Palo Alto Networks Exam PSE-Strata-Pro-24 Topic 4 Question 9 Discussion

Actual exam question for Palo Alto Networks's PSE-Strata-Pro-24 exam

Question #: 9
Topic #: 4

A systems engineer (SE) is working with a customer that is fully cloud-deployed for all applications. The customer is interested in Palo Alto Networks NGFWs but describes the following challenges:

"Our apps are in AWS and Azure, with whom we have contracts and minimum-revenue guarantees. We would use the built-in firewall on the cloud service providers (CSPs), but the need for centralized policy management to reduce human error is more important."

Which recommendations should the SE make?

ACloud NGFWs at both CSPs; provide the customer a license for a Panorama virtual appliance from their CSP's marketplace of choice to centrally manage the systems.

BCloud NGFWs in AWS and VM-Series firewall in Azure; the customer selects a PAYG licensing Panorama deployment in their CSP of choice.

CVM-Series firewalls in both CSPs; manually built Panorama in the CSP of choice on a host of either type: Palo Alto Networks provides a license.

DVM-Series firewall and CN-Series firewall in both CSPs; provide the customer a private-offer Panorama virtual appliance from their CSP's marketplace of choice to centrally manage the systems.

Show Suggested Answer

Suggested Answer: B, D, E

North-south traffic refers to the flow of data in and out of a network, typically between internal resources and the internet. To secure this type of traffic, Palo Alto Networks recommends specific CDSS subscriptions in addition to DNS Security:

A . SaaS Security

SaaS Security is designed for monitoring and securing SaaS application usage but is not essential for handling typical north-south traffic.

B . Advanced WildFire

Advanced WildFire provides cloud-based malware analysis and sandboxing to detect and block zero-day threats. It is a critical component for securing north-south traffic against advanced malware.

C . Enterprise DLP

Enterprise DLP focuses on data loss prevention, primarily for protecting sensitive data. While important, it is not a minimum recommendation for securing north-south traffic.

D . Advanced Threat Prevention

Advanced Threat Prevention (ATP) replaces traditional IPS and provides inline detection and prevention of evasive threats in north-south traffic. It is a crucial recommendation for protecting against sophisticated threats.

E . Advanced URL Filtering

Advanced URL Filtering prevents access to malicious or harmful URLs. It complements DNS Security to provide comprehensive web protection for north-south traffic.

Key Takeaways:

Advanced WildFire, Advanced Threat Prevention, and Advanced URL Filtering are minimum recommendations for NGFWs handling north-south traffic, alongside DNS Security.

SaaS Security and Enterprise DLP, while valuable, are not minimum requirements for this use case.

Palo Alto Networks NGFW Best Practices

Cloud-Delivered Security Services

by Aliza at Mar 20, 2025, 05:40 PM

Limited Time Offer

25%

Off

Get Premium PSE-Strata-Pro-24 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!