A Review Of Real PSE-PrismaCloud Practice Exam

NEW QUESTION 1
What is the default capacity license of a VM-Series NGFW being deployed from the Google Cloud Platform Marketplace?

• A. VM-GCP
• B. VM-100
• C. VM-500
• D. VM-300

Answer: D

Explanation:
https://docs.paloaltonetworks.com/vm-series/8-1/vm-series-deployment/set-up-the-vm-series-firewall-on-google

NEW QUESTION 2
What are two examples of Amazon Web Services logging services? (Choose two.)

• A. CloudLog
• B. CloudEvent
• C. CloudWatch
• D. CIoudTrail

Answer: CD

NEW QUESTION 3
Based on the diagram, prioritize the order in which the Virtual Gateway evaluates the best route based on the deterministic B6P Path selection process.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 4
A customer has just launched a Palo Alto Networks VM-Series NGFW into an Amazon Web Services VPC to protect a cloud hosted application. They are experiencing unpredictable results and have identified that the interfaces on the firewall are in the incorrect order
Which PAN-OS CLI command resolves this issue?

• A. set system setting mgmt-interface-swap enable yes
• B. set mgmt-interface settings swap yes
• C. set mgmt-interface swap yes
• D. set system setting mgmt-interface swap yes

Answer: A

NEW QUESTION 5
Which RQL string using network query attributes returns all traffic destined for Internet or for Suspicious IPs that also exceeds 1GB?

• A. network where publicnetwork = ('Internet IPs', 'Suspicious IPs') AND bytes > 1000000000
• B. network where dest publicnetwork IN ('Internet IPs', 'Suspicious IPs') AND bytes > 1000000000
• C. show traffic where destination.network = ('Internet IPs', 'Suspicious IPs') AND bytes > 1000000000
• D. network where bytes > 1GB and destination = 'Internet IPs' OR 'Suspicious IPs'

Answer: B

Explanation:
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/rql-examples All network traffic that is greater than 1GB and destined to Internet or Suspicious IPs (allows you to identify data exfiltration attempt on any cloud environment).
networkwheredest.publicnetwork IN ('Internet IPs','Suspicious IPs') AND bytes > 1000000000

NEW QUESTION 6
can you create a custom compliance standard in Prisma Public Cloud?

• A. Generate a new Compliance Report.
• B. Create compliance framework in a spreadsheet then import into Prisma Public Cloud.
• C. From Compliance tab, clone a default framework and customize.
• D. From Compliance tab > Compliance Standards, click "Add New."

Answer: D

Explanation:
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-compliance/create-a

NEW QUESTION 7
Which three anomaly policies are predefined in Prisma Public Cloud? (Choose three.)

• A. Excessive login failures
• B. Unusual user activity
• C. Denial-of-service activity
• D. Account hijacking attempts
• E. Suspicious file activity

Answer: ABD

Explanation:
Account hijacking attempts
??Detect potential account hijacking attempts discovered by identifying unusual login activities. These can happen if there are concurrent login attempts made in short duration from two different geographic locations, which is impossible time travel, or login from a previously unknown browser, operating system, or location.
Excessive login failures
??Detect potential account hijacking attempts discovered by identifying brute force login attempts. Excessive login failure attempts are evaluated dynamically based on the models observed with continuous learning.
Unusual user activity
??Discover insider threat and an account compromise using advanced data science. The Prisma Cloud machine learning algorithm profiles a user's activities on the console, as well as the usage of access keys based on the location and the type of cloud resources.
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/anomaly-pol

NEW QUESTION 8
Which Prisma Public Cloud policy alerts administrators to unusual user activity?

• A. Anomaly
• B. Audit Event
• C. Network
• D. Configuration

Answer: A

Explanation:
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/anomaly-pol

NEW QUESTION 9
Which configuration needs to be done to perform user entity behavior analysis with Prisma PublicCloud?

• A. Create alert rules.
• B. Whitelist IP addresses.
• C. Configure User-ID.
• D. Define enterprise settings.

Answer: D

Explanation:
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/anomaly-pol

NEW QUESTION 10
How is license utilization displayed within the Prisma Public Cloud interface?

• A. navigate to the CLI and run show license command
• B. navigate to General > Licensing
• C. navigate to Dashboard > Asset Inventory
• D. navigate to Settings (via the gear icon) > Licensing

Answer: D

NEW QUESTION 11
What is required for an EC2 instance to access the internet directly from an AWS VPC?

• A. Internet Gateway
• B. Transit Gateway
• C. Virtual Private Gateway
• D. Customer Gateway

Answer: A

NEW QUESTION 12
When protecting against attempts to exploit client-side and server-side vulnerabilities, what is the Palo Alto Networks best practice when using NGFW VulnerabilityProtection Profiles?

• A. Use the default Vulnerability Protection Profile to protect clients from all known critical, high, and medium-severity threats
• B. Clone the predefined Strict Profile, with packet capture settings disabled
• C. Use the default Vulnerability Protection Profile to protect servers from all known critical, high, and medium-severity threats
• D. Clone the predefined Strict Profile, with packet capture settings enabled

Answer: D

NEW QUESTION 13
How does a customer that has deployed a VM-Series NGFW on Microsoft Azure using a BYOL license change to a PAYG license structure?

• A. purchase a new PAYG license from a reseller
• B. go to Palo Alto Networks Support website to change the BYOL license to a PAYG license
• C. purchase a new PAYG license for Microsoft Azure from Palo Alto Networks
• D. launch a new VM using the PAYG image

Answer: D

NEW QUESTION 14
Match the logging service with its cloud provider.

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 15
In which two ways does Palo Alto Networks VM orchestration help service providers automatically provision security instances and policies? (Choose two.)

• A. fully instrumented API
• B. Aperture Orchestration Engine
• C. VM Orchestration Policy Editor
• D. support for Dynamic Address Groups

Answer: AD

NEW QUESTION 16
How can you use Prisma Public Cloud to identify Amazon EC2 instances that have been tagged as "Private?

• A. Create an RQL config query to identify resources with the tag "Private."
• B. Create an RQL network query to identify traffic from resources tagged "Private."
• C. Open the Asset Dashboard, filter on tags: and choose "Private."
• D. Generate a CIS compliance report and review the "Asset Summary."

Answer: B

NEW QUESTION 17
Which regulatory framework in Prisma Public Cloud measures compliance with EU data privacy regulations in Amazon Web Services workloads?

• A. GDPR
• B. EU Data Protection Directive 95/46/EC
• C. ISO 27001
• D. Payment Card Industry 3.0

Answer: A

NEW QUESTION 18
The customer has an Amazon Web Services Elastic Computing Cloud that provides a service to the internet directly and needs to secure that cloud with a VM-Series NGFW.
Which component handles address translation?

• A. The server VMs have private use only (RFC 1918) IP
• B. Amazon's cloud infrastructure translates those addresses to publicly accessible IP addresse
• C. The VM-Series NGFW has publicly accessible IP addresses.
• D. The server VMs have private use only (RFC 1918) IP
• E. The VM-Series NGFW translates those addresses to publicly accessible IP addresses.
• F. The server VMs and the VM-Series NGFW have private use only (RFC 1918) IP
• G. Amazons cloud infrastructure translates those addresses to publicly accessible IP addresses
• H. The servers and VM-Series NGFW have publicly accessible IP addresses for management purposes.

Answer: C

NEW QUESTION 19
......