Is the SD-WAN Engineer practice exam free?

Yes. ExamCademy offers all 49 SD-WAN Engineer practice questions for free with a registered account. No payment needed. Optional supporter features add AI explanations and spaced repetition study tools.

How accurate are the SD-WAN Engineer practice questions?

All SD-WAN Engineer questions are community-created and reviewed by moderators to align with Palo Alto Networks's published exam objectives. The community continuously reports and fixes issues to keep content accurate and up to date.

How should I study for the SD-WAN Engineer exam?

Start by browsing practice questions to identify weak areas. Use spaced repetition (Learn Mode) to focus study time on topics you struggle with. Combine practice questions with official Palo Alto Networks documentation and hands-on experience for best results.

SD-WAN Engineer Practice Exam — Free 49+ Questions

49Practice Questions

3Study Modes

FreeTo Get Started

Sort:

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

That's the end of the Preview

This exam has 49 community-verified practice questions. Create a free account to access all questions, comments, and explanations.

Log In / Sign Up

Page 1 of 2 • Questions 1-25 of 49

1 2

→

Know a question that should be here? Contribute to this exam

A network administrator is troubleshooting a critical SaaS application, “SuperSaaSApp”, that is experiencing connectivity issues. Initially, the configured active and backup paths for the application were reported as completely down at Layer 3. The Prisma SD-WAN system attempted to route traffic for the application over an L3 failure path that was explicitly configured as a Standard VPN to Prisma Access.
However, users are still reporting a complete outage for the application and monitoring tools show application flows being dropped when attempting to use the Standard VPN L3 failure path, even though the tunnel itself appears to be up. The administrator suspects a policy misconfiguration related to how the Standard VPN path interacts with destination groups.
What is the most likely reason for flows being dropped when attempting to use the Standard VPN L3 failure path?

A The “Move Flows Forced” action was not enabled in the performance policy for “SuperSaaSApp”, preventing the system from actively shifting traffic to the L3 failure path.
B The path policy rule for “SuperSaaSApp” has the “Required” checkbox selected for its Service & DC Group, but no direct paths were configured alongside it, creating a conflict.
C The path policy rule explicitly designates a Standard VPN as the L3 failure path, but it does not include a designated Standard Services and DC Group, causing traffic to be dropped.
D The Standard VPN in the path policy was not configured to “Minimize Cellular Usage”, leading to the depletion of metered data and subsequent flow drops.

User-ID integration is configured for a Prisma SD-WAN deployment. Branch- 1 has the user-to-IP mappings available, and User-1 is mapped to IP-1.
To which two use cases can User-ID based zone-based firewall policies be applied? (Choose two.)

A User-1 accessing a SaaS application on direct internet and source User-ID based zone-based firewall rules on Branch-1 ION
B User-1 accessing a private application within Branch-1, and source User-ID based zone-based firewall rules on Branch-1 ION
C User-1 accessing a private application in data center via SD-WAN overlay, and destination User-ID based zone-base firewall rules DC ION
D User-1 accessing a private application in Branch-2 via SD-WAN overlay, and destination User-ID based zone-based firewall rules on Branch-2 ION

What is the purpose of Secure Group Tag (SGT) propagation in Prisma SD-WAN?

A To integrate with external identity-based security solutions
B To manage QoS policies for traffic based on user and application type
C To clarify the intent of rules or configuration objects and improve rule organization
D To enable or disable SGT settings at the interface level and initiate services like NTP, DHCP, and App Probes

A site has two internet circuits: Circuit A with 500 Mbps capacity and Circuit B with 100 Mbps capacity.
Which path policy configuration will ensure traffic is automatically shifted from a saturated circuit to the circuit with available bandwidth?

A Circuit A as an active, Circuit B as a backup
B Circuit B as an active, Circuit A as a backup
C Both circuits under active path
D Circuit B as an L3 failure path

Site templates are to be used for the large-scale deployment of 100 Prisma SD-WAN branch sites across different regions.
Which two statements align with the capabilities and best practices for Prisma SD-WAN site templates? (Choose two.)

A The use of Jinja conditional statements within a site template is not supported, thereby limiting dynamic customization options.
B Mandatory variables for any site template include the site name, ION software version, and at least one ION serial number /device name pair.
C Site templates offer the capability to pre-stage device configurations by creating a device shell.
D Once a site has been deployed using a template, its configuration can be updated or modified by applying an updated version of the template.

Network segmentation is required due to overlapping IP address space and M&A scenarios.
Which Prisma SD-WAN feature will achieve the desired segmentation and end-to-end connectivity in this use case?

A Virtual Routing and Forwarding (VRF) profiles with proper site bindings to achieve desired isolation across the underlay
B Virtual Routing and Forwarding (VRF) profiles with proper site bindings to achieve desired isolation locally and across the secure fabric
C Multiple contexts with interface segmentation to achieve desired isolation across the underlay
D Multiple virtual routers with interface segmentation to achieve desired isolation across the secure fabric

Which implementation allows Prisma SD-WAN to improve application performance for organizations facing inconsistent user experiences across branch locations, especially due to varying device types and network conditions, by using Layer 4 and Layer 7 optimization to boost throughput?

