Palo Alto Networks SSE Engineer Dumps (V8.02) – Pass Your Palo Alto Networks Security Service Edge Engineer Exam with the Latest Study Materials

1. A customer is implementing Prisma Access (Managed by Strata Cloud Manager) to connect mobile users, branch locations, and business-to- business (B2B) partners to their data centers. The solution must meet these requirements:

The mobile users must have internet filtering, data center connectivity, and remote site connectivity to the branch locations.

The branch locations must have internet filtering and data center connectivity.

The B2B partner connections must only have access to specific data center internally developed applications running on non-standard ports.

The security team must have access to manage the mobile user and access to branch locations.

The network team must have access to manage only the partner access.

How should Prisma Access be implemented to meet the customer requirements?

2. A customer is implementing Prisma Access (Managed by Strata Cloud Manager) to connect mobile users, branch locations, and business-to- business (B2B) partners to their data centers.

The solution must meet these requirements:

The mobile users must have internet filtering, data center connectivity, and remote site connectivity to the branch locations.

The branch locations must have internet filtering and data center connectivity.

The B2B partner connections must only have access to specific data center internally developed applications running on non-standard ports.

The security team must have access to manage the mobile user and access to branch locations.

The network team must have access to manage only the partner access.

How can the engineer configure mobile users and branch locations to meet the requirements?

3. A customer is implementing Prisma Access (Managed by Strata Cloud Manager) to connect mobile users, branch locations, and business-to- business (B2B) partners to their data centers.

The solution must meet these requirements:

The mobile users must have internet filtering, data center connectivity, and remote site connectivity to the branch locations.

The branch locations must have internet filtering and data center connectivity.

The B2B partner connections must only have access to specific data center internally developed applications running on non-standard ports.

The security team must have access to manage the mobile user and access to branch locations.

The network team must have access to manage only the partner access.

Which two options will allow the engineer to support the requirements? (Choose two.)

4. A customer is implementing Prisma Access (Managed by Strata Cloud Manager) to connect mobile users, branch locations, and business-to- business (B2B) partners to their data centers.

* The solution must meet these requirements:

* The mobile users must have internet filtering, data center connectivity, and remote site connectivity to the branch locations.

* The branch locations must have internet filtering and data center connectivity.

* The B2B partner connections must only have access to specific data center internally developed applications running on non-standard ports.

* The security team must have access to manage the mobile user and access to branch locations.

* The network team must have access to manage only the partner access.

Which two components can be provisioned to enable data center connectivity over the internet? (Choose two.)

5. Which two actions can a company with Prisma Access deployed take to use the Egress IP API to automate policy rule updates when the IP addresses used by Prisma Access change? (Choose two.)

6. How can an engineer verify that only the intended changes will be applied when modifying Prisma Access policy configuration in Strata Cloud Manager (SCM)?

A. Review the SCM portal for blue circular indicators next to each configuration menu item and ensure only the intended areas of configuration have this indicator.

B. Compare the candidate configuration and the most recent version under "Config Version Snapshots/

C. Select the most recent job under Operations > Push Status to view the pending changes that would apply to Prisma Access.

D. Open the push dialogue in SCM to preview all changes which would be pushed to Prisma Access.

7. When using the traffic replication feature in Prisma Access, where is the mirrored traffic directed for analysis?

8. When a review of devices discovered by IoT Security reveals network routers appearing multiple times with different IP addresses, which configuration will address the issue by showing only unique devices?

9. What is the impact of selecting the “Disable Server Response Inspection” checkbox after confirming that a Security policy rule has a threat protection profile configured?

10. A company has a Prisma Access deployment for mobile users in North America and Europe. Service connections are deployed to the data centers on these continents, and the data centers are connected by private links.

With default routing mode, which action will verify that traffic being delivered to mobile users traverses the service connection in the appropriate regions?

A. Configure BGP on the customer premises equipment (CPE) to prefer the assigned community string attribute on the mobile user prefixes in its respective Prisma Access region.

B. Configure each service connection to filter out the mobile user pool prefixes from the other region in the advertisements to the data center.

C. Configure BGP on the customer premises equipment (CPE) to prefer the MED attribute on the mobile user prefixes in its respective Prisma Access region.

