[Jan 25, 2022] PSE-PrismaCloud Practice Exam Dumps - 99% Marks In Palo Alto Networks Exam
Updated Verified PSE-PrismaCloud Q&As - Pass Guarantee or Full Refund
NEW QUESTION 16
When protecting against attempts to exploit client-side and server-side vulnerabilities, what is the Palo Alto Networks best practice when using NGFW Vulnerability Protection Profiles?
- A. Use the default Vulnerability Protection Profile to protect servers from all known critical, high, and medium-severity threats
- B. Clone the predefined Strict Profile, with packet capture settings disabled
- C. Use the default Vulnerability Protection Profile to protect clients from all known critical, high, and medium-severity threats
- D. Clone the predefined Strict Profile, with packet capture settings enabled
Answer: C
NEW QUESTION 17
Which option is defined by the creation and change of public cloud services managed in a repeatable and predictable fashion?
- A. infrastructure as code
- B. infrastructure as a service
- C. platform as a service
- D. software as code
Answer: B
NEW QUESTION 18
What is the scope of the Amazon Web Services 1AM Service?
- A. zonal
- B. global
- C. VPC
- D. regional
Answer: B
NEW QUESTION 19
Match the logging service with its cloud provider.
Answer:
Explanation:
Explanation
AWS, Azure, GCP, Azure, AWS, GCP
NEW QUESTION 20
Which RQL string searches for all EBS volumes that do not have a "DataClassification" tag?
- A. config where api.name = ,aws-ec2-describe-volumes' AND json.rule = tags[*]key != DataClassification
- B. config where api.name = ,aws-ec2-describe-volumes' AND json.rule = tags[*].key exists
- C. config where api.name = 'aws-ec2-describe-volumes, AND json.rule = tags[*]key contains DataClassification
- D. config where api.name = 'aws-ec2-describe-volumes' AND json.rule = tags[*].key = 1
Answer: A
NEW QUESTION 21
Which three methods can provide application-level security for a web server instance on Amazon Web Services? (Choose three.)
- A. Amazon Web Services WAF
- B. Prisma SaaS
- C. VM-Series firewalls
- D. Traps
- E. Security Groups
Answer: A,C,D
NEW QUESTION 22
Which Prisma Public Cloud policy alerts administrators to unusual user activity?
- A. Configuration
- B. Anomaly
- C. Audit Event
- D. Network
Answer: B
Explanation:
Explanation
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/anomaly-poli
NEW QUESTION 23
In which two ways does Palo Alto Networks VM orchestration help service providers automatically provision security instances and policies? (Choose two.)
- A. VM Orchestration Policy Editor
- B. fully instrumented API
- C. Aperture Orchestration Engine
- D. support for Dynamic Address Groups
Answer: C,D
NEW QUESTION 24
What is Prisma Public Cloud licensing based on?
- A. number of alerts generated
- B. volume of flow logs consumed
- C. number of accounts onboarded
- D. number of monitored workloads
Answer: D
NEW QUESTION 25
Which three anomaly policies are predefined in Prisma Public Cloud? (Choose three.)
- A. Excessive login failures
- B. Account hijacking attempts
- C. Unusual user activity
- D. Denial-of-service activity
- E. Suspicious file activity
Answer: A,B,C
Explanation:
Explanation
Account hijacking attempts
-Detect potential account hijacking attempts discovered by identifying unusual login activities. These can happen if there are concurrent login attempts made in short duration from two different geographic locations, which is impossible time travel
, or login from a previously unknown browser, operating system, or location.
Excessive login failures
-Detect potential account hijacking attempts discovered by identifying brute force login attempts. Excessive login failure attempts are evaluated dynamically based on the models observed with continuous learning.
Unusual user activity
-Discover insider threat and an account compromise using advanced data science. The Prisma Cloud machine learning algorithm profiles a user's activities on the console, as well as the usage of access keys based on the location and the type of cloud resources.
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/anomaly-poli
NEW QUESTION 26
How can you use Prisma Public Cloud to identify Amazon EC2 instances that have been tagged as "Private?
- A. Create an RQL network query to identify traffic from resources tagged "Private."
- B. Generate a CIS compliance report and review the "Asset Summary."
- C. Open the Asset Dashboard, filter on tags: and choose "Private."
- D. Create an RQL config query to identify resources with the tag "Private."
Answer: A
NEW QUESTION 27
Palo Alto Networks recommends which two options for outbound HA design in Amazon Web Services using VM-Series NGFW? (Choose two.)
- A. transit gateway and security VPC with VM-Series
- B. transit VPC and security VPC with VM-Series
- C. traditional active/standby HA on VM-Series
- D. iLB-as-next-hop
Answer: B,C
NEW QUESTION 28
What are two ways to initially deploy a VM-Series NGFW in Microsoft Azure? (Choose two.)
