Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Palo Alto Networks Exam PSE-Strata-Pro-24 Topic 4 Question 9 Discussion

Actual exam question for Palo Alto Networks's PSE-Strata-Pro-24 exam
Question #: 9
Topic #: 4
[All PSE-Strata-Pro-24 Questions]

A systems engineer (SE) is working with a customer that is fully cloud-deployed for all applications. The customer is interested in Palo Alto Networks NGFWs but describes the following challenges:

"Our apps are in AWS and Azure, with whom we have contracts and minimum-revenue guarantees. We would use the built-in firewall on the cloud service providers (CSPs), but the need for centralized policy management to reduce human error is more important."

Which recommendations should the SE make?

Show Suggested Answer Hide Answer
Suggested Answer: B, D, E

North-south traffic refers to the flow of data in and out of a network, typically between internal resources and the internet. To secure this type of traffic, Palo Alto Networks recommends specific CDSS subscriptions in addition to DNS Security:

A . SaaS Security

SaaS Security is designed for monitoring and securing SaaS application usage but is not essential for handling typical north-south traffic.

B . Advanced WildFire

Advanced WildFire provides cloud-based malware analysis and sandboxing to detect and block zero-day threats. It is a critical component for securing north-south traffic against advanced malware.

C . Enterprise DLP

Enterprise DLP focuses on data loss prevention, primarily for protecting sensitive data. While important, it is not a minimum recommendation for securing north-south traffic.

D . Advanced Threat Prevention

Advanced Threat Prevention (ATP) replaces traditional IPS and provides inline detection and prevention of evasive threats in north-south traffic. It is a crucial recommendation for protecting against sophisticated threats.

E . Advanced URL Filtering

Advanced URL Filtering prevents access to malicious or harmful URLs. It complements DNS Security to provide comprehensive web protection for north-south traffic.

Key Takeaways:

Advanced WildFire, Advanced Threat Prevention, and Advanced URL Filtering are minimum recommendations for NGFWs handling north-south traffic, alongside DNS Security.

SaaS Security and Enterprise DLP, while valuable, are not minimum requirements for this use case.


Palo Alto Networks NGFW Best Practices

Cloud-Delivered Security Services

by Aliza at Mar 20, 2025, 05:40 PM

Limited Time Offer

25%

Off

Get Premium PSE-Strata-Pro-24 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Pearly
2 months ago
I wonder if the customer has a preference for one CSP over the other. That could sway the decision towards Option A or B. Either way, they'll need to factor in those minimum-revenue guarantees.
upvoted 0 times
Lavonne
27 days ago
It's important to consider the customer's preference for a CSP and how that may impact the decision between Option A and B.
upvoted 0 times
...
Gilma
28 days ago
I agree, having a Panorama virtual appliance from their CSP's marketplace would streamline the process.
upvoted 0 times
...
Stephania
1 months ago
Option A seems like the best choice to ensure centralized policy management and reduce human error.
upvoted 0 times
...
...
Linwood
2 months ago
Option D has the CN-Series firewall, which I'm not familiar with. I'd stick with the tried-and-true VM-Series and go with Option B.
upvoted 0 times
Jame
23 days ago
But for simplicity and familiarity, sticking with the VM-Series in Option B could be the best choice for the customer.
upvoted 0 times
...
Graciela
1 months ago
I agree, the CN-Series firewall may be worth exploring for enhanced security features.
upvoted 0 times
...
Tomoko
2 months ago
Option D includes the CN-Series firewall, which offers additional capabilities beyond the VM-Series.
upvoted 0 times
...
...
Buddy
2 months ago
Haha, manual Panorama setup? Really, Option C? I think the customer is looking for a more turnkey solution, not a DIY project.
upvoted 0 times
...
Keena
2 months ago
I'm leaning towards Option B. A mix of cloud NGFWs and VM-Series firewalls, with a PAYG Panorama deployment, seems like a flexible and cost-effective approach.
upvoted 0 times
Daniel
18 days ago
It's important to consider the customer's specific needs and challenges when making recommendations.
upvoted 0 times
...
Abraham
1 months ago
I agree, having flexibility in the approach is important for the customer's cloud-deployed applications.
upvoted 0 times
...
Willow
1 months ago
A PAYG Panorama deployment could be cost-effective for centralized management.
upvoted 0 times
...
Veronique
2 months ago
Option B sounds like a good choice. It offers a mix of cloud NGFWs and VM-Series firewalls.
upvoted 0 times
...
...
Dell
3 months ago
Option A seems like the most comprehensive solution. Cloud NGFWs at both CSPs and a Panorama virtual appliance to centralize policy management - that's exactly what the customer needs.
upvoted 0 times
Alecia
2 months ago
I agree, having centralized policy management is crucial for reducing human error and ensuring security across all applications in the cloud.
upvoted 0 times
...
Aliza
2 months ago
Option A seems like the most comprehensive solution. Cloud NGFWs at both CSPs and a Panorama virtual appliance to centralize policy management - that's exactly what the customer needs.
upvoted 0 times
...
...
Ranee
3 months ago
I prefer option B because it offers a mix of Cloud NGFWs and VM-Series firewall for better coverage.
upvoted 0 times
...
Malcom
3 months ago
I agree with Leigha, centralized policy management is crucial to reduce human error.
upvoted 0 times
...
Leigha
3 months ago
I think option A is the best choice because it provides centralized policy management.
upvoted 0 times
...

Save Cancel