PSE-SASE Online Practice Questions and Answers

In which step of the Five-Step Methodology of Zero Trust are application access and user access defined?

A. Step 4: Create the Zero Trust Policy

B. Step 3: Architect a Zero Trust Network

C. Step 1: Define the Protect Surface

D. Step 5: Monitor and Maintain the Network

Which two actions take place after Prisma SD-WAN Instant-On Network (ION) devices have been deployed at a site? (Choose two.)

A. The devices continually sync the information from directories, whether they are on- premise, cloud-based, or hybrid.

B. The devices establish VPNs over private WAN circuits that share a common service provider.

C. The devices automatically establish a VPN to the data centers over every internet circuit.

D. The devices provide an abstraction layer between the Prisma SD-WAN controller and a particular cloud service.

What is a disadvantage of proxy secure access service edge (SASE) when compared to an inline SASE solution?

A. Proxies force policy actions to be treated as business decisions instead of compromises due to technical limitations.

B. Teams added additional tools to web proxies that promised to solve point problems, resulting in a fragmented and ineffective security architecture.

C. Proxy solutions require an unprecedented level of interconnectivity.

D. Exclusive use of web proxies leads to significant blind spots in traffic and an inability to identify applications and threats on non-standard ports or across multiple protocols.

What are two benefits of installing hardware fail-to-wire port pairs on Instant-On Network (ION) devices? (Choose two.)

A. local area network (LAN) Dynamic Host Configuration Protocol (DHCP) and DHCP relay functionality

B. control mode insertion without modification of existing network configuration

C. network controller communication and monitoring

D. ensures automatic failover when ION devices experience software or network related failure

How does SaaS Security Inline provide a consistent management experience?

A. user credentials required before accessing the resource

B. uses advanced predictive analysis and machine learning (ML)

C. automatically forwards samples for WildFire analysis

D. integrates with existing security

What is an advantage of the Palo Alto Networks cloud-based security infrastructure?

A. It provides comprehensive, scalable cloud security with flexible licensing options.

B. It backhauls traffic to the corporate network.

C. It allows for the elimination of data centers within five years of implementation.

D. It increases the footprint of the security solution.

Which element of a secure access service edge (SASE)-enabled network uses many points of presence to reduce latency with support of in-country or in-region resources and regulatory requirements?

A. cloud-native, cloud-based delivery

B. converged WAN edge and network security

C. broad network-edge support

D. identity and network location

Which three decryption methods are available in a security processing node (SPN)? (Choose three.)

A. SSL Outbound Proxy

B. SSHv2 Proxy

C. SSL Forward Proxy

D. SSL Inbound Inspection

E. SSH Inbound Inspection

What is feature of Autonomous Digital Experience Management (ADEM)?

A. It applies configuration changes and provides credential management, role-based controls, and a playbook repository.

B. It provides customized forms to collect and validate necessary parameters from the requester.

C. It natively ingests, normalizes, and integrates granular data across the security infrastructure at nearly half the cost of legacy security products attempting to solve the problem.

D. It provides IT teams with single-pane visibility that leverages endpoint, simulated, and real-time user traffic data to provide the most complete picture of user traffic flows possible.

Which component of the secure access service edge (SASE) solution provides complete session protection, regardless of whether a user is on or off the corporate network?

A. Zero Trust

B. threat prevention

C. single-pass architecture (SPA)

D. DNS Security

Which CLI command allows visibility into SD-WAN events such as path selection and path quality measurements?

A. >show sdwan connection all |

B. >show sdwan session distribution policy-name

C. >show sdwan path-monitor stats vif

D. >show sdwan event

Which type of access allows unmanaged endpoints to access secured on-premises applications?

A. manual external gateway

B. secure web gateway (SWG)

C. GlobalProtect VPN for remote access

D. Prisma Access Clientless VPN

How does the Palo Alto Networks secure access service edge (SASE) solution enable Zero Trust in a customer environment?

A. It stops attacks that use DNS for command and control or data theft.

B. It feeds threat intelligence into an automation engine for rapid and consistent protections.

C. It classifies sites based on content, features, and safety.

D. It continuously validates every stage of a digital interaction.

Which two statements apply to features of aggregate bandwidth allocation in Prisma Access for remote networks? (Choose two.)

A. Administrator can allocate up to 120% of the total bandwidth purchased for aggregate locations to support traffic peaks.

B. Administrator must assign a minimum of 50 MB to any compute location that will support remote networks.

C. Administrator is not required to allocate all purchased bandwidth to compute locations for the configuration to be valid.

D. Bandwidth that is allocated to a compute location is statically and evenly distributed across remote networks in that location.

In which step of the Five-Step Methodology for implementing the Zero Trust model are the services most valuable to the company defined?

A. Step 2: Map the transaction flows

B. Step 4: Create the Zero Trust policy

C. Step 5: Monitor and maintain the network

D. Step 1: Define the protect surface