Question 1 of 20. (14)
Which two PAN-OS® tabs would an administrator use to identify compromised users after a spike in dangerous traffic is observed? (Choose two.)
Monitor
Objects
Network
ACC
Policies
Device
Mark for follow up
Question 2 of 20. (35)
Which two technologies does App-ID use to identify an application? (Choose two.)
a source IP address to determine where the data is coming from
decryption keys for determining what the application really is
a database of application signatures that is updated weekly
hashes to identify patterns of communication
protocol decoders that understand the syntax and commands of common applications
Mark for follow up
Question 3 of 20. (5)
Which product combines data from multiple sources, including third-party providers, correlates it to the Palo Alto Networks threat intelligence database, and uses it to prevent attacks?
Evident
Magnifier
Aperture
GlobalProtect
AutoFocus
WildFire®
Mark for follow up
Question 4 of 20. (T)
True or false: One advantage of Single-Pass Parallel Processing is that traffic can be scanned with minimum latency as it crosses the firewall.
True
False
Mark for follow up
Question 5 of 20. (F)
True or false: AutoFocus is an on-premise-based threat intelligence service that gives security operations teams direct access to all the threat intelligence gathered from the Palo Alto Networks Unit 42 Threat Research team to correlate attack data and analysis.
True
False
Mark for follow up
Question 8 of 20. (123)
What are the three main benefits of WildFire®? (Choose three.)
It uses a sandboxing environment that can detect malware by analyzing the behavior of unknown files.
It gathers information from possible threats detected by next-generation firewalls, endpoints, and Aperture.
Signatures for identified malware quickly are distributed globally to all Palo Alto Networks customers' firewalls.
By collecting and distributing malware signatures from every major antivirus vendor, it can provide comprehensive protection.
Because a Palo Alto Networks proprietary cloud-based architecture is used, quarantine holds on suspicious files typically are reduced to fewer than 30 seconds.
Mark for follow up
Question 9 of 20. (F)
True or false: Content-ID technology combines results from WildFire® analysis with administrator-defined policies to inspect and control content traversing the firewall, using dataloss prevention techniques in a single, unified engine.
True
False
Mark for follow up
Question 10 of 20. (2)
Which type of security does Aperture provide?
serves as a policy enhancement on the Palo Alto Networks firewall that provides visibility into applications and control of those applications
allows you to connect directly to SaaS applications to provide data classification and threat detection to secure and manage sanctioned applications
simplifies workflows to create and enforce new application controls, and analyzes critical threat events for those applications
shows which users are running which applications, and provides a method for controlling application access by user
provides visibility into recently occurring threats, and shows how to block those threats
Mark for follow up
Question 11 of 20. (3)
How does the Log Collector differ from the Logging Service?
The Log Collector has built-in log redundancy, whereas the Logging Service has no cloud compliance requirements.
The Log Collector provides a centralized repository for your on-premise and virtual firewalls, whereas the Logging Service provides only data isolation to avoid cross-contamination of logs.
The Log Collector is hardware-based, whereas the Logging Service is scalable on demand.
The Log Collector ensures redundancy by having multiple copies of your log database, whereas the Logging Service is regionalized based on your location.
Mark for follow up
Question 12 of 20. (135)
What are the three essential components of a Magnifier deployment? (Choose three.)
Panorama
MineMeld
Pathfinder
AutoFocus Logs
Logging Service
Aperture logs
Log Collector
Mark for follow up
Question 13 of 20. (3)
Which statement is true about how WildFire® scans files for viruses, malware, and spyware?
For WildFire to be most effective, you need to deploy a WF-500 appliance to get the full benefits of WildFire threat intelligence scanning.
The firewall must have policy rules in place before it can forward the questionable file to WildFire, where the file is analyzed for zero-day malware.
The firewall must have a WildFire Analysis Profile rule attached to a Security policy rule that will scan files for viruses, malware, and spyware.
A WildFire Analysis Profile needs to be set to define which files to forward to the WildFire cloud to trigger inspection for zero-day malware.
Mark for follow up
Question 14 of 20. (F)
True or false: Antivirus inspection is proxy-based.
True
False
Mark for follow up
Question 15 of 20. (126)
Which three technologies are part of Palo Alto Networks next-generation firewall? (Choose three.)
App-ID
User-ID
Decryption-ID
Content-ID
Malware-ID
Unified Threat Management
Mark for follow up
Question 16 of 20. (126)
Which three platform components does WildFire® automatically update after finding malicious activity in previously unknown files, URLs, and APKs? (Choose three.)
