Weekend Biggest Discount Flat 70% Offer - Ends in 0d 00h 00m 00s - Coupon code: 70diswrap

DumpsWrap Logo

Paloalto Networks PSE-PrismaCloud Dumps

Page: 1 / 12
Total 115 questions
Get PSE-PrismaCloud Full Access Download PSE-PrismaCloud PDF

PSE Palo Alto Networks System Engineer Professional - Prisma Cloud Questions and Answers

Question 1

What are two examples of Amazon Web Services logging services? (Choose two.)

Options:

A.

CloudLog

B.

CloudEvent

C.

CloudWatch

D.

CIoudTrail

Question 2

When an on-premises NGFW (customer gateway) is used to connect to the Virtual Gateway, which two IKE profiles cannot be used? (Choose two.)

Options:

A.

Group2 / SHA-1 / AES-128-CBC / IKE-V1

B.

Group2 / SHA-1 / AES-128-GCM / IKE-V1

C.

Group14 / SHA-256 / AES-256-GCM / IKE-V1

D.

Group2 / SHA-1 / AES-128-CBC

E.

Group14 / SHA-256 / AES-256-CBC / IKE-V1

Question 3

An administrator deploys a VM-Series firewall into Amazon Web Services. Which attribute must be disabled on the data-plane elastic network interface for the instance to handle traffic that is not destined to its own IP address?

Options:

A.

security group

B.

tags

C.

elastic ip address

D.

source/destination checking

Question 4

What is required for an EC2 instance to access the internet directly from an AWS VPC?

Options:

A.

Internet Gateway

B.

Transit Gateway

C.

Virtual Private Gateway

D.

Customer Gateway

Question 5

Which RQL string monitors all traffic from the Internet and Suspicious IPs destined for your Amazon Web Services databases''

Options:

A.

network where source.publicnetwork IN ('Suspicious IPs') and dest.resource IN (resource where role IN ('AWS RDS', 'Database'))

B.

network where source.publicnetwork IN ('Suspicious IPs', 'Internet IPs') and dest.resource IN (resource where role IN ('LDAP'))

C.

network where dest.resource IN (resource where role = 'Database'}

D.

network where source.publicnetwork IN ('Suspicious IPs', 'Internet IPs') and dest resource IN (resource where role IN ('AWS RDS'. 'Database'))

Question 6

Which type of alert captures unusual user activity and excessive login failures?

Options:

A.

Anomaly

B.

Audit Event

C.

Configuration

D.

Network

Question 7

How does a customer that has deployed a VM-Series NGFW on Microsoft Azure using a BYOL license change to a PAYG license structure?

Options:

A.

purchase a new PAYG license from a reseller

B.

go to Palo Alto Networks Support website to change the BYOL license to a PAYG license

C.

purchase a new PAYG license for Microsoft Azure from Palo Alto Networks

D.

launch a new VM using the PAYG image

Question 8

The VM-Series integration with Amazon GuardDuty feeds malicious IP addresses to the VM-Series NGFW using XML API to populate a Dynamic Address Group within a Security policy that blocks traffic.

How does Amazon Web Services achieve this integration?

Options:

A.

SNS

B.

SQS

C.

CodeDeploy

D.

Lambda

Question 9

What is the Palo Alto Networks default Prisma Cloud setting for Alert Disposition to reduce the number of false positives?

Options:

A.

Conservative

B.

Moderate

C.

High

D.

Aggressive

Question 10

The following error is received when performing a manual twistcli scan on an image:

as

What is missing from the command?

Options:

A.

registry path for image name

B.

password

C.

console address

D.

username

Question 11

Which two cloud-native providers are supported by Prisma Cloud? (Choose two.)

Options:

A.

DigitalOcean

B.

Azure

C.

IBM Cloud

D.

Oracle Cloud

Question 12

Which statement applies to vulnerability management policies?

Options:

A.

Host and serverless rules support blocking, whereas container rules do not.

B.

Rules explain the necessary actions when vulnerabilities are found in the resources of a customer environment.

