Page: 1
/
10
Total 50 questions
Curious about Actual Palo Alto Networks Security Service Edge Engineer (SSE-Engineer) Exam Questions?
Here are sample Palo Alto Networks Security Service Edge Engineer (SSE-Engineer) Exam questions from real exam. You can get more Palo Alto Networks Security Service Edge Engineer (SSE-Engineer) Exam premium practice questions at TestInsights.
Question 1
Which Cloud Identity Engine capability will create a Security policy that uses Entra ID attributes as the source identification?
Correct : D
The Cloud Dynamic User Group capability in Cloud Identity Engine enables the creation of Security policies that use Entra ID (formerly Azure AD) attributes for user identification. This allows Prisma Access to dynamically apply user-based security rules based on real-time Entra ID attributes, ensuring that access policies adapt to user changes such as group membership, device compliance, or role updates.
Start a Discussions
Submit Your Answer:
Question 2
Which feature can help address a customer concern about the length of time it takes to update their SaaS-allowed IP addresses while onboarding to Prisma Access?
Correct : C
When onboarding to Prisma Access, using Dedicated IP addresses helps address concerns about the time required to update SaaS-allowed IP lists. With dedicated egress IPs, the customer receives fixed, predictable IP addresses that do not change dynamically. This eliminates the need to frequently update SaaS providers' allowlists, ensuring seamless access to cloud applications without interruptions due to IP address changes.
Start a Discussions
Submit Your Answer:
Question 3
Based on the image below, which two statements describe the reason and action required to resolve the errors? (Choose two.)
Correct : B, C
The error messages indicate that Prisma Access is encountering certificate issues while attempting to decrypt traffic to 'google.com.' This suggests that the server has pinned certificates, meaning it does not allow man-in-the-middle (MITM) decryption by Prisma Access. Since pinned certificates prevent traffic decryption, a solution is to create a 'do not decrypt' rule for the hostname 'google.com.' This will allow traffic to flow without triggering certificate errors while maintaining secure communication with Google's servers.
Start a Discussions
Submit Your Answer:
Question 4
An engineer configures User-ID redistribution from an on-premises firewall connected to Prisma Access (Managed by Panorama) using a service connection. After committing the configuration, traffic from remote network connections is still not matching the correct user-based policies.
Which two configurations need to be validated? (Choose two.)
Correct : A, D
Ensuring that the Remote_Network_Template is selected when adding the User-ID Agent in Panorama is crucial because User-ID information must be associated with the correct Remote Network configuration for policies to apply properly. Additionally, the Service_Conn_Template must be selected when adding the User-ID Agent in Panorama, as the service connection is responsible for distributing User-ID mappings between the on-premises firewall and Prisma Access. If either of these configurations is incorrect, the user information will not be properly mapped, and traffic will not match user-based policies.
Start a Discussions
Submit Your Answer:
Question 5
After configuring domain-based split tunnel for zoom.us, how is expected behavior on the client machine confirmed?
Correct : A
After configuring domain-based split tunneling for zoom.us, the expected behavior can be confirmed by checking the routing table on the client machine. If split tunneling is correctly configured, the traffic for zoom.us should be routed outside the GlobalProtect VPN tunnel, while other traffic follows the tunnel path. Reviewing the routing table ensures that only the intended traffic is excluded from the tunnel, confirming that the split tunnel configuration is working as expected.
Start a Discussions
Submit Your Answer:
All Official Question Types