PSE-SASE Online Practice Questions and Answers

How can a network engineer export all flow logs and security actions to a security information and event management (SIEM) system?

A. Enable syslog on the Instant-On Network (ION) device.

B. Use a zone-based firewall to export directly through application program interface (API) to the SIEM.

C. Enable Simple Network Management Protocol (SNMP) on the Instant-On Network (ION) device.

D. Use the centralized flow data-export tool built into the controller.

Which product draws on data collected through PAN-OS device telemetry to provide an overview of the health of an organization's next-generation firewall (NGFW) deployment and identify areas for improvement?

A. Cloud Identity Engine (CIE)

B. DNS Security

C. security information and event management (SIEM)

D. Device Insights

In an SD-WAN deployment, what allows customers to modify resources in an automated fashion instead of logging on to a central controller or using command-line interface (CLI) to manage all their configurations?

A. dynamic user group (DUG)

B. DNS server

C. application programming interface (API)

D. WildFire

How does SaaS Security Inline provide a consistent management experience?

A. user credentials required before accessing the resource

B. uses advanced predictive analysis and machine learning (ML)

C. automatically forwards samples for WildFire analysis

D. integrates with existing security

Organizations that require remote browser isolation (RBI) to protect their users can automate connectivity to third-party RBI products with which platform?

A. Zero Trust

B. SaaS Security API

C. GlobalProtect

D. CloudBlades API

What is an advantage of the Palo Alto Networks cloud-based security infrastructure?

A. It provides comprehensive, scalable cloud security with flexible licensing options.

B. It backhauls traffic to the corporate network.

C. It allows for the elimination of data centers within five years of implementation.

D. It increases the footprint of the security solution.

Which statement describes the data loss prevention (DLP) add-on?

A. It prevents phishing attacks by controlling the sites to which users can submit valid corporate credentials.

B. It employs automated policy enforcement to allow trusted behavior with a new Device-ID policy construct.

C. It is a centrally delivered cloud service with unified detection policies that can be embedded in existing control points.

D. It enables data sharing with third-party tools such as security information and event management (SIEM) systems.

Which element of a secure access service edge (SASE)-enabled network provides true integration of services, not service chains, with combined services and visibility for all locations, mobile users, and the cloud?

A. identity and network location

B. broad network-edge support

C. converged WAN edge and network security

D. cloud-native, cloud-based delivery

How does the Palo Alto Networks secure access service edge (SASE) solution enable Zero Trust in a customer environment?

A. It stops attacks that use DNS for command and control or data theft.

B. It feeds threat intelligence into an automation engine for rapid and consistent protections.

C. It classifies sites based on content, features, and safety.

D. It continuously validates every stage of a digital interaction.

What is an advantage of the unified approach of the Palo Alto Networks secure access service edge (SASE) platform over the use of multiple point products?

A. It allows for automation of ticketing tasks and management of tickets without pivoting between various consoles.

B. It scans all traffic, ports, and protocols and automatically discovers new apps.

C. It turns threat intelligence and external attack surface data into an intelligent data foundation to dramatically accelerate threat response.

D. It reduces network and security complexity while increasing organizational agility.