D. Configure each service connection to prepend the BGP ASN five times for mobile user pool prefixes originating from the other region.

11. Based on the image below, which two statements describe the reason and action required to resolve the errors? (Choose two.)

12. How can a network security team be granted full administrative access to a tenant's configuration while restricting access to other tenants by using role-based access control (RBAC) for Panorama Managed Prisma Access in a multitenant environment?

13. An engineer has configured a Web Security rule that restricts access to certain web applications for a

specific user group. During testing, the rule does not take effect as expected, and the users can still

access blocked web applications.

What is a reason for this issue?

14. What will cause a connector to fail to establish a connection with the cloud gateway during the deployment of a new ZTNA Connector in a data center?

15. Which feature will fetch user and group information to verify whether a group from the Cloud Identity Engine is present on a security processing node (SPN)?

16. An engineer configures User-ID redistribution from an on-premises firewall connected to Prisma Access (Managed by Panorama) using a service connection. After committing the configuration, traffic from remote network connections is still not matching the correct user-based policies.

Which two configurations need to be validated? (Choose two.)

17. What is the purpose of embargo rules in Prisma Access?

18. Strata Logging Service is configured to forward logs to an external syslog server; however, a month later, there is a disruption on the syslog server.

Which action will send the missing logs to the external syslog server?

19. A large retailer has deployed all of its stores with the same IP address subnet. An engineer is onboarding these stores as Remote Networks in Prisma Access. While onboarding each store, the engineer selects the “Overlapping Subnets” checkbox.

Which Remote Network flow is supported after onboarding in this scenario?

20. An intern is tasked with changing the Anti-Spyware Profile used for security rules defined in the GlobalProtect folder. All security rules are using the Default Prisma Profile. The intern reports that the options are greyed out and cannot be modified when selecting the Default Prisma Profile.

Based on the image below, which action will allow the intern to make the required modifications?

A. Request edit access for the GlobalProtect scope.

B. Change the configuration scope to Prisma Access and modify the profile group.

C. Create a new profile, because default profile groups cannot be modified.

D. Modify the existing anti-spyware profile, because best-practice profiles cannot be removed from a group.

21. How can role-based access control (RBAC) for Prisma Access (Managed by Strata Cloud Manager) be used to grant each member of a security team full administrative access to manage the Security policy in a single tenant while restricting access to other tenants in a multitenant deployment?

22. An engineer configures a Security policy for traffic originating at branch locations in the Remote Networks configuration scope. After committing the configuration and reviewing the logs, the branch traffic is not matching the Security policy.

Which statement explains the branch traffic behavior?

23. What is the flow impact of updating the Cloud Services plugin on existing traffic flows in Prisma Access?

24. Which overlay protocol must a customer premises equipment (CPE) device support when terminating a Partner Interconnect-based Colo-Connect in Prisma Access?

25. An engineer has configured IPSec tunnels for two remote network locations; however, users are experiencing intermittent connectivity issues across the tunnels.

What action will allow the engineer to receive notifications when the IPSec tunnels are down or experiencing instability?

26. Which two configurations must be enabled to allow App Acceleration for SaaS applications? (Choose two.)

27. Which two statements apply when a customer has a large branch office with employees who all arrive and log in within a five-minute time period? (Choose two.)

28. Which statement applies when enabling multitenancy in Prisma Access (Managed by Panorama)?

A. Service connection licenses will be assigned only to the first tenant, and these service connections can be shared with the other tenants.

B. A single tenant cannot consist solely of mobile users or solely of remote networks.

C. Each tenant is allocated its own dedicated Prisma Access instances, with compute resources that are not shared across tenants.

D. There is flexibility to manage different tenants using separate Panoramas, which allows for better organization and management of the multiple tenants.

29. A company has four branch offices between Canada Central and Canada East which use the same IPSec termination node and have QoS configured with customized bandwidth per site. An engineer wants to onboard a new branch office on the same IPSec termination node.

What is the QoS behavior for the new branch office?

30. A customer using Prisma Access (Managed by Panorama) wants to monitor traffic patterns across all remote networks and use Strata Logging Service to gather insights on network usage. An engineer notices that some network data is missing from the Application Command Center (ACC).

What should the engineer do to ensure complete data visibility?