Palo Alto Networks SSE-Engineer - Palo Alto Networks Security Service Edge Engineer Exam
Page: 2 / 10
Total 50 questions
Question #6 (Topic: Exam A)
How can an engineer verify that only the intended changes will be applied when modifying Prisma Access policy configuration in Strata Cloud Manager (SCM)?
A. Review the SCM portal for blue circular indicators next to each configuration menu item and ensure only the intended areas of configuration have this indicator.
B. Compare the candidate configuration and the most recent version under “Config Version Snapshots.”
C. Select the most recent job under Operations > Push Status to view the pending changes that would apply to Prisma Access.
D. Open the push dialogue in SCM to preview all changes which would be pushed to Prisma Access.
Answer: B
Question #7 (Topic: Exam A)
When using the traffic replication feature in Prisma Access, where is the mirrored traffic directed for analysis?
A. Specified internal security appliance
B. Dedicated cloud storage location
C. Panorama
D. Strata Cloud Manager (SCM)
Answer: B
Question #8 (Topic: Exam A)
When a review of devices discovered by IoT Security reveals network routers appearing multiple times with different IP addresses, which configuration will address the issue by showing only unique devices?
A. Add the duplicate entries to the ignore list in IoT Security.
B. Merge individual devices into a single device with multiple interfaces.
C. Create a custom role to merge devices with the same hostname and operating system.
D. Delete all duplicate devices, keeping only those discovered using their management IP addresses.
Answer: B
Question #9 (Topic: Exam A)
What is the impact of selecting the “Disable Server Response Inspection” checkbox after confirming that a Security policy rule has a threat protection profile configured?
A. Only HTTP traffic from the server to the client will bypass threat inspection.
B. The threat protection profile will override the “Disable Server Response Inspection” only for HTTP traffic from the server to the client.
C. All traffic from the server to the client will bypass threat inspection.
D. The threat protection profile will override the “Disable Server Response Inspection” for all traffic from the server to the client.
Answer: C
Question #10 (Topic: Exam A)
A company has a Prisma Access deployment for mobile users in North America and Europe. Service connections are deployed to the data centers on these continents, and the data centers are connected by private links.
With default routing mode, which action will verify that traffic being delivered to mobile users traverses the service connection in the appropriate regions?
With default routing mode, which action will verify that traffic being delivered to mobile users traverses the service connection in the appropriate regions?
A. Configure BGP on the customer premises equipment (CPE) to prefer the assigned community string attribute on the mobile user prefixes in its respective Prisma Access region.
B. Configure each service connection to filter out the mobile user pool prefixes from the other region in the advertisements to the data center.
C. Configure BGP on the customer premises equipment (CPE) to prefer the MED attribute on the mobile user prefixes in its respective Prisma Access region.
D. Configure each service connection to prepend the BGP ASN five times for mobile user pool prefixes originating from the other region.
Answer: B