URL filtering
Command-and-control signatures
Management
Decrypt
Host Information Profiles
Malware signatures
Mark for follow up
Question 17 of 20. (23)
What are two features of the Traps Management Service? (Choose two.)
be deployed with your own hardware and infrastructure
be deployed as a cloud-managed service solution
requires no server licenses or databases
Integrate with GlobalProtect into a single agent that manages both endpoint protection and mobile user connectivity
Mark for follow up
Question 18 of 20. (1)
What is the function of the Decryption Broker on the next-generation firewall?
eliminate the need for a third-party SSL decryption solution and reduce the number of third-party devices performing traffic analysis and enforcement
consolidate all the information from scans for unknown malware, system status, and system health alerts of the firewall into one central broker interface
decode applications and URL traffic coming through the firewall and assign priority to specific traffic patterns according to geographical location
provide content inspection of all known and unknown traffic sessions at the granular level
function as centralized communication between firewalls for decoding traffic content
Mark for follow up
Question 19 of 20. (13468)
Palo Alto Networks platform products are commonly deployed in which five critical places in the network to solve many of today's enterprise security problems? (Choose five.)
cloud
vehicle-mounted hotspot
branch office
internet perimeter
video game console
data center perimeter
Wi-Fi access point
mobile/endpoint device
Mark for follow up
Question 20 of 20. (1)
How can you extend WildFire® analysis resources to a WildFire hybrid cloud?
Configure the firewall to continue to forward sensitive files to your WildFire private cloud for Local Analysis and to forward less sensitive or unsupported file types to the WildFire public cloud.
Configure another firewall in between the hybrid cloud and the main firewall that forwards files to the WildFire cloud, making sure that the firewall in the middle is using port 443 for file submissions.
Combine the WildFire public cloud with the Traps Management Service, the cloud protection solution to monitor all endpoints.
Configure a WildFire private cloud to forward files directly to the WildFire hybrid cloud for analysis of less sensitive or unsupported file types.
Mark for follow up
## ----- Take2 -----
Question 13 of 20. (4)
Which product combines data from multiple sources, including third-party providers, correlates it to the Palo Alto Networks threat intelligence database, and uses it to prevent attacks?
Magnifier
Aperture
GlobalProtect
AutoFocus
WildFire®
Evident
Mark for follow up
Question 18 of 20. (457)
What are three subscriptions for the next-generation firewall? (Choose three.)
App-ID
SSL Decryption
Content-ID
URL Filtering
WildFire®
User-ID
Threat Prevention
Mark for follow up
Question 19 of 20. (12)
Which two technologies does App-ID use to identify an application? (Choose two.)
protocol decoders that understand the syntax and commands of common applications
a database of application signatures that is updated weekly
a source IP address to determine where the data is coming from
decryption keys for determining what the application really is
hashes to identify patterns of communication
Mark for follow up
Question 10 of 20. (126)
Which three technologies are part of Palo Alto Networks next-generation firewall? (Choose three.)
Content-ID
App-ID
Decryption-ID
Unified Threat Management
Malware-ID
User-ID
Mark for follow up
Question 15 of 20. (6)
Which option is not a factor impacting sizing decisions?
number of policy rules
redundancy
sessions
decryption
performance
number of applications
Mark for follow up
Question 3 of 20. (1)
What is the main role of GlobalProtect?
extend protections and policies to endpoints
sandbox files on the Threat Intelligence Cloud
categorize URLs
look for malware on the endpoint
Mark for follow up
Question 7 of 20. (T)
True or false: One advantage of Single-Pass Parallel Processing is that traffic can be scanned with minimum latency as it crosses the firewall.
True
False
Mark for follow up
Question 20 of 20. (F)
True or false: Antivirus inspection is proxy-based.
True
False
Mark for follow up
Question 17 of 20. (2)
What is the function of the Decryption Broker on the next-generation firewall?
provide content inspection of all known and unknown traffic sessions at the granular level
eliminate the need for a third-party SSL decryption solution and reduce the number of third-party devices performing traffic analysis and enforcement
consolidate all the information from scans for unknown malware, system status, and system health alerts of the firewall into one central broker interface
decode applications and URL traffic coming through the firewall and assign priority to specific traffic patterns according to geographical location
function as centralized communication between firewalls for decoding traffic content
Mark for follow up
Question 4 of 20. (3)
How can you extend WildFire® analysis resources to a WildFire hybrid cloud?
Configure another firewall in between the hybrid cloud and the main firewall that forwards files to the WildFire cloud, making sure that the firewall in the middle is using port 443 for file submissions.
Configure a WildFire private cloud to forward files directly to the WildFire hybrid cloud for analysis of less sensitive or unsupported file types.
Configure the firewall to continue to forward sensitive files to your WildFire private cloud for Local Analysis and to forward less sensitive or unsupported file types to the WildFire public cloud.
Combine the WildFire public cloud with the Traps Management Service, the cloud protection solution to monitor all endpoints.
