PSE-SASE-Topic-1
Question #: 43
Topic #: 1
Which elements of Autonomous Digital Experience Management (ADEM) help provide end-to-end visibility of everything in an organization’s environment?
A. integrated threat intelligence management, automated distribution to enforcement points at scale, full ticket mirroring
B. scanning of all traffic, ports, and protocols
C. data collected from endpoint devices, synthetic monitoring tests, and real-time traffic
D. alerts, artifacts, and MITRE tactics
Selected Answer: C
Question #: 41
Topic #: 1
Which two key benefits have been identified for a customer investing in the Palo Alto Networks Prisma secure access service edge (SASE) solution? (Choose two.)
A. decreased likelihood of a data breach
B. reduced input required from management during third-party investigations
C. decreased need for interaction between branches
D. reduced number of security incidents requiring manual investigation
Selected Answer: AD
Question #: 18
Topic #: 1
Organizations that require remote browser isolation (RBI) to protect their users can automate connectivity to third-party RBI products with which platform?
A. Zero Trust
B. SaaS Security API
C. GlobalProtect
D. CloudBlades API
Selected Answer: D
Question #: 21
Topic #: 1
What are two ways service connections and remote network connections differ? (Choose two.)
A. Remote network connections provide secondary WAN options, but service connections use backup service connection for redundancy.
B. Remote network connections enforce security policies, but service connections do not.
C. An on-premises resource cannot originate a connection to the internet over a service connection.
D. Service connections support both OSPF and BGP for routing protocols, but remote networks support only BGP.
Selected Answer: B
Question #: 48
Topic #: 1
What happens when SaaS Security sees a new or unknown SaaS application?
A. It forwards the application for WildFire analysis.
B. It uses machine learning (ML) to classify the application.
C. It generates alerts regarding changes in performance.
D. It extends the branch perimeter to the closest node with high performance.
Selected Answer: B
Question #: 61
Topic #: 1
What are two benefits of installing hardware fail-to-wire port pairs on Instant-On Network (ION) devices? (Choose two.)
A. local area network (LAN) Dynamic Host Configuration Protocol (DHCP) and DHCP relay functionality
B. control mode insertion without modification of existing network configuration
C. network controller communication and monitoring
D. ensures automatic failover when ION devices experience software or network related failure
Selected Answer: B
Question #: 56
Topic #: 1
What is a benefit of a cloud-based secure access service edge (SASE) infrastructure over a Zero Trust Network Access (ZTNA) product based on a software-defined perimeter (SDP) model?
A. Users, devices, and apps are identified no matter where they connect from.
B. Connection to physical SD-WAN hubs in ther locations provides increased interconnectivity between branch offices.
C. Complexity of connecting to a gateway is increased, providing additional protection.
D. Virtual private network (VPN) services are used for remote access to the internal data center, but not the cloud.
Selected Answer: D
Question #: 7
Topic #: 1
Which secure access service edge (SASE) networking component inspects web-based protocols and traffic to securely connect users to applications?
A. proxy
B. SD-WAN
C. secure web gateway (SWG)
D. cloud access security broker (CASB)
Selected Answer: C
Question #: 3
Topic #: 1
Which action protects against port scans from the internet?
A. Apply App-ID Security policy rules to block traffic sourcing from the untrust zone.
B. Assign Security profiles to Security policy rules for traffic sourcing from the untrust zone.
C. Apply a Zone Protection profile on the zone of the ingress interface.
D. Assign an Interface Management profile to the zone of the ingress surface.
Selected Answer: C
Question #: 39
Topic #: 1
A customer currently has 150 Mbps of capacity at a site. Records show that, on average, a total of 30 Mbps of bandwidth is used for the two links.
What is the appropriate Prisma SD-WAN license for this site?
A. 50 Mbps
B. 175 Mbps
C. 250 Mbps
D. 25 Mbps
Selected Answer: A
Question #: 31
Topic #: 1
Which statement applies to Prisma Access licensing?
A. Internet of Things (IOT) Security is included with each license.
B. It provides cloud-based, centralized log storage and aggregation.
C. It is a perpetual license required to enable support for multiple virtual systems on PA-3200 Series firewalls.
D. For remote network and Clean Pipe deployments, a unit is defined as 1 Mbps of bandwidth.
Selected Answer: D
Question #: 20
Topic #: 1
How does Autonomous Digital Experience Management (ADEM) improve user experience?
A. The root cause of any alert can be viewed with a single click, allowing users to swiftly stop attacks across the environment.
B. The virtual appliance receives and stores firewall logs without using a local Log Collector, simplifying required steps users must take.
C. Working from home or branch offices, all users get the benefit of a digital experience management solution without the complexity of installing additional software and hardware.
D. It applies in-depth hunting and forensics knowledge to identify and contain threats before they become a breach.
Selected Answer: C
Question #: 17
Topic #: 1
Which element of Prisma Access enables both mobile users and users at branch networks to access resources in headquarters or a data center?
