In the aggregate model, how are bandwidth allocations and interface tags applied beginning in Prisma Access 1.8?
ALicense bandwidth is allocated to a CloudGenix controller; interface tags are set with a compute region.
BLicense bandwidth is allocated to a compute region; interface tags are set with a CloudGenix controller.
CLicense bandwidth is allocated to a compute region; interface tags are set with a Prisma Access location.
DLicense bandwidth is allocated to a Prisma Access location; interface tags are set with a compute region.
Which element of Prisma Access enables both mobile users and users at branch networks to access resources in headquarters or a data center?
AUser-ID
Bprivate clouds
CApp-ID
Dservice connections
Which two services are provided by Prisma Access Insights? (Choose two.)
Asummary overview screen of the health and performance of an organization's entire Prisma Access environment
Bconfiguration of the on-premises firewall located behind the service-connection termination
Cdetection of hard-to-find security issues via AI-based innovations to normalize, analyze, and stitch together an enterprise's data
Dmultiple dashboards for focused views of different deployments, the corresponding alerts, and the health status of the infrastructure
How does the Palo Alto Networks secure access service edge (SASE) solution enable Zero Trust in a customer environment?
AIt stops attacks that use DNS for command and control or data theft.
BIt feeds threat intelligence into an automation engine for rapid and consistent protections.
CIt classifies sites based on content, features, and safety.
DIt continuously validates every stage of a digital interaction.
What is an advantage of the unified approach of the Palo Alto Networks secure access service edge (SASE) platform over the use of multiple point products?
AIt allows for automation of ticketing tasks and management of tickets without pivoting between various consoles.
BIt scans all traffic, ports, and protocols and automatically discovers new apps.
CIt turns threat intelligence and external attack surface data into an intelligent data foundation to dramatically accelerate threat response.
DIt reduces network and security complexity while increasing organizational agility.
What is an advantage of next-generation SD-WAN over legacy SD-WAN solutions?
AIt enables definition of the privileges and responsibilities of administrative users in a network.
BIt allows configuration to forward logs to external logging destinations, such as syslog servers.
CIt steers traffic and defines networking and security policies from an application-centric perspective, rather than a packet-based approach.
DIt provides the ability to push common configurations, configuration updates, and software upgrades to all or a subset of the managed appliances.
Which product draws on data collected through PAN-OS device telemetry to provide an overview of the health of an organization's next-generation firewall (NGFW) deployment and identify areas for improvement?
ACloud Identity Engine (CIE)
BDNS Security
Csecurity information and event management (SIEM)
DDevice Insights
How does Autonomous Digital Experience Management (ADEM) improve user experience?
AThe root cause of any alert can be viewed with a single click, allowing users to swiftly stop attacks across the environment.
BThe virtual appliance receives and stores firewall logs without using a local Log Collector, simplifying required steps users must take.
CWorking from home or branch offices, all users get the benefit of a digital experience management solution without the complexity of installing additional software and hardware.
DIt applies in-depth hunting and forensics knowledge to identify and contain threats before they become a breach.
What is a benefit of a cloud-based secure access service edge (SASE) infrastructure over a Zero Trust Network Access (ZTNA) product based on a software-defined perimeter (SDP) model?
AUsers, devices, and apps are identified no matter where they connect from.
BConnection to physical SD-WAN hubs in ther locations provides increased interconnectivity between branch offices.
CComplexity of connecting to a gateway is increased, providing additional protection.
DVirtual private network (VPN) services are used for remote access to the internal data center, but not the cloud.
Which two point products are consolidated into the Prisma secure access service edge (SASE) platform? (Choose two.)
AAutonomous Digital Experience Management (ADEM)
Bfirewall as a service (FWaaS)
CThreat Intelligence Platform (TIP)
Dsecurity information and event management (SIEM)
Which element of a secure access service edge (SASE)-enabled network uses many points of presence to reduce latency with support of in-country or in-region resources and regulatory requirements?
Acloud-native, cloud-based delivery
Bconverged WAN edge and network security
Cbroad network-edge support
Didentity and network location
A customer currently uses a third-party proxy solution for client endpoints and would like to migrate to Prisma Access to secure mobile user internet-bound traffic.
