New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Paloalto Networks PSE-SASE Palo Alto Networks System Engineer Professional - SASE Exam Exam Practice Test

Page: 1 / 7
Total 65 questions

Palo Alto Networks System Engineer Professional - SASE Exam Questions and Answers

Question 1

What are two ways service connections and remote network connections differ? (Choose two.)

Options:

A.

Remote network connections provide secondary WAN options, but service connections use backup service connection for redundancy.

B.

Remote network connections enforce security policies, but service connections do not.

C.

An on-premises resource cannot originate a connection to the internet over a service connection.

D.

Service connections support both OSPF and BGP for routing protocols, but remote networks support only BGP.

Question 2

What is a benefit of a cloud-based secure access service edge (SASE) infrastructure over a Zero Trust Network Access (ZTNA) product based on a software-defined perimeter (SDP) model?

Options:

A.

Users, devices, and apps are identified no matter where they connect from.

B.

Connection to physical SD-WAN hubs in ther locations provides increased interconnectivity between branch offices.

C.

Complexity of connecting to a gateway is increased, providing additional protection.

D.

Virtual private network (VPN) services are used for remote access to the internal data center, but not the cloud.

Question 3

In which step of the Five-Step Methodology for implementing the Zero Trust model is the Kipling Method relevant?

Options:

A.

Step 3: Architect a Zero Trust network

B.

Step 5: Monitor and maintain the network

C.

Step 4: Create the Zero Trust policy

D.

Step 2: Map the transaction flows

Question 4

Which application gathers health telemetry about a device and its WiFi connectivity in order to help determine whether the device or the WiFi is the cause of any performance issues?

Options:

A.

data loss prevention (DLP)

B.

remote browser isolation (RBI)

C.

Cortex Data Lake

D.

GlobalProtect

Question 5

In which step of the Five-Step Methodology of Zero Trust are application access and user access defined?

Options:

A.

Step 4: Create the Zero Trust Policy

B.

Step 3: Architect a Zero Trust Network

C.

Step 1: Define the Protect Surface

D.

Step 5: Monitor and Maintain the Network

Question 6

Cloud-delivered App-ID provides specific identification of which two applications? (Choose two.)

Options:

A.

unknown-tcp

B.

private

C.

web-browsing

D.

custom

Question 7

Which product draws on data collected through PAN-OS device telemetry to provide an overview of the health of an organization's next-generation firewall (NGFW) deployment and identify areas for improvement?

Options:

A.

Cloud Identity Engine (CIE)

B.

DNS Security

C.

security information and event management (SIEM)

D.

Device Insights

Question 8

In an SD-WAN deployment, what allows customers to modify resources in an automated fashion instead of logging on to a central controller or using command-line interface (CLI) to manage all their configurations?

Options:

A.

dynamic user group (DUG)

B.

DNS server

C.

application programming interface (API)

D.

WildFire

Question 9

What happens when SaaS Security sees a new or unknown SaaS application?

Options:

A.

It forwards the application for WildFire analysis.

B.

It uses machine learning (ML) to classify the application.

C.

It generates alerts regarding changes in performance.

D.

It extends the branch perimeter to the closest node with high performance.

Page: 1 / 7
Total 65 questions