[2023年03月20日]PSE-SASE試験問題集を試そう!ベストPSE-SASE試験問題
検証済みのPSE-SASEテスト問題集で正確な67問題と解答
質問 35
How can a network engineer export all flow logs and security actions to a security information and event management (SIEM) system?
- A. Use the centralized flow data-export tool built into the controller.
- B. Use a zone-based firewall to export directly through application program interface (API) to the SIEM.
- C. Enable syslog on the Instant-On Network (ION) device.
- D. Enable Simple Network Management Protocol (SNMP) on the Instant-On Network (ION) device.
正解: C
質問 36
Which elements of Autonomous Digital Experience Management (ADEM) help provide end-to-end visibility of everything in an organization's environment?
- A. integrated threat intelligence management, automated distribution to enforcement points at scale, full ticket mirroring
- B. scanning of all traffic, ports, and protocols
- C. data collected from endpoint devices, synthetic monitoring tests, and real-time traffic
- D. alerts, artifacts, and MITRE tactics
正解: A
質問 37
In an SD-WAN deployment, what allows customers to modify resources in an automated fashion instead of logging on to a central controller or using command-line interface (CLI) to manage all their configurations?
- A. application programming interface (API)
- B. dynamic user group (DUG)
- C. DNS server
- D. WildFire
正解: B
質問 38
Which product allows advanced Layer 7 inspection, access control, threat detection and prevention?
- A. Infrastructure as a Service (IaaS)
- B. remote browser isolation
- C. network sandbox
- D. Firewall as a Service (FWaaS)
正解: D
質問 39
Which App Response Time metric is the measure of network latency?
- A. Server Response Time (SRT)
- B. UDP Response Time (UDP-TRT)
- C. Network Transfer Time (NTTn)
- D. Round Trip Time (RTT)
正解: D
質問 40
Cloud-delivered App-ID provides specific identification of which two applications? (Choose two.)
- A. private
- B. unknown-tcp
- C. web-browsing
- D. custom
正解: B,C
質問 41
Which action protects against port scans from the internet?
- A. Apply App-ID Security policy rules to block traffic sourcing from the untrust zone.
- B. Assign an Interface Management profile to the zone of the ingress surface.
- C. Assign Security profiles to Security policy rules for traffic sourcing from the untrust zone.
- D. Apply a Zone Protection profile on the zone of the ingress interface.
正解: D
質問 42
A customer currently has 150 Mbps of capacity at a site. Records show that, on average, a total of 30 Mbps of bandwidth is used for the two links.
What is the appropriate Prisma SD-WAN license for this site?
- A. 50 Mbps
- B. 250 Mbps
- C. 25 Mbps
- D. 175 Mbps
正解: A
質問 43
A customer currently uses a third-party proxy solution for client endpoints and would like to migrate to Prisma Access to secure mobile user internet-bound traffic.
Which recommendation should the Systems Engineer make to this customer?
- A. With the explicit proxy license, set up a service connection.
- B. With the mobile user license, set up explicit proxy.
- C. With the explicit proxy license add-on, set up GlobalProtect.
- D. With the mobile user license, set up a corporate access node.
正解: B
質問 44
What are two ways service connections and remote network connections differ? (Choose two.)
- A. Service connections support both OSPF and BGP for routing protocols, but remote networks support only BGP.
- B. An on-premises resource cannot originate a connection to the internet over a service connection.
- C. Remote network connections provide secondary WAN options, but service connections use backup service connection for redundancy.
- D. Remote network connections enforce security policies, but service connections do not.
正解: C
質問 45
Which two services are part of the Palo Alto Networks cloud-delivered security services (CDSS) package?
(Choose two.)
- A. virtual desktop infrastructure (VDI)
- B. Internet of Things (IoT) Security
- C. security information and event management (SIEM)
- D. Advanced URL Filtering (AURLF)
正解: B,D
質問 46
What is a key benefit of CloudBlades?
- A. configuration of the authentication source once instead of for each authentication method used
- B. automation of UI workflow without any code development and deployment of Prisma SD-WAN ION devices
- C. identification of port-based rules so they can be converted to application-based rules without compromising application availability
- D. utilization of near real-time analysis to detect previously unseen, targeted malware and advanced persistent threats
正解: B
質問 47
How does the secure access service edge (SASE) security model provide cost savings to organizations?
- A. The compact size of the components involved reduces overhead costs, as less physical space is needed.
- B. The increased complexity of the model over previous products reduces IT team staffing costs.
- C. The content inspection integration allows third-party assessment, which reduces the cost of contract services.
- D. The single platform reduces costs compared to buying and managing multiple point products.
正解: C
質問 48
Which two key benefits have been identified for a customer investing in the Palo Alto Networks Prisma secure access service edge (SASE) solution? (Choose two.)
- A. reduced input required from management during third-party investigations
- B. reduced number of security incidents requiring manual investigation
- C. decreased need for interaction between branches
- D. decreased likelihood of a data breach
正解: A,B
質問 49
Which statement applies to Prisma Access licensing?
- A. For remote network and Clean Pipe deployments, a unit is defined as 1 Mbps of bandwidth.
- B. Internet of Things (IOT) Security is included with each license.
- C. It is a perpetual license required to enable support for multiple virtual systems on PA-3200 Series firewalls.
- D. It provides cloud-based, centralized log storage and aggregation.
正解: A
質問 50
Which product leverages GlobalProtect agents for endpoint visibility and native Prisma SD-WAN integration for remote sites and branches?
- A. Cloud-Delivered Security Services (CDSS)
- B. CloudBlades:
- C. WildFire
- D. Autonomous Digital Experience Management (ADEM)
正解: A
質問 51
What is an advantage of next-generation SD-WAN over legacy SD-WAN solutions?
- A. It steers traffic and defines networking and security policies from an application-centric perspective, rather than a packet-based approach.
- B. It allows configuration to forward logs to external logging destinations, such as syslog servers.
- C. It enables definition of the privileges and responsibilities of administrative users in a network.
- D. It provides the ability to push common configurations, configuration updates, and software upgrades to all or a subset of the managed appliances.
正解: A
質問 52
What is feature of Autonomous Digital Experience Management (ADEM)?
- A. It applies configuration changes and provides credential management, role-based controls, and a playbook repository.
- B. It provides IT teams with single-pane visibility that leverages endpoint, simulated, and real-time user traffic data to provide the most complete picture of user traffic flows possible.
- C. It natively ingests, normalizes, and integrates granular data across the security infrastructure at nearly half the cost of legacy security products attempting to solve the problem.
- D. It provides customized forms to collect and validate necessary parameters from the requester.
正解: B
質問 53
Which statement describes the data loss prevention (DLP) add-on?
- A. It employs automated policy enforcement to allow trusted behavior with a new Device-ID policy construct.
- B. It prevents phishing attacks by controlling the sites to which users can submit valid corporate credentials.
- C. It enables data sharing with third-party tools such as security information and event management (SIEM) systems.
- D. It is a centrally delivered cloud service with unified detection policies that can be embedded in existing control points.
正解: D
質問 54
......
Palo Alto Networks PSE-SASEテストエンジンPDFで全問 無料問題集:https://www.goshiken.com/Palo-Alto-Networks/PSE-SASE-mondaishu.html