Palo Alto Networks System Engineer Professional - SASE
Last exam update: Dec 02 ,2023
Page 1 out of 5
Viewing questions 1-10 out of 54
Which three decryption methods are available in a security processing node (SPN)? (Choose three.)
A. SSL Outbound Proxy
B. SSHv2 Proxy
C. SSL Forward Proxy
D. SSL Inbound Inspection
E. SSH Inbound Inspection
Which elements of Autonomous Digital Experience Management (ADEM) help provide end-to-end visibility of everything in an organization's environment?
A. integrated threat intelligence management, automated distribution to enforcement points at scale, full ticket mirroring
B. scanning of all traffic, ports, and protocols
C. data collected from endpoint devices, synthetic monitoring tests, and real-time traffic
D. alerts, artifacts, and MITRE tactics
What can prevent users from unknowingly downloading potentially malicious file types from the internet?
A. Apply a File Blocking profile to Security policy rules that allow general web access.
B. Apply a Zone Protection profile to the untrust zone.
C. Assign an Antivirus profile to Security policy rules that deny general web access.
D. Assign a Vulnerability profile to Security policy rules that deny general web access.
How does a secure web gateway (SWG) protect users from web-based threats while still enforcing corporate acceptable use policies?
A. Users are mapped via server logs for login events and syslog messages from authenticating services.
B. It uses a cloud-based machine learning (ML)-powered web security engine to perform ML-based inspection of web traffic in real-time.
C. It prompts the browser to present a valid client certificate to authenticate the user.
D. Users access the SWG, which then connects the user to the website while still performing security measures.
Organizations that require remote browser isolation (RBI) to protect their users can automate connectivity to third-party RBI products with which platform?
A. Zero Trust
B. SaaS Security API
D. CloudBlades API
Which two services are part of the Palo Alto Networks cloud-delivered security services (CDSS) package? (Choose two.)
A. virtual desktop infrastructure (VDI)
B. Internet of Things (IoT) Security
C. Advanced URL Filtering (AURLF)
D. security information and event management (SIEM)
Which type of access allows unmanaged endpoints to access secured on-premises applications?
A. manual external gateway
B. secure web gateway (SWG)
C. GlobalProtect VPN for remote access
D. Prisma Access Clientless VPN
Which element of a secure access service edge (SASE)-enabled network provides true integration of services, not service chains, with combined services and visibility for all locations, mobile users, and the cloud?
A. identity and network location
B. broad network-edge support
C. converged WAN edge and network security
D. cloud-native, cloud-based delivery
Users connect to a server in the data center for file sharing. The organization wants to decrypt the traffic to this server in order to scan the files being uploaded and downloaded to determine if malware or sensitive data is being moved by users. Which proxy should be used to decrypt this traffic?
A. SCP Proxy
B. SSL Inbound Proxy
C. SSH Forward Proxy
D. SSL Forward Proxy
What are two ways service connections and remote network connections differ? (Choose two.)
A. Remote network connections provide secondary WAN options, but service connections use backup service connection for redundancy.
B. Remote network connections enforce security policies, but service connections do not.
C. An on-premises resource cannot originate a connection to the internet over a service connection.
D. Service connections support both OSPF and BGP for routing protocols, but remote networks support only BGP.