Free PSE-SASE Sample Questions — Palo Alto Networks System Engineer Professional - SASE

Which element of Prisma Access enables both mobile users and users at branch networks to access resources in headquarters or a data center?

• A. User-ID
• B. private clouds
• C. App-ID
• D. service connections

Text of question will be provided later...A. It applies configuration changes and provides credential management, role-based controls, and a playbook repository.

• A. It provides customized forms to collect and validate necessary parameters from the requester
• B. It natively ingests, normalizes, and integrates granular data across the security infrastructure at nearly half the cost of legacy security products attempting to solve the problem
• C. It provides IT teams with single-pane visibility that leverages endpoint, simulated, and real-time user traffic data to provide the most complete picture of user traffic flows possible

Which application gathers health telemetry about a device and its WiFi connectivity in order to help determine whether the device or the WiFi is the cause of any performance issues?

• A. data loss prevention (DLP)
• B. remote browser isolation (RBI)
• C. Cortex Data Lake
• D. GlobalProtect

Which two actions take place after Prisma SD-WAN Instant-On Network (ION) devices have been deployed at a site? (Choose two.)

• A. The devices continually sync the information from directories, whether they are on-premise, cloud-based, or hybrid
• B. The devices establish VPNs over private WAN circuits that share a common service provider
• C. The devices automatically establish a VPN to the data centers over every internet circuit
• D. The devices provide an abstraction layer between the Prisma SD-WAN controller and a particular cloud service

Which two prerequisites must an environment meet to onboard Prisma Access mobile users? (Choose two.)

• A. Zoning must be configured to require a user ID for the mobile users trust zone
• B. Mapping of trust and untrust zones must be configured
• C. BGP must be configured so that service connection networks can be advertised to the mobile gateways
• D. Mobile user subnet and DNS portal name must be configured

A customer is concerned about performance of their SaaS applications for all end-users. Their users are globally distributed and access local SaaS applications services within their country. When troubleshooting end-to-end connectivity, they want the quickest way to identify common issues across the entire organization in order to be proactive and remediate them before the end-user needs to open a support ticket. Which two features would provide visibility and performance enhancements for the customer's SaaS application access? (Choose two.)

• A. Prisma Access Browser
• B. ADEM
• C. Prisma SD-WAN
• D. App Acceleration

Users connect to a server in the data center for file sharing. The organization wants to decrypt the traffic to this server in order to scan the files being uploaded and downloaded to determine if malware or sensitive data is being moved by users. Which proxy should be used to decrypt this traffic?

• A. SCP Proxy
• B. SSL Inbound Proxy
• C. SSH Forward Proxy
• D. SSL Forward Proxy

Which App Response Time metric measures the amount of time it takes to transfer incoming data from an external server to a local client?

• A. UDP Response Time (UDP-TRT)
• B. Server Response Time (SRT)
• C. Network Transfer Time (NTTn)
• D. Round Trip Time (RTT)

A current Prisma SASE customer has recently onboarded several new SaaS applications, and they are concerned about their security posture regarding administrative settings. The IT team does not have experience with these applications, and is unsure what the best base security settings would be. Which product would fit the customer's needs?

• A. IoT Security
• B. Prisma SD-WAN
• C. SSPM
• D. SaaS Security

Over half the devices on a company's networks are unmanaged, and the company has been relying on traditional security measures. They are looking for a product to provide protection from costly security breaches. Which Palo Alto product would solve this use case?

• A. Prisma CASB
• B. Prisma Access
• C. GlobalProtect
• D. Prisma Access Browser

In which step of the Five-Step Methodology for implementing the Zero Trust model is the Kipling Method relevant?

• A. Step 3: Architect a Zero Trust network
• B. Step 5: Monitor and maintain the network
• C. Step 4: Create the Zero Trust policy
• D. Step 2: Map the transaction flows

How does Prisma Access enhance visibility and control over SaaS applications?

• A. Through SaaS Security Posture Management (SSPM)
• B. By employing Content Delivery Network (CDN) capabilities
• C. Through centralized logging in Strata Logging Service
• D. By using AIOps for SASE

Which Prisma Access component ensures consistent security policy enforcement across all users?

• A. Cloud Management
• B. SSL Decryption
• C. User-ID
• D. Data Loss Prevention

Which element of a secure access service edge (SASE)-enabled network provides true integration of services, not service chains, with combined services and visibility for all locations, mobile users, and the cloud?

• A. identity and network location
• B. broad network-edge support
• C. converged WAN edge and network security
• D. cloud-native, cloud-based delivery

Which secure access service edge (SASE) networking component inspects web-based protocols and traffic to securely connect users to applications?

• A. proxy
• B. SD-WAN
• C. secure web gateway (SWG)
• D. cloud access security broker (CASB)

How does the secure access service edge (SASE) security model provide cost savings to organizations?

• A. The single platform reduces costs compared to buying and managing multiple point products
• B. The compact size of the components involved reduces overhead costs, as less physical space is needed
• C. The content inspection integration allows third-party assessment, which reduces the cost of contract services
• D. The increased complexity of the model over previous products reduces IT team staffing costs

Which element of a secure access service edge (SASE)-enabled network uses many points of presence to reduce latency with support of in-country or in-region resources and regulatory requirements?

• A. cloud-native, cloud-based delivery
• B. converged WAN edge and network security
• C. broad network-edge support
• D. identity and network location

In which step of the Five-Step Methodology of Zero Trust are application access and user access defined?

• A. Step 4: Create the Zero Trust Policy
• B. Step 3: Architect a Zero Trust Network
• C. Step 1: Define the Protect Surface
• D. Step 5: Monitor and Maintain the Network

What is a benefit of deploying secure access service edge (SASE) with a secure web gateway (SWG) over a SASE solution without a SWG?

• A. heartbeat connection between the firewall peers ensures seamless failover in the event that a peer goes down
• B. It prepares the keys and certificates required for decryption, creating decryption profiles and policies, and configuring decryption port mirroring
• C. Protection is offered in the cloud through a unified platform for complete visibility and precise control over web access while enforcing security policies that protect users from hostile websites
• D. It creates tunnels that allow users and systems to connect securely over a public network as if they were connecting over a local area network (LAN)

Cloud-delivered App-ID provides specific identification of which two applications? (Choose two.)

• A. unknown-tcp
• B. private
• C. web-browsing
• D. custom