palo alto networks pse-sase practice test

Which two prerequisites must an environment meet to onboard Prisma Access mobile users? (Choose two.)

• A. Zoning must be configured to require a user ID for the mobile users trust zone.
• B. Mapping of trust and untrust zones must be configured.
• C. BGP must be configured so that service connection networks can be advertised to the mobile gateways.
• D. Mobile user subnet and DNS portal name must be configured.

How does SaaS Security Inline help prevent the data security risks of unsanctioned security-as-a-service (SaaS) application usage on a network?

• A. It provides mobility solutions and/or large-scale virtual private network (VPN) capabilities.
• B. It offers risk scoring, analytics, reporting, and Security policy rule authoring.
• C. It provides built-in external dynamic lists (EDLs) that secure the network against malicious hosts.
• D. It prevents credential theft by controlling sites to which users can submit their corporate credentials.

What is a benefit of deploying secure access service edge (SASE) with a secure web gateway (SWG) over a SASE solution without a SWG?

• A. A heartbeat connection between the firewall peers ensures seamless failover in the event that a peer goes down.
• B. It prepares the keys and certificates required for decryption, creating decryption profiles and policies, and configuring decryption port mirroring.
• C. Protection is offered in the cloud through a unified platform for complete visibility and precise control over web access while enforcing security policies that protect users from hostile websites.
• D. It creates tunnels that allow users and systems to connect securely over a public network as if they were connecting over a local area network (LAN).

Which App Response Time metric measures the amount of time it takes to transfer incoming data from an external server to a local client?

• A. UDP Response Time (UDP-TRT)
• B. Server Response Time (SRT)
• C. Network Transfer Time (NTTn)
• D. Round Trip Time (RTT)

What is a key benefit of CloudBlades?

• A. automation of UI workflow without any code development and deployment of Prisma SD-WAN ION devices
• B. utilization of near real-time analysis to detect previously unseen, targeted malware and advanced persistent threats
• C. identification of port-based rules so they can be converted to application-based rules without compromising application availability
• D. configuration of the authentication source once instead of for each authentication method used

Which product allows advanced Layer 7 inspection, access control, threat detection and prevention?

• A. Infrastructure as a Service (IaaS)
• B. remote browser isolation
• C. network sandbox
• D. Firewall as a Service (FWaaS)

Which statement describes the data loss prevention (DLP) add-on?

• A. It prevents phishing attacks by controlling the sites to which users can submit valid corporate credentials.
• B. It employs automated policy enforcement to allow trusted behavior with a new Device-ID policy construct.
• C. It is a centrally delivered cloud service with unified detection policies that can be embedded in existing control points.
• D. It enables data sharing with third-party tools such as security information and event management (SIEM) systems.

In the aggregate model, how are bandwidth allocations and interface tags applied beginning in Prisma Access 1.8?

• A. License bandwidth is allocated to a CloudGenix controller; interface tags are set with a compute region.
• B. License bandwidth is allocated to a compute region; interface tags are set with a CloudGenix controller.
• C. License bandwidth is allocated to a compute region; interface tags are set with a Prisma Access location.
• D. License bandwidth is allocated to a Prisma Access location; interface tags are set with a compute region.

A customer currently has 150 Mbps of capacity at a site. Records show that, on average, a total of 30 Mbps of bandwidth is used for the two links.
What is the appropriate Prisma SD-WAN license for this site?

• A. 50 Mbps
• B. 175 Mbps
• C. 250 Mbps
• D. 25 Mbps

How can a network engineer export all flow logs and security actions to a security information and event management (SIEM) system?

• A. Enable syslog on the Instant-On Network (ION) device.
• B. Use a zone-based firewall to export directly through application program interface (API) to the SIEM.
• C. Enable Simple Network Management Protocol (SNMP) on the Instant-On Network (ION) device.
• D. Use the centralized flow data-export tool built into the controller.