Mark for follow up
Question 9 of 20. (T)
How does the Log Collector differ from the Logging Service?
The Log Collector is hardware-based, whereas the Logging Service is scalable on demand.
The Log Collector has built-in log redundancy, whereas the Logging Service has no cloud compliance requirements.
The Log Collector ensures redundancy by having multiple copies of your log database, whereas the Logging Service is regionalized based on your location.
The Log Collector provides a centralized repository for your on-premise and virtual firewalls, whereas the Logging Service provides only data isolation to avoid cross-contamination of logs.
Mark for follow up
Question 11 of 20. (F)
True or false: Content-ID technology combines results from WildFire® analysis with administrator-defined policies to inspect and control content traversing the firewall, using dataloss prevention techniques in a single, unified engine.
True
False
Mark for follow up
Question 6 of 20. (1)
Which statement is true about how WildFire® scans files for viruses, malware, and spyware?
The firewall must have a WildFire Analysis Profile rule attached to a Security policy rule that will scan files for viruses, malware, and spyware.
For WildFire to be most effective, you need to deploy a WF-500 appliance to get the full benefits of WildFire threat intelligence scanning.
A WildFire Analysis Profile needs to be set to define which files to forward to the WildFire cloud to trigger inspection for zero-day malware.
The firewall must have policy rules in place before it can forward the questionable file to WildFire, where the file is analyzed for zero-day malware.
Mark for follow up
Question 1 of 20. (124)
Which three platform components does WildFire® automatically update after finding malicious activity in previously unknown files, URLs, and APKs? (Choose three.)
Command-and-control signatures
Malware signatures
Management
URL filtering
Host Information Profiles
Decrypt
Mark for follow up
## ----- Take1 -----
Question 16 of 20. (1)
How does the Log Collector differ from the Logging Service?
The Log Collector is hardware-based, whereas the Logging Service is scalable on demand.
The Log Collector provides a centralized repository for your on-premise and virtual firewalls, whereas the Logging Service provides only data isolation to avoid cross-contamination of logs.
The Log Collector has built-in log redundancy, whereas the Logging Service has no cloud compliance requirements.
The Log Collector ensures redundancy by having multiple copies of your log database, whereas the Logging Service is regionalized based on your location.
Mark for follow up
Question 8 of 20. (4)
Which product combines data from multiple sources, including third-party providers, correlates it to the Palo Alto Networks threat intelligence database, and uses it to prevent attacks?
GlobalProtect
Magnifier
Evident
AutoFocus
WildFire®
Aperture
Mark for follow up
Question 15 of 20. (357)
What are three subscriptions for the next-generation firewall? (Choose three.)
User-ID
App-ID
WildFire®
Content-ID
URL Filtering
SSL Decryption
Threat Prevention
Mark for follow up
Question 1 of 20. (TRUE)
True or false: PAN-¬DB is a service that aligns URLs with category types defined by Palo Alto Networks in which websites are classified through various means, including data provided by the Threat Intelligence Cloud.
True
False
Mark for follow up
Question 20 of 20. (3)
Which option is not a factor impacting sizing decisions?
number of policy rules
sessions
number of applications
performance
redundancy
decryption
Mark for follow up
Question 6 of 20. (T)
True or false: One advantage of Single-Pass Parallel Processing is that traffic can be scanned with minimum latency as it crosses the firewall.
True
False
Mark for follow up
Question 18 of 20. (23)
Which two PAN-OS® tabs would an administrator use to identify compromised users after a spike in dangerous traffic is observed? (Choose two.)
Objects
ACC
Monitor
Device
Network
Policies
Mark for follow up
Question 2 of 20. (5)
What is the function of the Decryption Broker on the next-generation firewall?
decode applications and URL traffic coming through the firewall and assign priority to specific traffic patterns according to geographical location
consolidate all the information from scans for unknown malware, system status, and system health alerts of the firewall into one central broker interface
function as centralized communication between firewalls for decoding traffic content
provide content inspection of all known and unknown traffic sessions at the granular level
eliminate the need for a third-party SSL decryption solution and reduce the number of third-party devices performing traffic analysis and enforcement
Mark for follow up
------
###### tags: `PaloAlto`
訂閱:
張貼留言 (Atom)
Popular
-
Question 1 of 10 Which type of cyberattack sends extremely high volumes of network traffic such as packets, data, or transactions that rend...
-
При планировании проекта разработки программного обеспечения я часто сталкиваюсь с помощником, который задает мне вопрос: в чем разница межд... -
Top 20 Threats Top 100 Threats --------------------------- NTP Amplification REQ_MON_GETLIST Request Found NTP Amplification Denia...
沒有留言:
張貼留言