Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

All mobile users are unable to authenticate to Prisma Access (Managed by Strata Cloud Manager) using SAML authentication through the Cloud Identity Engine. Users report that after entering their credentials on the Identity Provider (IdP) login page, they are redirected to the Prisma Access portal without successful authentication, and they receive this error message: Error: Prisma Access Portal Authentication Failed using CIE-SAML with message " 400 Bad Request " . Which action will identify the root cause of this error? URLs and certificates are correctly configured.

A.

Verify the SAML metadata configuration in both Strata Cloud Manager and the IdP portal to confirm that the endpoint URLs and certificates are correctly configured.

B.

Examine the Security policy rules in Prisma Access to ensure that traffic from the IdP is allowed and not blocked.

C.

Verify the SAML metadata configuration in both the Cloud Identity Engine and the IdP portal to confirm that the endpoint URLs and certificates are correctly configured.

D.

Review the Authentication logs in Strata Cloud Manager to check for any SAML error messages or authentication failures.

What will cause a connector to fail to establish a connection with the cloud gateway during the deployment of a new ZTNA Connector in a data center?

A.

There is a misconfiguration in the DNS settings on the connector.

B.

The connector is deployed behind a double NAT.

C.

The connector is using a dynamic IP address.

D.

There is a high latency in the network connection.

Which advanced AI-powered functionality does Strata Copilot provide to enhance the capabilities of Prisma Access security teams?

A.

Real-time traffic analysis for automated threat prevention

B.

Initial configuration of Prisma Access using a natural language interface

C.

Customized guidance for resolving issues through recommended next steps

D.

Automated remediation of misconfigured security policies

A customer is implementing Prisma Access (Managed by Strata Cloud Manager) to connect mobile users, branch locations, and business-to-business (B2B) partners to their data centers. The solution must meet these requirements: The mobile users must have internet filtering, data center connectivity, and remote site connectivity to the branch locations. The branch locations must have internet filtering and data center connectivity. The B2B partner connections must only have access to specific data center internally developed applications running on non-standard ports. The security team must have access to manage the mobile user and access to branch locations. The network team must have access to manage only the partner access. How should Prisma Access be implemented to meet the customer requirements?

A.

Deploy two Prisma Access instances - the first with mobile users, remote networks, and private access for all internal connection types, and the second with remote networks and private application access for B2B connections - and use the Strata Multitenant Cloud Manager Prisma Access configuration scope to manage access.

B.

Deploy a Prisma Access instance with mobile users, remote networks, and private access for all connection types, and use the Prisma Access Configuration scope to manage all access.

C.

Deploy two Prisma Access instances - the first with mobile users, remote networks, and private access for all internal connection types, and the second with remote networks and private application access for B2B connections - and use the specific configuration scope for the connection type to manage access.

D.

Deploy a Prisma Access instance with mobile users, remote networks, and private access for all connection types, and use the specific configuration scope for the connection type to manage access.

Which configuration change will allow an organization using Prisma Access (Managed by Panorama) to minimize the consumption of Strata Logging Service storage due to a high volume of asymmetric traffic flows on its data center?

A.

Configure a log forwarding profile on the service connection to filter out asymmetric traffic.

B.

Disable traffic logging on the service connection.

C.

Disable the log forwarding profile for the service connection.

D.

Reduce the log retention period for Strata Logging Service.

Which two configurations must be enabled to allow App Acceleration for SaaS applications? (Choose two.)

A.

Acceleration agent for the client machines

B.

QoS for user traffic

C.

Trusted Root CA for the CA certificate

D.

Forward Trust Certificate for the CA certificate

Which two Prisma Access Browser (PAB) configurations will provide a contractor SSH access to an internal system? (Choose two.)

A.

Configure Internal Application entries, Configure Access & Data Control policy

B.

Enable Remote Connections

C.

Configure Remote Connection Application entries, Configure Access & Data Control policy

D.

Enable Internal Connections

How can an engineer verify that only the intended changes will be applied when modifying Prisma Access policy configuration in Strata Cloud Manager (SCM)?

A.

Review the SCM portal for blue circular indicators next to each configuration menu item and ensure only the intended areas of configuration have this indicator.

B.

Compare the candidate configuration and the most recent version under " Config Version Snapshots. "

C.

Select the most recent job under Operations > Push Status to view the pending changes that would apply to Prisma Access.

D.

Open the push dialogue in SCM to preview all changes which would be pushed to Prisma Access.

Which Cloud Identity Engine capability will create a Security policy that uses Entra ID attributes as the source identification?

A.

Entra ID Group Attribute

B.

Attribute Group Mapping

C.

Entra ID Cloud Group

D.

Cloud Dynamic User Group

What is the purpose of embargo rules in Prisma Access?

A.

Rate-limiting connections originating from specific countries

B.

Allowing traffic only from specific countries

C.

Blocking connections from specific countries

D.

Blocking traffic from Russia, China, and North Korea only