Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

An employee is traveling to a country where their employer has not deployed a Prisma Access gateway. Which two mobile user gateways will the VPN client connect to automatically? (Choose two.)

A.

Backup

B.

Global fallback

C.

Regional fallback

D.

Local zone

What is the network impact when a Prisma Access service connection is set as a dedicated service connection for traffic steering?

A.

It maintains its zone as Trust and continues to participate in both internal and external BGP routing.

B.

It changes its zone to Untrust, applies source NAT to forwarded traffic, and no longer participates in BGP routing.

C.

It maintains its zone as Trust; however, it disables all Security policies, allowing unrestricted traffic flow through the dedicated service connection.

D.

It applies destination NAT to forwarded traffic, maintains its BGP routing configurations, and allows traffic from both Trust and Untrust zones.

A company has four branch offices between Canada Central and Canada East which use the same IPSec termination node and have QoS configured with customized bandwidth per site. An engineer wants to onboard a new branch office on the same IPSec termination node. What is the QoS behavior for the new branch office?

A.

Automatically distributed to 25% for each site

B.

Unallocated until manually assigned

C.

Automatically distributed to 20% for each site

D.

Cannot be added to existing QoS configuration

How can an engineer use risk score customization in SaaS Security Inline to limit the use of unsanctioned SaaS applications by employees within a Security policy?

A.

Lower the risk score of sanctioned applications and increase the risk score for unsanctioned applications.

B.

Increase the risk score for all SaaS applications to automatically block unwanted applications.

C.

Build an application filter using unsanctioned SaaS as the category.

D.

Build an application filter using unsanctioned SaaS as the characteristic.

What must be configured to accurately report an application ' s availability when onboarding a discovered application for ZTNA Connector?

A.

icmp ping

B.

https ping

C.

tcp ping

D.

udp ping

A company has a Prisma Access deployment for mobile users in North America and Europe. Service connections are deployed to the data centers on these continents, and the data centers are connected by private links. With default routing mode, which action will verify that traffic being delivered to mobile users traverses the service connection in the appropriate regions?

A.

Configure BGP on the customer premises equipment (CPE) to prefer the assigned community string attribute on the mobile user prefixes in its respective Prisma Access region.

B.

Configure each service connection to filter out the mobile user pool prefixes from the other region in the advertisements to the data center.

C.

Configure BGP on the customer premises equipment (CPE) to prefer the MED attribute on the mobile user prefixes in its respective Prisma Access region.

D.

Configure each service connection to prepend the BGP ASN five times for mobile user pool prefixes originating from the other region.

A malicious user is attempting to connect to a blocked website by crafting a packet using a fake SNI and the correct website in the HTTP host header. Which option will prevent this form of attack?

A.

Advanced Threat Prevention option to block " Domain Fronting "

B.

Advanced URL Filtering and block the " Malicious Behavior " category

C.

Advanced URL Filtering and block " SNI mismatch with Server Certificate (SAN/CN) "

D.

SSL Decryption to " Block sessions on SNI mismatch with Server Certificate (SAN/CN) "

An intern is tasked with changing the Anti-Spyware Profile used for security rules defined in the Global Protect folder. All security rules are using the Default Prisma Profile. The intern reports that the options are greyed out and cannot be modified when selecting the Default Prisma Profile. Based on the image below, which action will allow the intern to make the required modifications?

A.

Request edit access for the Global Protect scope.

B.

Change the configuration scope to Prisma Access and modify the profile group.

C.

Create a new profile, because default profile groups cannot be modified.

D.

Modify the existing anti-spyware profile, because best-practice profiles cannot be removed from a group.

An engineer has configured IPSec tunnels for two remote network locations; however, users are experiencing intermittent connectivity issues across the tunnels. What action will allow the engineer to receive notifications when the IPSec tunnels are down or experiencing instability?

A.

Create a new notification profile specifying conditions for remote network IPSec tunnel conditions.

B.

Create a tunnel log notification rule to alert on specified remote network IPSec tunnel conditions.

C.

Set up the operational health dashboard to email alerts for remote Network IPSec tunnel issues.

D.

Select the IPSec tunnel monitoring and notifications checkbox when configuring the remote network IPSec tunnels.

When configuring Remote Browser Isolation (RBI) with Prisma Access (Managed by Strata Cloud Manager), which element is required to define the protected URLs for mobile users?

A.

A URL access management profile with site access set to " Isolate " applied to a Security policy

B.

A DNS Security profile applied to a Security policy with the action of " Isolate " for the target remote browser DNS categories

C.

An RBI profile applied to the URL access management profile

D.

A Security policy with the target URL categories and set the action to " Isolate "