1. Home
  2. Paloalto Networks
  3. SASE Professional
  4. PSE-SASE
  5. Palo Alto Networks System Engineer Professional - SASE Exam Questions and Answers

Pass the Paloalto Networks SASE Professional PSE-SASE Questions and answers with CertsForce

 Paloalto Networks Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions
Questions # 1:

Which product continuously monitors each segment from the endpoint to the application and identifies baseline metrics for each application?

Options:
A.

App-ID Cloud Engine (ACE)

B.

Autonomous Digital Experience Management (ADEM)

C.

CloudBlades

D.

WildFire

Expert Solution
Questions # 2:

What are two ways service connections and remote network connections differ? (Choose two.)

Options:
A.

Remote network connections provide secondary WAN options, but service connections use backup service connection for redundancy.

B.

Remote network connections enforce security policies, but service connections do not.

C.

An on-premises resource cannot originate a connection to the internet over a service connection.

D.

Service connections support both OSPF and BGP for routing protocols, but remote networks support only BGP.

Expert Solution
Questions # 3:

What is a benefit of deploying secure access service edge (SASE) with a secure web gateway (SWG) over a SASE solution without a SWG?

Options:
A.

A heartbeat connection between the firewall peers ensures seamless failover in the event that a peer goes down.

B.

It prepares the keys and certificates required for decryption, creating decryption profiles and policies, and configuring decryption port mirroring.

C.

Protection is offered in the cloud through a unified platform for complete visibility and precise control over web access while enforcing security policies that protect users from hostile websites.

D.

It creates tunnels that allow users and systems to connect securely over a public network as if they were connecting over a local area network (LAN).

Expert Solution
Questions # 4:

What is a disadvantage of proxy secure access service edge (SASE) when compared to an inline SASE solution?

Options:
A.

Proxies force policy actions to be treated as business decisions instead of compromises due to technical limitations.

B.

Teams added additional tools to web proxies that promised to solve point problems, resulting in a fragmented and ineffective security architecture.

C.

Proxy solutions require an unprecedented level of interconnectivity.

D.

Exclusive use of web proxies leads to significant blind spots in traffic and an inability to identify applications and threats on non-standard ports or across multiple protocols.

Expert Solution
Questions # 5:

How does the Palo Alto Networks secure access service edge (SASE) solution enable Zero Trust in a customer environment?

Options:
A.

It stops attacks that use DNS for command and control or data theft.

B.

It feeds threat intelligence into an automation engine for rapid and consistent protections.

C.

It classifies sites based on content, features, and safety.

D.

It continuously validates every stage of a digital interaction.

Expert Solution
Questions # 6:

Which product draws on data collected through PAN-OS device telemetry to provide an overview of the health of an organization's next-generation firewall (NGFW) deployment and identify areas for improvement?

Options:
A.

Cloud Identity Engine (CIE)

B.

DNS Security

C.

security information and event management (SIEM)

D.

Device Insights

Expert Solution
Questions # 7:

In which step of the Five-Step Methodology for implementing the Zero Trust model is the Kipling Method relevant?

Options:
A.

Step 3: Architect a Zero Trust network

B.

Step 5: Monitor and maintain the network

C.

Step 4: Create the Zero Trust policy

D.

Step 2: Map the transaction flows

Expert Solution
Questions # 8:

How can a network engineer export all flow logs and security actions to a security information and event management (SIEM) system?

Options:
A.

Enable syslog on the Instant-On Network (ION) device.

B.

Use a zone-based firewall to export directly through application program interface (API) to the SIEM.

C.

Enable Simple Network Management Protocol (SNMP) on the Instant-On Network (ION) device.

D.

Use the centralized flow data-export tool built into the controller.

Expert Solution
Questions # 9:

Which component of the secure access service edge (SASE) solution provides complete session protection, regardless of whether a user is on or off the corporate network?

Options:
A.

Zero Trust

B.

threat prevention

C.

single-pass architecture (SPA)

D.

DNS Security

Expert Solution
Questions # 10:

Which application gathers health telemetry about a device and its WiFi connectivity in order to help determine whether the device or the WiFi is the cause of any performance issues?

Options:
A.

data loss prevention (DLP)

B.

remote browser isolation (RBI)

C.

Cortex Data Lake

D.

GlobalProtect

Expert Solution
Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions