Latest PSE-SASE Practice Tests with Actual Questions

PSE-SASE Dumps PSE-SASE Braindumps

PSE-SASE Real Questions PSE-SASE Practice Test PSE-SASE Actual Questions

Palo-Alto

PSE-SASE

Palo Alto Networks System Engineer Professional - SASE (PSE-SASE)

https://killexams.com/pass4sure/exam-detail/PSE-SASE

Question: 155

In which step of the Five-Step Methodology of Zero Trust are application access and user access defined?

1. Step 4: Create the Zero Trust Policy

2. Step 3: Architect a Zero Trust Network

3. Step 1: Define the Protect Surface

4. Step 5: Monitor and Maintain the Network

Answer: A
Question: 156

Which two actions take place after Prisma SD-WAN Instant-On Network (ION) devices have been deployed at a site? (Choose two.)

1. The devices continually sync the information from directories, whether they are on-premise, cloud-based, or hybrid.

2. The devices establish VPNs over private WAN circuits that share a common service provider.

3. The devices automatically establish a VPN to the data centers over every internet circuit.

4. The devices provide an abstraction layer between the Prisma SD-WAN controller and a particular cloud service.

Answer: B,C
Question: 157

How can a network engineer export all flow logs and security actions to a security information and event management (SIEM) system?

1. Enable syslog on the Instant-On Network (ION) device.

2. Use a zone-based firewall to export directly through application program interface (API) to the SIE

3. Enable Simple Network Management Protocol (SNMP) on the Instant-On Network (ION) device.

4. Use the centralized flow data-export tool built into the controller.

Answer: C
Question: 158

How does the secure access service edge (SASE) security model provide cost savings to organizations?

1. The single platform reduces costs compared to buying and managing multiple point products.

2. The compact size of the components involved reduces overhead costs, as less physical space is needed.

3. The content inspection integration allows third-party assessment, which reduces the cost of contract services.

4. The increased complexity of the model over previous products reduces IT team staffing costs.

Answer: A
Question: 159

Which statement applies to Prisma Access licensing?

1. Internet of Things (IOT) Security is included with each license.

2. It provides cloud-based, centralized log storage and aggregation.

3. It is a perpetual license required to enable support for multiple virtual systems on PA-3200 Series firewalls.

4. For remote network and Clean Pipe deployments, a unit is defined as 1 Mbps of bandwidth.

Answer: D
Question: 160

Which product draws on data collected through PAN-OS device telemetry to provide an overview of the health of an organization's next-generation firewall (NGFW) deployment and identify areas for improvement?

1. Cloud Identity Engine (CIE)

2. DNS Security

3. security information and event management (SIEM)

4. Device Insights

Answer: D
Question: 161

Which product leverages GlobalProtect agents for endpoint visibility and native Prisma SD-WAN integration for remote sites and branches?

1. Cloud-Delivered Security Services (CDSS)

2. WildFire

3. CloudBlades:

4. Autonomous Digital Experience Management (ADEM)

Answer: D
Question: 162

What is a key benefit of CloudBlades?

1. automation of UI workflow without any code development and deployment of Prisma SD-WAN ION devices

2. utilization of near real-time analysis to detect previously unseen, targeted malware and advanced persistent threats

3. identification of port-based rules so they can be converted to application-based rules without compromising application availability

4. configuration of the authentication source once instead of for each authentication method used

Answer: A
Question: 163

A customer currently uses a third-party proxy solution for client endpoints and would like to migrate to Prisma Access to secure mobile user internet-bound traffic.

Which recommendation should the Systems Engineer make to this customer?

1. With the explicit proxy license add-on, set up GlobalProtect.

2. With the mobile user license, set up explicit proxy.

3. With the explicit proxy license, set up a service connection.

4. With the mobile user license, set up a corporate access node.

Answer: A
Question: 164

What are two benefits of installing hardware fail-to-wire port pairs on Instant-On Network (ION) devices? (Choose two.)

1. local area network (LAN) Dynamic Host Configuration Protocol (DHCP) and DHCP relay functionality

2. control mode insertion without modification of existing network configuration

3. network controller communication and monitoring

4. ensures automatic failover when ION devices experience software or network related failure

Answer: B,D
Question: 165

How does SaaS Security Inline provide a consistent management experience?

1. user credentials required before accessing the resource

2. uses advanced predictive analysis and machine learning (ML)

3. automatically forwards samples for WildFire analysis

4. integrates with existing security

Answer: D
Question: 166

Which product enables websites to be rendered in a sandbox environment in order to detect and remove malware and threats before they reach the endpoint?

1. remote browser isolation

2. secure web gateway (SWG)

3. network sandbox

4. DNS Security

Answer: A
Question: 167

Organizations that require remote browser isolation (RBI) to protect their users can automate connectivity to third- party RBI products with which platform?

1. Zero Trust

2. SaaS Security API

3. GlobalProtect

4. CloudBlades API

Answer: D
Question: 168

In which step of the Five-Step Methodology for implementing the Zero Trust model does inspection and logging of all traffic take place?

1. Step 4: Create the Zero Trust policy

2. Step 3: Architect a Zero Trust network

3. Step 1: Define the protect surface

4. Step 5: Monitor and maintain the network

Answer: D
Question: 169

The Cortex Data Lake sizing calculator for Prisma Access requires which three values as inputs? (Choose three.)

1. throughput of remote networks purchased

2. cloud-managed or Panorama-managed deployment

3. retention period for the logs to be stored

4. number of log-forwarding destinations

5. number of mobile users purchased

Answer: A,C,E
Question: 170

Which elements of Autonomous Digital Experience Management (ADEM) help provide end-to-end visibility of everything in an organization's environment?

1. integrated threat intelligence management, automated distribution to enforcement points at scale, full ticket mirroring

2. scanning of all traffic, ports, and protocols

3. data collected from endpoint devices, synthetic monitoring tests, and real-time traffic

4. alerts, artifacts, and MITRE tactics

Answer: C
Question: 171

What is a benefit of a cloud-based secure access service edge (SASE) infrastructure over a Zero Trust Network Access (ZTNA) product based on a software-defined perimeter (SDP) model?

1. Users, devices, and apps are identified no matter where they connect from.

2. Connection to physical SD-WAN hubs in ther locations provides increased interconnectivity between branch offices.

3. Complexity of connecting to a gateway is increased, providing additional protection.

4. Virtual private network (VPN) services are used for remote access to the internal data center, but not the cloud.

Answer: A
Question: 172

Which product allows advanced Layer 7 inspection, access control, threat detection and prevention?

1. Infrastructure as a Service (IaaS)

2. remote browser isolation

3. network sandbox

4. Firewall as a Service (FWaaS)

Answer: D