PSE-SASE Online Practice Questions and Answers

In which step of the Five-Step Methodology of Zero Trust are application access and user access defined?

A. Step 4: Create the Zero Trust Policy

B. Step 3: Architect a Zero Trust Network

C. Step 1: Define the Protect Surface

D. Step 5: Monitor and Maintain the Network

Which product leverages GlobalProtect agents for endpoint visibility and native Prisma SD- WAN integration for remote sites and branches?

A. Cloud-Delivered Security Services (CDSS)

B. WildFire

C. CloudBlades:

D. Autonomous Digital Experience Management (ADEM)

What is a disadvantage of proxy secure access service edge (SASE) when compared to an inline SASE solution?

A. Proxies force policy actions to be treated as business decisions instead of compromises due to technical limitations.

B. Teams added additional tools to web proxies that promised to solve point problems, resulting in a fragmented and ineffective security architecture.

C. Proxy solutions require an unprecedented level of interconnectivity.

D. Exclusive use of web proxies leads to significant blind spots in traffic and an inability to identify applications and threats on non-standard ports or across multiple protocols.

In an SD-WAN deployment, what allows customers to modify resources in an automated fashion instead of logging on to a central controller or using command-line interface (CLI) to manage all their configurations?

A. dynamic user group (DUG)

B. DNS server

C. application programming interface (API)

D. WildFire

What are two benefits of installing hardware fail-to-wire port pairs on Instant-On Network (ION) devices? (Choose two.)

A. local area network (LAN) Dynamic Host Configuration Protocol (DHCP) and DHCP relay functionality

B. control mode insertion without modification of existing network configuration

C. network controller communication and monitoring

D. ensures automatic failover when ION devices experience software or network related failure

Which product enables websites to be rendered in a sandbox environment in order to detect and remove malware and threats before they reach the endpoint?

A. remote browser isolation

B. secure web gateway (SWG)

C. network sandbox

D. DNS Security

In which step of the Five-Step Methodology for implementing the Zero Trust model does inspection and logging of all traffic take place?

A. Step 4: Create the Zero Trust policy

B. Step 3: Architect a Zero Trust network

C. Step 1: Define the protect surface

D. Step 5: Monitor and maintain the network

How does a secure web gateway (SWG) protect users from web-based threats while still enforcing corporate acceptable use policies?

A. Users are mapped via server logs for login events and syslog messages from authenticating services.

B. It uses a cloud-based machine learning (ML)-powered web security engine to perform ML-based inspection of web traffic in real-time.

C. It prompts the browser to present a valid client certificate to authenticate the user.

D. Users access the SWG, which then connects the user to the website while still performing security measures.

What are two benefits provided to an organization using a secure web gateway (SWG)? (Choose two.)

A. VPNs remain connected, reducing user risk exposure.

B. Security policies for making internet access safer are enforced.

C. Access to inappropriate websites or content is blocked based on acceptable use policies.

D. An encrypted challenge-response mechanism obtains user credentials from the browser.

Which application gathers health telemetry about a device and its WiFi connectivity in order to help determine whether the device or the WiFi is the cause of any performance issues?

A. data loss prevention (DLP)

B. remote browser isolation (RBI)

C. Cortex Data Lake

D. GlobalProtect

How does SaaS Security Inline help prevent the data security risks of unsanctioned security-as-a-service (SaaS) application usage on a network?

A. It provides mobility solutions and/or large-scale virtual private network (VPN) capabilities.

B. It offers risk scoring, analytics, reporting, and Security policy rule authoring.

C. It provides built-in external dynamic lists (EDLs) that secure the network against malicious hosts.

D. It prevents credential theft by controlling sites to which users can submit their corporate credentials.

Which secure access service edge (SASE) networking component inspects web-based protocols and traffic to securely connect users to applications?

A. proxy

B. SD-WAN

C. secure web gateway (SWG)

D. cloud access security broker (CASB)

Which App Response Time metric measures the amount of time it takes to transfer incoming data from an external server to a local client?

A. UDP Response Time (UDP-TRT)

B. Server Response Time (SRT)

C. Network Transfer Time (NTTn)

D. Round Trip Time (RTT)

Which element of a secure access service edge (SASE)-enabled network provides true integration of services, not service chains, with combined services and visibility for all locations, mobile users, and the cloud?

A. identity and network location

B. broad network-edge support

C. converged WAN edge and network security

D. cloud-native, cloud-based delivery

Users connect to a server in the data center for file sharing. The organization wants to decrypt the traffic to this server in order to scan the files being uploaded and downloaded to determine if malware or sensitive data is being moved by users.

Which proxy should be used to decrypt this traffic?

A. SCP Proxy

B. SSL Inbound Proxy

C. SSH Forward Proxy

D. SSL Forward Proxy