Palo Alto Networks PSE Endpoint Professional Exam Questions

Which two enhanced key usage purposes are necessary when creating an SSL certificate for an ESM server? (Choose two.)

A large manufacturer is planning to roll out Traps to 75,000 endpoints. Their environment consists of three major sites with 24,000 endpoints each, plus about 3,000 remote endpoints in smaller remote locations using always-on VPN connections to a single one of the major sites. The customer wants to minimize network traffic between the major sites, but all endpoints have internet access. The customer is looking for a centrally managed solution with common reporting and management for all endpoints in the environment.

Which design option would be appropriate for this environment?

A company discovers through the agent health display in ESM Console that a certain Traps agent is not communicating with ESM Server. Administrators suspect that the problem relates to TLS/SSL.

Which troubleshooting step determines if this is an SSL issue?

During installation of the ESM and the agent, SSL was enabled on an endpoint. However, the agent communication is failing. The services.log on the endpoint has the following error.

*An error occurred while making the HTTP request to https: //hostname:2125/CyveraServer/. This could be due to the fact that the server certificate is not configured property with HTTP SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server."

Which certificate can be imported on the endpoint to solve this issue? Assume the hostname is a valid FQDN and the ESM Server and Console have different certificates.

Which two are valid optional parameters when upgrading Traps agent from the ESM console using Upgrade from path? (Choose two.)