- A. through Iron Skillets in the GitHub Repository
- B. through ARM Templates in the GitHub Repository
- C. through Expedition in the Customer Success Portal
- D. through Solution Templates in the Azure Marketplace
Answer: B,D
NEW QUESTION 29
Which three types of security checks can Prisma Public Cloud perform? (Choose three.)
- A. compliance where
- B. event where
- C. user where
- D. config where
- E. network where
Answer: A,B,E
NEW QUESTION 30
Which cloud provider supports iLB-as-next-hop?
- A. Amazon Web Services
- B. Alibaba Cloud
- C. Oracle Cloud
- D. Microsoft Azure
Answer: D
NEW QUESTION 31
Based on the diagram, how many routes will the virtual gateway advertise to the on-premises NGFW over the Amazon Web Services Direct Connect link?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: D
NEW QUESTION 32
What are three examples of outbound traffic flow? (Choose three.)
- A. issue yum update command on an instance inside Amazon Web Services
- B. web server inside Amazon Web Services receiving web requests from internet
- C. issue apt-get install command on an instance inside Amazon Web Services
- D. Microsoft Windows inside Azure requesting a security patch
- E. outgoing Prisma Public Cloud API calls
Answer: A,C,E
NEW QUESTION 33
Based on the diagram, prioritize the order in which the Virtual Gateway evaluates the best route based on the deterministic B6P Path selection process.

Answer:
Explanation:
Explanation
longest, shortest, path, lowest multi, lowest peer
NEW QUESTION 34
Which two items are required when a VM-100 BYOL instance is upgraded to a VM-300 BYOL instance?
(Choose two.)
- A. UUID
- B. API Key
- C. new Auth Code
- D. CPU ID
Answer: B,C
Explanation:
Explanation
In a public cloud deployment, if your firewall is licensed with the BYOL option, you must Deactivate VM before you change the instance type or VM type and apply the license again on the firewall after you complete the model or instance upgrade. When you change the instance type, because the firewall has a new UUID and CPU ID, the existing license will no longer be valid.
https://docs.paloaltonetworks.com/vm-series/9-0/vm-series-deployment/about-the-vm-series-firewall/upgrade-th
NEW QUESTION 35
How does a customer that has deployed a VM-Series NGFW on Microsoft Azure using a BYOL license change to a PAYG license structure?
- A. go to Palo Alto Networks Support website to change the BYOL license to a PAYG license
- B. purchase a new PAYG license for Microsoft Azure from Palo Alto Networks
- C. launch a new VM using the PAYG image
- D. purchase a new PAYG license from a reseller
Answer: A
NEW QUESTION 36
An administrator has deployed an AWS transit gateway and used multiple VPC spokes to segregate a multi-tier application. The administrator also created a security VPC with multiple VM-Series NGFWs in an active/active deployment model via ECMP using Amazon Web Services VPN-based attachments.
What must be configured on the firewall to avoid asymmetric routing?
- A. port address translation
- B. source and destination address translation
- C. destination address translation
- D. source address translation
Answer: D
NEW QUESTION 37
A client has a sensitive internet-facing application server in Microsoft Azure and is concerned about resource exhaustion because of distributed denial-of-service attacks What can be configured on the VM-Series firewall to specifically protect this server against this type of attack?
- A. Zone Protection Profile
- B. Custom threat signature
- C. QoS Profile to limit incoming requests
- D. DoS Protection Profile with specific session counts
Answer: D
NEW QUESTION 38
Which change represents a VM-Series NGFW license transfer?
- A. VM-100 BYOL on Microsoft Azure to VM-300 BYOL on Microsoft Azure
- B. VM-100 BYOL on Microsoft Azure to VM-100 BYOL on Amazon Web Services
- C. VM-100 BYOL on Microsoft Azure to VM-300 PAYG on Amazon Web Services
- D. VM-300 BYOL on Microsoft Azure to VM-300 PAY6 on Amazon Web Services
Answer: A
NEW QUESTION 39
Which Google Cloud Platform project shares its VPC networks with other projects?
- A. Subscribing project
- B. Service project
- C. Host project
- D. Admin project
Answer: C
Explanation:
Explanation
Create a shared VPC using the Trust VPC created when you deployed the firewall template.
Set up a shared VPC for the host (firewall) project:
gcloud compute shared-vpc enable HOST_PROJECT_ID
https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/set-up-the-vm-series-firewall-on-google
NEW QUESTION 40
......
Palo Alto Networks PSE-PrismaCloud Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
PSE-PrismaCloud Real Valid Brain Dumps With 62 Questions: https://www.dumpstillvalid.com/PSE-PrismaCloud-prep4sure-review.html
PSE-PrismaCloud Certification with Actual Questions: https://drive.google.com/open?id=1QfK16UXduH3JV8bGaWUyJIzj7TJXH5vc
