New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Palo Alto Networks PSE-Strata-Pro-24 Exam - Topic 4 Question 9 Discussion

Actual exam question for Palo Alto Networks's PSE-Strata-Pro-24 exam
Question #: 9
Topic #: 4
[All PSE-Strata-Pro-24 Questions]

A systems engineer (SE) is working with a customer that is fully cloud-deployed for all applications. The customer is interested in Palo Alto Networks NGFWs but describes the following challenges:

"Our apps are in AWS and Azure, with whom we have contracts and minimum-revenue guarantees. We would use the built-in firewall on the cloud service providers (CSPs), but the need for centralized policy management to reduce human error is more important."

Which recommendations should the SE make?

Show Suggested Answer Hide Answer
Suggested Answer: B, D, E

North-south traffic refers to the flow of data in and out of a network, typically between internal resources and the internet. To secure this type of traffic, Palo Alto Networks recommends specific CDSS subscriptions in addition to DNS Security:

A . SaaS Security

SaaS Security is designed for monitoring and securing SaaS application usage but is not essential for handling typical north-south traffic.

B . Advanced WildFire

Advanced WildFire provides cloud-based malware analysis and sandboxing to detect and block zero-day threats. It is a critical component for securing north-south traffic against advanced malware.

C . Enterprise DLP

Enterprise DLP focuses on data loss prevention, primarily for protecting sensitive data. While important, it is not a minimum recommendation for securing north-south traffic.

D . Advanced Threat Prevention

Advanced Threat Prevention (ATP) replaces traditional IPS and provides inline detection and prevention of evasive threats in north-south traffic. It is a crucial recommendation for protecting against sophisticated threats.

E . Advanced URL Filtering

Advanced URL Filtering prevents access to malicious or harmful URLs. It complements DNS Security to provide comprehensive web protection for north-south traffic.

Key Takeaways:

Advanced WildFire, Advanced Threat Prevention, and Advanced URL Filtering are minimum recommendations for NGFWs handling north-south traffic, alongside DNS Security.

SaaS Security and Enterprise DLP, while valuable, are not minimum requirements for this use case.


Palo Alto Networks NGFW Best Practices

Cloud-Delivered Security Services

by Aliza at Mar 20, 2025, 05:40 PM

Limited Time Offer

25%

Off

Get Premium PSE-Strata-Pro-24 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Gene
2 months ago
Wait, can you really manage both CSPs like that? Sounds complicated!
upvoted 0 times
...
Phillip
2 months ago
D sounds interesting, but do we really need both firewalls?
upvoted 0 times
...
German
3 months ago
I think B could work too, but not sure about the PAYG model.
upvoted 0 times
...
Verda
3 months ago
C seems too manual for a cloud setup, right?
upvoted 0 times
...
Elly
3 months ago
A is the best option for centralized management!
upvoted 0 times
...
Joanne
3 months ago
I recall that using built-in firewalls can lead to human error, so I think any option that emphasizes centralized management is key. But I'm not sure if option C is the best choice since it mentions a manual build for Panorama.
upvoted 0 times
...
Erick
4 months ago
I practiced a similar question where we had to choose between different firewall options. I think option B makes sense because it allows for flexibility with the PAYG licensing.
upvoted 0 times
...
Gerald
4 months ago
I'm a bit unsure about the differences between the VM-Series and CN-Series firewalls. I feel like option D might be overkill for just managing apps in AWS and Azure.
upvoted 0 times
...
Veda
4 months ago
I remember we discussed the importance of centralized policy management in our last study session. I think option A could be a good fit since it mentions Panorama for centralized management.
upvoted 0 times
...
Chau
4 months ago
I'm leaning towards option B. Using cloud NGFWs in AWS and a VM-Series firewall in Azure, along with a PAYG Panorama deployment, seems like a good balance of flexibility and centralized control.
upvoted 0 times
...
Shalon
4 months ago
Okay, I think I've got it. The customer wants centralized policy management, so the best option is A - cloud NGFWs at both CSPs with a Panorama virtual appliance. That way they can manage everything from a single pane of glass.
upvoted 0 times
...
Richelle
5 months ago
Hmm, I'm a bit confused by the options. It's not clear to me how the different firewall and Panorama deployment options would work in this scenario. I'll need to think through the pros and cons of each approach.
upvoted 0 times
...
Elliott
5 months ago
This seems like a tricky question, but I think the key is to find a solution that meets the customer's need for centralized policy management while working within their existing cloud deployments.
upvoted 0 times
...
Pearly
10 months ago
I wonder if the customer has a preference for one CSP over the other. That could sway the decision towards Option A or B. Either way, they'll need to factor in those minimum-revenue guarantees.
upvoted 0 times
Lavonne
9 months ago
It's important to consider the customer's preference for a CSP and how that may impact the decision between Option A and B.
upvoted 0 times
...
Gilma
9 months ago
I agree, having a Panorama virtual appliance from their CSP's marketplace would streamline the process.
upvoted 0 times
...
Stephania
9 months ago
Option A seems like the best choice to ensure centralized policy management and reduce human error.
upvoted 0 times
...
...
Linwood
10 months ago
Option D has the CN-Series firewall, which I'm not familiar with. I'd stick with the tried-and-true VM-Series and go with Option B.
upvoted 0 times
Jame
9 months ago
But for simplicity and familiarity, sticking with the VM-Series in Option B could be the best choice for the customer.
upvoted 0 times
...
Graciela
9 months ago
I agree, the CN-Series firewall may be worth exploring for enhanced security features.
upvoted 0 times
...
Tomoko
9 months ago
Option D includes the CN-Series firewall, which offers additional capabilities beyond the VM-Series.
upvoted 0 times
...
...
Buddy
10 months ago
Haha, manual Panorama setup? Really, Option C? I think the customer is looking for a more turnkey solution, not a DIY project.
upvoted 0 times
...
Keena
10 months ago
I'm leaning towards Option B. A mix of cloud NGFWs and VM-Series firewalls, with a PAYG Panorama deployment, seems like a flexible and cost-effective approach.
upvoted 0 times
Daniel
8 months ago
It's important to consider the customer's specific needs and challenges when making recommendations.
upvoted 0 times
...
Abraham
9 months ago
I agree, having flexibility in the approach is important for the customer's cloud-deployed applications.
upvoted 0 times
...
Willow
9 months ago
A PAYG Panorama deployment could be cost-effective for centralized management.
upvoted 0 times
...
Veronique
10 months ago
Option B sounds like a good choice. It offers a mix of cloud NGFWs and VM-Series firewalls.
upvoted 0 times
...
...
Dell
10 months ago
Option A seems like the most comprehensive solution. Cloud NGFWs at both CSPs and a Panorama virtual appliance to centralize policy management - that's exactly what the customer needs.
upvoted 0 times
Alecia
10 months ago
I agree, having centralized policy management is crucial for reducing human error and ensuring security across all applications in the cloud.
upvoted 0 times
...
Aliza
10 months ago
Option A seems like the most comprehensive solution. Cloud NGFWs at both CSPs and a Panorama virtual appliance to centralize policy management - that's exactly what the customer needs.
upvoted 0 times
...
...
Ranee
10 months ago
I prefer option B because it offers a mix of Cloud NGFWs and VM-Series firewall for better coverage.
upvoted 0 times
...
Malcom
11 months ago
I agree with Leigha, centralized policy management is crucial to reduce human error.
upvoted 0 times
...
Leigha
11 months ago
I think option A is the best choice because it provides centralized policy management.
upvoted 0 times
...

Save Cancel