Get 2024 Updated Free Palo Alto Networks PSE-SASE Exam Questions & Answer [Q15-Q32]

Share

Get 2024 Updated Free Palo Alto Networks PSE-SASE Exam Questions and Answer

PSE-SASE Dumps PDF and Test Engine Exam Questions

NEW QUESTION # 15
What is a benefit of deploying secure access service edge (SASE) with a secure web gateway (SWG) over a SASE solution without a SWG?

  • A. It creates tunnels that allow users and systems to connect securely over a public network as if they were connecting over a local area network (LAN).
  • B. Protection is offered in the cloud through a unified platform for complete visibility and precise control over web access while enforcing security policies that protect users from hostile websites.
  • C. It prepares the keys and certificates required for decryption, creating decryption profiles and policies, and configuring decryption port mirroring.
  • D. A heartbeat connection between the firewall peers ensures seamless failover in the event that a peer goes down.

Answer: B


NEW QUESTION # 16
Which action protects against port scans from the internet?

  • A. Assign Security profiles to Security policy rules for traffic sourcing from the untrust zone.
  • B. Assign an Interface Management profile to the zone of the ingress surface.
  • C. Apply App-ID Security policy rules to block traffic sourcing from the untrust zone.
  • D. Apply a Zone Protection profile on the zone of the ingress interface.

Answer: D


NEW QUESTION # 17
What are three ways the secure access service edge (SASE) model can help an organization? (Choose three.)

  • A. decreased reliance on best practices
  • B. data protection
  • C. increased licensing requirements
  • D. increased performance
  • E. cost savings

Answer: B,D,E


NEW QUESTION # 18
Which two prerequisites must an environment meet to onboard Prisma Access mobile users? (Choose two.)

  • A. Mapping of trust and untrust zones must be configured.
  • B. Mobile user subnet and DNS portal name must be configured.
  • C. Zoning must be configured to require a user ID for the mobile users trust zone.
  • D. BGP must be configured so that service connection networks can be advertised to the mobile gateways.

Answer: B,C


NEW QUESTION # 19
Which statement describes the data loss prevention (DLP) add-on?

  • A. It prevents phishing attacks by controlling the sites to which users can submit valid corporate credentials.
  • B. It is a centrally delivered cloud service with unified detection policies that can be embedded in existing control points.
  • C. It enables data sharing with third-party tools such as security information and event management (SIEM) systems.
  • D. It employs automated policy enforcement to allow trusted behavior with a new Device-ID policy construct.

Answer: B


NEW QUESTION # 20
How does Autonomous Digital Experience Management (ADEM) improve user experience?

  • A. The root cause of any alert can be viewed with a single click, allowing users to swiftly stop attacks across the environment.
  • B. It applies in-depth hunting and forensics knowledge to identify and contain threats before they become a breach.
  • C. Working from home or branch offices, all users get the benefit of a digital experience management solution without the complexity of installing additional software and hardware.
  • D. The virtual appliance receives and stores firewall logs without using a local Log Collector, simplifying required steps users must take.

Answer: C


NEW QUESTION # 21
Which two services are provided by Prisma Access Insights? (Choose two.)

  • A. detection of hard-to-find security issues via AI-based innovations to normalize, analyze, and stitch together an enterprise's data
  • B. configuration of the on-premises firewall located behind the service-connection termination
  • C. summary overview screen of the health and performance of an organization's entire Prisma Access environment
  • D. multiple dashboards for focused views of different deployments, the corresponding alerts, and the health status of the infrastructure

Answer: C,D


NEW QUESTION # 22
Which two services are part of the Palo Alto Networks cloud-delivered security services (CDSS) package?
(Choose two.)

  • A. Advanced URL Filtering (AURLF)
  • B. security information and event management (SIEM)
  • C. virtual desktop infrastructure (VDI)
  • D. Internet of Things (IoT) Security

Answer: A,D


NEW QUESTION # 23
What is a benefit of a cloud-based secure access service edge (SASE) infrastructure over a Zero Trust Network Access (ZTNA) product based on a software-defined perimeter (SDP) model?

  • A. Connection to physical SD-WAN hubs in ther locations provides increased interconnectivity between branch offices.
  • B. Users, devices, and apps are identified no matter where they connect from.
  • C. Complexity of connecting to a gateway is increased, providing additional protection.
  • D. Virtual private network (VPN) services are used for remote access to the internal data center, but not the cloud.

Answer: B


NEW QUESTION # 24
Which App Response Time metric is the measure of network latency?

  • A. Round Trip Time (RTT)
  • B. Network Transfer Time (NTTn)
  • C. UDP Response Time (UDP-TRT)
  • D. Server Response Time (SRT)

Answer: A


NEW QUESTION # 25
Which two key benefits have been identified for a customer investing in the Palo Alto Networks Prisma secure access service edge (SASE) solution? (Choose two.)

  • A. reduced input required from management during third-party investigations
  • B. decreased likelihood of a data breach
  • C. reduced number of security incidents requiring manual investigation
  • D. decreased need for interaction between branches

Answer: A,C


NEW QUESTION # 26
Which product draws on data collected through PAN-OS device telemetry to provide an overview of the health of an organization's next-generation firewall (NGFW) deployment and identify areas for improvement?

  • A. Cloud Identity Engine (CIE)
  • B. Device Insights
  • C. DNS Security
  • D. security information and event management (SIEM)

Answer: B


NEW QUESTION # 27
What can prevent users from unknowingly downloading potentially malicious file types from the internet?

  • A. Apply a Zone Protection profile to the untrust zone.
  • B. Apply a File Blocking profile to Security policy rules that allow general web access.
  • C. Assign a Vulnerability profile to Security policy rules that deny general web access.
  • D. Assign an Antivirus profile to Security policy rules that deny general web access.

Answer: B


NEW QUESTION # 28
The Cortex Data Lake sizing calculator for Prisma Access requires which three values as inputs? (Choose three.)

  • A. number of mobile users purchased
  • B. number of log-forwarding destinations
  • C. retention period for the logs to be stored
  • D. throughput of remote networks purchased
  • E. cloud-managed or Panorama-managed deployment

Answer: A,C,D


NEW QUESTION # 29
A customer currently has 150 Mbps of capacity at a site. Records show that, on average, a total of 30 Mbps of bandwidth is used for the two links.
What is the appropriate Prisma SD-WAN license for this site?

  • A. 50 Mbps
  • B. 25 Mbps
  • C. 175 Mbps
  • D. 250 Mbps

Answer: A


NEW QUESTION # 30
Which type of access allows unmanaged endpoints to access secured on-premises applications?

  • A. manual external gateway
  • B. Prisma Access Clientless VPN
  • C. GlobalProtect VPN for remote access
  • D. secure web gateway (SWG)

Answer: B


NEW QUESTION # 31
Which two point products are consolidated into the Prisma secure access service edge (SASE) platform?
(Choose two.)

  • A. Threat Intelligence Platform (TIP)
  • B. security information and event management (SIEM)
  • C. firewall as a service (FWaaS)
  • D. Autonomous Digital Experience Management (ADEM)

Answer: C,D


NEW QUESTION # 32
......

Verified PSE-SASE exam dumps Q&As with Correct 67 Questions and Answers: https://www.validvce.com/PSE-SASE-exam-collection.html

Get New PSE-SASE Certification – Valid Exam Dumps Questions: https://drive.google.com/open?id=1iirsLi2bYiVJ4r5buUWXm5RPUlXW6mzU