Which recommendation should the Systems Engineer make to this customer?
AWith the explicit proxy license add-on, set up GlobalProtect.
BWith the mobile user license, set up explicit proxy.
CWith the explicit proxy license, set up a service connection.
DWith the mobile user license, set up a corporate access node.
Which two prerequisites must an environment meet to onboard Prisma Access mobile users? (Choose two.)
AZoning must be configured to require a user ID for the mobile users trust zone.
BMapping of trust and untrust zones must be configured.
CBGP must be configured so that service connection networks can be advertised to the mobile gateways.
DMobile user subnet and DNS portal name must be configured.
Organizations that require remote browser isolation (RBI) to protect their users can automate connectivity to third-party RBI products with which platform?
AZero Trust
BSaaS Security API
CGlobalProtect
DCloudBlades API
What are two ways service connections and remote network connections differ? (Choose two.)
ARemote network connections provide secondary WAN options, but service connections use backup service connection for redundancy.
BRemote network connections enforce security policies, but service connections do not.
CAn on-premises resource cannot originate a connection to the internet over a service connection.
DService connections support both OSPF and BGP for routing protocols, but remote networks support only BGP.
Which connection method allows secure web gateway (SWG) access to internet-based SaaS applications using HTTP and HTTPS protocols?
AGlobalProtect
BBroker VM
Cexplicit proxy
Dsystem-wide proxy
How does the secure access service edge (SASE) security model provide cost savings to organizations?
AThe single platform reduces costs compared to buying and managing multiple point products.
BThe compact size of the components involved reduces overhead costs, as less physical space is needed.
CThe content inspection integration allows third-party assessment, which reduces the cost of contract services.
DThe increased complexity of the model over previous products reduces IT team staffing costs.
How does SaaS Security Inline help prevent the data security risks of unsanctioned security-as-a-service (SaaS) application usage on a network?
BIt offers risk scoring, analytics, reporting, and Security policy rule authoring.
CIt provides built-in external dynamic lists (EDLs) that secure the network against malicious hosts.
DIt prevents credential theft by controlling sites to which users can submit their corporate credentials.
Which App Response Time metric measures the amount of time it takes to transfer incoming data from an external server to a local client?
AUDP Response Time (UDP-TRT)
BServer Response Time (SRT)
CNetwork Transfer Time (NTTn)
DRound Trip Time (RTT)
Which application gathers health telemetry about a device and its WiFi connectivity in order to help determine whether the device or the WiFi is the cause of any performance issues?
Adata loss prevention (DLP)
Bremote browser isolation (RBI)
CCortex Data Lake
DGlobalProtect
Users connect to a server in the data center for file sharing. The organization wants to decrypt the traffic to this server in order to scan the files being uploaded and downloaded to determine if malware or sensitive data is being moved by users.
Which proxy should be used to decrypt this traffic?
ASCP Proxy
BSSL Inbound Proxy
CSSH Forward Proxy
DSSL Forward Proxy
Which two key benefits have been identified for a customer investing in the Palo Alto Networks Prisma secure access service edge (SASE) solution? (Choose two.)
Adecreased likelihood of a data breach
Breduced input required from management during third-party investigations
Cdecreased need for interaction between branches
Dreduced number of security incidents requiring manual investigation
Which elements of Autonomous Digital Experience Management (ADEM) help provide end-to-end visibility of everything in an organization's environment?
Aintegrated threat intelligence management, automated distribution to enforcement points at scale, full ticket mirroring
Bscanning of all traffic, ports, and protocols
Cdata collected from endpoint devices, synthetic monitoring tests, and real-time traffic
Dalerts, artifacts, and MITRE tactics
In which step of the Five-Step Methodology of Zero Trust are application access and user access defined?
AStep 4: Create the Zero Trust Policy
BStep 3: Architect a Zero Trust Network
CStep 1: Define the Protect Surface
DStep 5: Monitor and Maintain the Network
Which action protects against port scans from the internet?
AApply App-ID Security policy rules to block traffic sourcing from the untrust zone.
BAssign Security profiles to Security policy rules for traffic sourcing from the untrust zone.
CApply a Zone Protection profile on the zone of the ingress interface.
DAssign an Interface Management profile to the zone of the ingress surface.
Preview
