Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

Why would an enterprise architect use a Zero Trust Network Access (ZTNA) connector instead of a service connection for private application access?

A.

It controls traffic from the mobile endpoint to any of the organization's internal resources.

B.

It functions as the attachment point for IPSec-based connections to remote site or branch networks.

C.

It supports traffic sourced from on-premises or public cloud-based resources to mobile users and remote networks.

D.

It automatically discovers private applications and suggests Security policy rules for them.

Which subscription sends non-file format-based traffic that matches Data Filtering Profile criteria to a cloud service to render a verdict?

Enterprise DLP

A.

SaaS Security Inline

B.

Advanced URL Filtering

C.

Advanced WildFire

When using the perfect forward secrecy (PFS) key exchange, how does a firewall behave when SSL Inbound Inspection is enabled?

A.

It acts as meddler-in-the-middle between the client and the internal server.

B.

It acts transparently between the client and the internal server.

C.

It decrypts inboundand outbound SSH connections.

D.

It decrypts traffic between the client and the external server.

What should be reviewed when log forwarding from an NGFW to Strata Logging Service becomes disconnected?

A.

Device certificates

B.

Decryption profile

C.

Auth codes

D.

Software warranty

In which mode should an ION device be configured at a newly acquired site to allow site traffic to be audited without steering traffic?

A.

Access

B.

Control

C.

Disabled

D.

Analytics

Which two policies in Strata Cloud Manager (SCM) will ensure the personal data of employees remains private while enabling decryption for mobile users in Prisma Access? (Choose two.)

A.

SSH Decryption

B.

SSL Inbound Inspection

C.

SSL Forward Proxy

D.

No Decryption

An IT security administrator is maintaining connectivity and security between on-premises infrastructure, private cloud, and public cloud environments in Strata Cloud Manager (SCM).

Which set of practices must be implemented to effectively manage certificates and ensure secure communication across these segmented environments?

A.

Use a centralized certificate management solution. Regularly renew and update certificates. Employ strong encryption protocols.

B.

Use self-signed certificates for all environments.

Renew certificates manually once a year.

Avoid automating certificate management to maintain control.

C.

Rely on the cloud provider's default certificates.

Avoid renewing certificates to reduce overhead and complexity. Manage certificate deployment manually.

D.

Implement different certificate authorities (CAs) for each environment. Use default certificate settings.

Renew certificates only when they expire to reduce overhead and complexity.

In conjunction with Advanced URL Filtering, which feature can be enabled after usemame-to-IP mapping is set up?

A.

Host information profile (HIP)

B.

Credential phishing prevention

C.

Client probing

D.

Indexed data matching