In which step of the Five-Step Methodology of Zero Trust are application access and user access defined?
- A . Step 4: Create the Zero Trust Policy
- B . Step 3: Architect a Zero Trust Network
- C . Step 1: Define the Protect Surface
- D . Step 5: Monitor and Maintain the Network
Which two actions take place after Prisma SD-WAN Instant-On Network (ION) devices have been deployed at a site? (Choose two.)
- A . The devices continually sync the information from directories, whether they are on-premise, cloud-based, or hybrid.
- B . The devices establish VPNs over private WAN circuits that share a common service provider.
- C . The devices automatically establish a VPN to the data centers over every internet circuit.
- D . The devices provide an abstraction layer between the Prisma SD-WAN controller and a particular cloud service.
How can a network engineer export all flow logs and security actions to a security information and event management (SIEM) system?
- A . Enable syslog on the Instant-On Network (ION) device.
- B . Use a zone-based firewall to export directly through application program interface (API) to the SIEM.
- C . Enable Simple Network Management Protocol (SNMP) on the Instant-On Network (ION) device.
- D . Use the centralized flow data-export tool built into the controller.
How does the secure access service edge (SASE) security model provide cost savings to organizations?
- A . The single platform reduces costs compared to buying and managing multiple point products.
- B . The compact size of the components involved reduces overhead costs, as less physical space is needed.
- C . The content inspection integration allows third-party assessment, which reduces the cost of contract services.
- D . The increased complexity of the model over previous products reduces IT team staffing costs.
Which statement applies to Prisma Access licensing?
- A . Internet of Things (IOT) Security is included with each license.
- B . It provides cloud-based, centralized log storage and aggregation.
- C . It is a perpetual license required to enable support for multiple virtual systems on PA-3200 Series firewalls.
- D . For remote network and Clean Pipe deployments, a unit is defined as 1 Mbps of bandwidth.
Which product draws on data collected through PAN-OS device telemetry to provide an overview of the health of an organization’s next-generation firewall (NGFW) deployment and identify areas for improvement?
- A . Cloud Identity Engine (CIE)
- B . DNS Security
- C . security information and event management (SIEM)
- D . Device Insights
Which product leverages GlobalProtect agents for endpoint visibility and native Prisma SD-WAN integration for remote sites and branches?
- A . Cloud-Delivered Security Services (CDSS)
- B . WildFire
- C . CloudBlades:
- D . Autonomous Digital Experience Management (ADEM)
What is a key benefit of CloudBlades?
- A . automation of UI workflow without any code development and deployment of Prisma SD-WAN ION devices
- B . utilization of near real-time analysis to detect previously unseen, targeted malware and advanced persistent threats
- C . identification of port-based rules so they can be converted to application-based rules without compromising application availability
- D . configuration of the authentication source once instead of for each authentication method used
A customer currently uses a third-party proxy solution for client endpoints and would like to migrate to Prisma Access to secure mobile user internet-bound traffic.
Which recommendation should the Systems Engineer make to this customer?
- A . With the explicit proxy license add-on, set up GlobalProtect.
- B . With the mobile user license, set up explicit proxy.
- C . With the explicit proxy license, set up a service connection.
- D . With the mobile user license, set up a corporate access node.
What is a disadvantage of proxy secure access service edge (SASE) when compared to an inline SASE solution?
- A . Proxies force policy actions to be treated as business decisions instead of compromises due to technical limitations.
- B . Teams added additional tools to web proxies that promised to solve point problems, resulting in a fragmented and ineffective security architecture.
- C . Proxy solutions require an unprecedented level of interconnectivity.
- D . Exclusive use of web proxies leads to significant blind spots in traffic and an inability to identify applications and threats on non-standard ports or across multiple protocols.
D
1 1. In an SD-WAN deployment, what allows customers to modify resources in an automated fashion instead of logging on to a central controller or using command-line interface (CLI) to manage all their configurations?
What are two benefits of installing hardware fail-to-wire port pairs on Instant-On Network (ION) devices? (Choose two.)
- A . local area network (LAN) Dynamic Host Configuration Protocol (DHCP) and DHCP relay
functionality - B . control mode insertion without modification of existing network configuration
- C . network controller communication and monitoring
- D . ensures automatic failover when ION devices experience software or network related failure
How does SaaS Security Inline provide a consistent management experience?
- A . user credentials required before accessing the resource
- B . uses advanced predictive analysis and machine learning (ML)
- C . automatically forwards samples for WildFire analysis
- D . integrates with existing security
Which product enables websites to be rendered in a sandbox environment in order to detect and remove malware and threats before they reach the endpoint?
- A . remote browser isolation
- B . secure web gateway (SWG)
- C . network sandbox
- D . DNS Security
Organizations that require remote browser isolation (RBI) to protect their users can automate connectivity to third-party RBI products with which platform?
- A . Zero Trust
- B . SaaS Security API
- C . GlobalProtect
- D . CloudBlades API
In which step of the Five-Step Methodology for implementing the Zero Trust model does inspection and logging of all traffic take place?
- A . Step 4: Create the Zero Trust policy
- B . Step 3: Architect a Zero Trust network
- C . Step 1: Define the protect surface
- D . Step 5: Monitor and maintain the network
The Cortex Data Lake sizing calculator for Prisma Access requires which three values as inputs? (Choose three.)
- A . throughput of remote networks purchased
- B . cloud-managed or Panorama-managed deployment
- C . retention period for the logs to be stored
- D . number of log-forwarding destinations
- E . number of mobile users purchased
Which elements of Autonomous Digital Experience Management (ADEM) help provide end-to-end visibility of everything in an organization’s environment?
- A . integrated threat intelligence management, automated distribution to enforcement points at scale, full ticket mirroring
- B . scanning of all traffic, ports, and protocols
- C . data collected from endpoint devices, synthetic monitoring tests, and real-time traffic
- D . alerts, artifacts, and MITRE tactics
What is a benefit of a cloud-based secure access service edge (SASE) infrastructure over a Zero Trust Network Access (ZTNA) product based on a software-defined perimeter (SDP) model?
- A . Users, devices, and apps are identified no matter where they connect from.
- B . Connection to physical SD-WAN hubs in ther locations provides increased interconnectivity between branch offices.
- C . Complexity of connecting to a gateway is increased, providing additional protection.
- D . Virtual private network (VPN) services are used for remote access to the internal data center, but not the cloud.
Which product allows advanced Layer 7 inspection, access control, threat detection and prevention?
- A . Infrastructure as a Service (IaaS)
- B . remote browser isolation
- C . network sandbox
- D . Firewall as a Service (FWaaS)