C.

Policies for containers, hosts, and serverless functions are not separate.

D.

Rules are evaluated in an undefined order.

Question 13

Which cloud provider supports iLB-as-next-hop?

Options:

A.

Microsoft Azure

B.

Alibaba Cloud

C.

Oracle Cloud

D.

Amazon Web Services

Question 14

Which two resources provide operational insight within the Prisma Cloud Asset Inventory? (Choose two.)

Options:

A.

Cortex Data Lake

B.

Cloud Storage buckets

C.

Prisma Access Gateways

D.

Compute Engine instance

Question 15

A Prisma Cloud Administrator has been asked to create a custom policy which notifies the InfoSec team each time a configuration mange is made to a Security group.

Which type of Resource Query Language (RQL) query would be used in this policy?

Options:

A.

audit from

B.

network from

C.

event from

D.

config from

Question 16

What happens in Prisma Cloud after Training Model Threshold or Alert Disposition is changed?

Options:

A.

Changes will take effect after a new learning phase of 30 days.

B.

System will perform a reboot, deleting all past alerts.

C.

Existing alerts and new alerts are regenerated based on the new setting.

D.

New alerts are generated based on the new setting.

Question 17

Which option is defined by the creation and change of public cloud services managed in a repeatable and predictable fashion?

Options:

A.

platform as a service

B.

infrastructure as a service

C.

software as code

D.

infrastructure as code

Question 18

Which RQL string returns a list of all Azure virtual machines that are not currently running?

Options:

A.

config where api.name = 'azure-vm-list' AND json.rule = powerState = "off'

B.

config where api.name = 'azure-vm-list' AND json.rule = powerState does not contain "running"

C.

config where api.name = 'azure-vm-list' AND json.rule = powerState = "running"

D.

config where api.name = 'azure-vm-list' AND json.rule = powerState contains "running"

Question 19

Which two template formats are supported by the Prisma Cloud infrastructure as code (laC) scan service? (Choose two.)

Options:

A.

ARM

B.

XML

C.

YAML

D.

JSON

Question 20

How can you use Prisma Public Cloud to identify Amazon EC2 instances that have been tagged as "Private?

Options:

A.

Create an RQL config query to identify resources with the tag "Private."

B.

Create an RQL network query to identify traffic from resources tagged "Private."

C.

Open the Asset Dashboard, filter on tags: and choose "Private."

D.

Generate a CIS compliance report and review the "Asset Summary."

Question 21

Which change represents a VM-Series NGFW license transfer?

Options:

A.

VM-100 BYOL on Microsoft Azure to VM-100 BYOL on Amazon Web Services

B.

VM-300 BYOL on Microsoft Azure to VM-300 PAY6 on Amazon Web Services

C.

VM-100 BYOL on Microsoft Azure to VM-300 BYOL on Microsoft Azure

D.

VM-100 BYOL on Microsoft Azure to VM-300 PAYG on Amazon Web Services

Question 22

Which RQL query should be used to quickly identify any events related to an organization's Google Cloud Platform Big Query database the last 24 hours?

Options:

A.

event from cloud.audit_logs where cloud.type = 'gcp' AND cloud.service = 'Google Bigtable Instance'

B.

event from cloud.audit_logs where cloud.type = 'gcp' AND cloud.service = 'cloudsql.googleapis.com'

C.

event from cloud.audit_logs where cloud.type = 'gcp' AND cloud.service = 'bigquery.googleapis.com'

D.

event from cloud.audit_logs where cloud.type = 'gcp' AND cloud.service = 'dataproc.googleapis.com'

Question 23

A customer CSO has asked you to demonstrate how to identify all "Amazon RDS" resources deployed and the region that they are deployed in. What are two ways that Prisma Public Cloud can show the relevant information?(Choose two.)

Options:

A.

Generate a compliance report from the Compliance dashboard

B.

Write an RQL query from the "Investigate" tab.

C.

Configure an Inventory report from the "Alerts" tab

D.