A. User-ID
B. private clouds
C. App-ID
D. service connections
Selected Answer: D
Question #: 13
Topic #: 1
Which App Response Time metric measures the amount of time it takes to transfer incoming data from an external server to a local client?
A. UDP Response Time (UDP-TRT)
B. Server Response Time (SRT)
C. Network Transfer Time (NTTn)
D. Round Trip Time (RTT)
Selected Answer: C
Question #: 12
Topic #: 1
Which three decryption methods are available in a security processing node (SPN)? (Choose three.)
A. SSL Outbound Proxy
B. SSHv2 Proxy
C. SSL Forward Proxy
D. SSL Inbound Inspection
E. SSH Inbound Inspection
Selected Answer: BCD
Question #: 10
Topic #: 1
In which step of the Five-Step Methodology of Zero Trust are application access and user access defined?
A. Step 4: Create the Zero Trust Policy
B. Step 3: Architect a Zero Trust Network
C. Step 1: Define the Protect Surface
D. Step 5: Monitor and Maintain the Network
Selected Answer: A
Question #: 8
Topic #: 1
What is a benefit of the Palo Alto Networks secure access service edge (SASE) solution’s ability to provide insight into SD-WAN and network security metrics while highlighting critical issues across all managed tenants?
A. It rearchitects the way signatures are delivered, performing updates and streaming them to the firewall within seconds after the analysis is done.
B. It helps protect inbound, outbound, and east-west traffic between container workload types in Kubernetes environments without slowing development speed.
C. It simplifies workflows and instantly automates common use cases with hundreds of prebuilt playbooks.
D. It helps managed service providers (MSPs) accelerate troubleshooting and meet service level agreements (SLAs) for all their customers.
Selected Answer: D
Question #: 25
Topic #: 1
Users connect to a server in the data center for file sharing. The organization wants to decrypt the traffic to this server in order to scan the files being uploaded and downloaded to determine if malware or sensitive data is being moved by users.
Which proxy should be used to decrypt this traffic?
A. SCP Proxy
B. SSL Inbound Proxy
C. SSH Forward Proxy
D. SSL Forward Proxy
Selected Answer: D
Question #: 19
Topic #: 1
What is an advantage of the unified approach of the Palo Alto Networks secure access service edge (SASE) platform over the use of multiple point products?
A. It allows for automation of ticketing tasks and management of tickets without pivoting between various consoles.
B. It scans all traffic, ports, and protocols and automatically discovers new apps.
C. It turns threat intelligence and external attack surface data into an intelligent data foundation to dramatically accelerate threat response.
D. It reduces network and security complexity while increasing organizational agility.
Selected Answer: D
Question #: 42
Topic #: 1
What is an advantage of next-generation SD-WAN over legacy SD-WAN solutions?
A. It enables definition of the privileges and responsibilities of administrative users in a network.
B. It allows configuration to forward logs to external logging destinations, such as syslog servers.
C. It steers traffic and defines networking and security policies from an application-centric perspective, rather than a packet-based approach.
D. It provides the ability to push common configurations, configuration updates, and software upgrades to all or a subset of the managed appliances.
Selected Answer: C
Question #: 26
Topic #: 1
Which two actions take place after Prisma SD-WAN Instant-On Network (ION) devices have been deployed at a site? (Choose two.)
A. The devices continually sync the information from directories, whether they are on-premise, cloud-based, or hybrid.
B. The devices establish VPNs over private WAN circuits that share a common service provider.
C. The devices automatically establish a VPN to the data centers over every internet circuit.
D. The devices provide an abstraction layer between the Prisma SD-WAN controller and a particular cloud service.
Selected Answer: BC
Question #: 27
Topic #: 1
Cloud-delivered App-ID provides specific identification of which two applications? (Choose two.)
A. unknown-tcp
B. private
C. web-browsing
D. custom
Selected Answer: AC
Question #: 38
Topic #: 1
Which product enables websites to be rendered in a sandbox environment in order to detect and remove malware and threats before they reach the endpoint?
A. remote browser isolation
B. secure web gateway (SWG)
C. network sandbox
D. DNS Security
Selected Answer: A
Question #: 44
Topic #: 1
Which two statements apply to features of aggregate bandwidth allocation in Prisma Access for remote networks? (Choose two.)
A. Administrator can allocate up to 120% of the total bandwidth purchased for aggregate locations to support traffic peaks.
B. Administrator must assign a minimum of 50 MB to any compute location that will support remote networks.
C. Administrator is not required to allocate all purchased bandwidth to compute locations for the configuration to be valid.
D. Bandwidth that is allocated to a compute location is statically and evenly distributed across remote networks in that location.
Selected Answer: BC
Question #: 40
Topic #: 1
Which product leverages GlobalProtect agents for endpoint visibility and native Prisma SD-WAN integration for remote sites and branches?
A. Cloud-Delivered Security Services (CDSS)
B. WildFire
C. CloudBlades:
D. Autonomous Digital Experience Management (ADEM)
Selected Answer: A