A Packet duplication
B WAN optimization
C Forward Error Correction (FEC)
D Application acceleration

Which metrics can be monitored at the individual Prisma SD-WAN ION device level to assess its health and operational performance?

A Device software version and interface bandwidth
B Device CPU, memory and disk use, interface bandwidth, and errors/discards
C Device VPN tunnels and controller reachability status
D Device application flow statistics, Autonomous Digital Experience Manager (ADEM) metrics, and site health score

In which modes can a Prisma SD-WAN branch be deployed?

A Testing, Control, POV
B Production, Control, Disabled
C Disabled, Analytics, Control
D POV, Production, Analytics

For how many hours are Prisma SD-WAN VPN shared secrets valid?

A 1
B 8
C 24
D 72

Which component of Prisma SD-WAN is responsible for distributing User-IP and user-group mappings to branch devices that match the corresponding source IPs?

A DC ION
B Cloud Identity Engine
C Controller
D NGFW

Which troubleshooting action should be taken when resources at one branch site can reach the internet but cannot be reached from the data center (DC)?

A Create static route with DC ION as a next hop.
B Ensure the LAN branch prefixes are set to “global.”
C Set the site in a control mode.
D Admin up the Prisma SD-WAN DC endpoints.

When troubleshooting an issue at a site that is running on two cellular links from two carriers, the operations team shared some evidence shown in the graph below:

Question Image

For the time duration shown in the graph, what are two inferencesout the site’s traffic that can be made? (Choose two.)

A Using Carrier-1 as the WAN path may have experienced some performance degradation.
B Using Carrier-2 as the WAN path may have experienced some performance degradation.
C Using Carrier-2 as the WAN path may have switched over to Carrier-1.
D Using Carrier-1 as the WAN path may have switched over to Carrier-2.

By default, how many days will Prisma SD-WAN VPNs stay operational before the keys expire when an ION device loses connection with the controller?

A 1
B 3
C 5
D 7

Return traffic for an application from the branch is being dropped on the branch ION. Application traffic arrives via SD-WAN internet overlay at the branch, and path policy for the application at the branch has the following settings:

Active = MPLS Overlay -
Backup = Prisma Access on internet
Which branch configuration is the probable cause of this behavior?

A It has Prisma Access tunnel over MPLS circuit but not on the internet circuit.
B It has one MPLS and one internet circuit.
C It has two internet circuits and no MPLS circuit.
D It has no MPLS circuit, and the Prisma Access tunnel is down.

What is the number and structure of Prisma SD-WAN QoS queues supported per WAN interface?

A 12 queues4 classes3 application criteria within each class
B 16 queues4 classes4 application criteria with each class
C 8 queues1 priority queue7 non-priority queues
D 8 queues2 classes4 application criteria within each class

To aid in capacity planning and QoS policy adjustments, what should be reviewed to gain the necessary insights for data center application traffic distribution, hotspots, and overall utilization trends?

A Prisma SD-WAN Predictive Analytics Dashboard
B WAN Clarity Data Center Reports
C Prisma SD-WAN Link Quality Dashboard
D WAN Clarity Branch Reports

In a branch high availability (HA) deployment, which action is taken by the standby device when the active device goes down?

A It notifies the controller, which then reroutes all traffic for the branch through an alternate path until the active device recovers.
B It automatically detects the failure, assumes the active role, and sends gratuitous ARP to minimize downtime for forwarding traffic.
C It takes over, but all active sessions are immediately reset, requiring users to re-establish connections.
D It notifies the other device to go in a diagnostic mode and logs the failure, requiring the controller to intervene and select standby device as a new forwarder.

Which action meets the needs of an organization that requires elevated incident notifications for its headquarters location?

A Export syslog to an external syslog collector and mark all messages as “Critical.”
B Implement performance policy specifically for the site with very aggressive service-level agreement (SLA) thresholds.
C Enable an event policy rule for the site with the action to set priority to the highest available level.
D Enable SNMPv3 trap notifications to an external network management system.

An organization has provided the following technical requirements and details:
High availability (HA) at all data center and branch locations
Two geographically separate main data center locations
One small data center location that contains local users and applications requiring policies
50 branch locations
ISP capacities for all branch locations but no accurate measurement of the actual bandwidth consumption
Based on Palo Alto Networks best practices and recommendations, which two licensing options will meet the customer objectives? (Choose two.)

A Six data center subscriptions
B Aggregate bandwidth subscription
C Four data center subscriptions
D Branch subscription per site

SD-WAN EngineerPreview

About the SD-WAN Engineer Exam

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

That's the end of the Preview

SD-WAN EngineerPreview

About the SD-WAN Engineer Exam

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

That's the end of the Preview