Open the Asset dashboard, filter on Amazon Web Services, and click "Amazon RDS" resources.

Question 24

What are three examples of outbound traffic flow? (Choose three.)

Options:

A.

issue yum update command on an instance inside Amazon Web Services

B.

Microsoft Windows inside Azure requesting a security patch

C.

web server inside Amazon Web Services receiving web requests from internet

D.

issue apt-get install command on an instance inside Amazon Web Services

E.

outgoing Prisma Public Cloud API calls

Question 25

Which Resource Query Language (RQL) query returns a list of all Azure SQL Databases that have transparent data encryption turned in?

Options:

A.

config from cloud.resource where api.name = 'gcloud-compute-instances-list' and json.rule = is TERMINATED

B.

config from cloud.resource where api.name = 'gcloud-compute-instances-list' = TERMINATED

C.

config from cloud.resource where api.name = 'gcloud-compute-instances-list* and json.rule == status TERMINATED

D.

config from cloud.resource where api.name = 'gcloud-compute-instances-list' and json.rule = status contains TERMINATED

Question 26

Which regulatory framework in Prisma Public Cloud measures compliance with EU data privacy regulations in Amazon Web Services workloads?

Options:

A.

GDPR

B.

EU Data Protection Directive 95/46/EC

C.

ISO 27001

D.

Payment Card Industry 3.0

Question 27

In which two ways does Palo Alto Networks VM orchestration help service providers automatically provision security instances and policies? (Choose two.)

Options:

A.

fully instrumented API

B.

Aperture Orchestration Engine

C.

VM Orchestration Policy Editor

D.

support for Dynamic Address Groups

Question 28

What are the asset severity levels within Prisma Cloud asset inventory?

Options:

A.

Low, Medium, and High

B.

Low, Medium, High, and Critical

C.

Informational, Low, Medium, and High

D.

Low, Medium, High, Severe, and Critical

Question 29

Which two items are required when a VM-100 BYOL instance is upgraded to a VM-300 BYOL instance? (Choose two.)

Options:

A.

UUID

B.

new Auth Code

C.

CPU ID

D.

API Key

Question 30

Which option is true about VM-Series NGFW templates available from the Palo Alto Networks GitHub repository?

Options:

A.

Palo Alto Networks provides full support if a valid support license is in place.

B.

Support for the templates is available through Professional Services from Palo Alto Networks.

C.

Unless otherwise noted, these templates are released under an as-is. best effort support policy.

D.

The author of the template provides full support as long as the PAN-OS version specific to the template is supported.

Question 31

Which framework in Prisma Public Cloud can be used to provide general best practices when no specific legal requirements or regulatory standards need to be met?

Options:

A.

HIPAA

B.

CIS Benchmark

C.

Payment Card Industry DSS V3

D.

GDPR

Question 32

In which two ways can Prisma Cloud Compute (PCC) edition be installed? (Choose two.)

Options:

A.

self-managed in a customer's own container platform

B.

self-contained hardware appliance

C.

as a stand-alone Windows application

D.

Cloud-hosted as part of a Prisma Cloud Enterprise tenant from Palo Alto Networks

Question 33

Which two valid effects are used to deal with images within a rule for trusted images? (Choose two.)

Options:

A.

Deny

B.

Alert

C.

Block

D.

Ignore

Question 34

What are two ways to enable interface swap when deploying a VM-Series NGFW in Google Cloud Platform? (Choose two.)

Options:

A.

run the PAN-OS CLI command: set system mgmt-interface-swap enable yes

B.

run the PAN-OS CLI command: set system mgmt-interface-swap setting enable yes

C.

create a bootstrap file that includes the mgmt-interface-swap command

D.

in the Google Cloud Console Metadata Field, enter a key-value pair where mgmt-interface-swap is the key and enable is the value

Load More PSE-PrismaCloud Questions
Page: 1 / 12
Total 115 questions
Get PSE-PrismaCloud Full Access Download PSE-PrismaCloud PDF