PSE-SASE Online Practice Questions and Answers
What is a disadvantage of proxy secure access service edge (SASE) when compared to an inline SASE solution?
A. Proxies force policy actions to be treated as business decisions instead of compromises due to technical limitations.
B. Teams added additional tools to web proxies that promised to solve point problems, resulting in a fragmented and ineffective security architecture.
C. Proxy solutions require an unprecedented level of interconnectivity.
D. Exclusive use of web proxies leads to significant blind spots in traffic and an inability to identify applications and threats on non-standard ports or across multiple protocols.
What are two benefits of installing hardware fail-to-wire port pairs on Instant-On Network (ION) devices? (Choose two.)
A. local area network (LAN) Dynamic Host Configuration Protocol (DHCP) and DHCP relay functionality
B. control mode insertion without modification of existing network configuration
C. network controller communication and monitoring
D. ensures automatic failover when ION devices experience software or network related failure
How does a secure web gateway (SWG) protect users from web-based threats while still enforcing corporate acceptable use policies?
A. Users are mapped via server logs for login events and syslog messages from authenticating services.
B. It uses a cloud-based machine learning (ML)-powered web security engine to perform ML-based inspection of web traffic in real-time.
C. It prompts the browser to present a valid client certificate to authenticate the user.
D. Users access the SWG, which then connects the user to the website while still performing security measures.
Which product continuously monitors each segment from the endpoint to the application and identifies baseline metrics for each application?
A. App-ID Cloud Engine (ACE)
B. Autonomous Digital Experience Management (ADEM)
C. CloudBlades
D. WildFire
What are two ways service connections and remote network connections differ? (Choose two.)
A. Remote network connections provide secondary WAN options, but service connections use backup service connection for redundancy.
B. Remote network connections enforce security policies, but service connections do not.
C. An on-premises resource cannot originate a connection to the internet over a service connection.
D. Service connections support both OSPF and BGP for routing protocols, but remote networks support only BGP.
Which statement describes the data loss prevention (DLP) add-on?
A. It prevents phishing attacks by controlling the sites to which users can submit valid corporate credentials.
B. It employs automated policy enforcement to allow trusted behavior with a new Device-ID policy construct.
C. It is a centrally delivered cloud service with unified detection policies that can be embedded in existing control points.
D. It enables data sharing with third-party tools such as security information and event management (SIEM) systems.
Which component of the secure access service edge (SASE) solution provides complete session protection, regardless of whether a user is on or off the corporate network?
A. Zero Trust
B. threat prevention
C. single-pass architecture (SPA)
D. DNS Security
Which type of access allows unmanaged endpoints to access secured on-premises applications?
A. manual external gateway
B. secure web gateway (SWG)
C. GlobalProtect VPN for remote access
D. Prisma Access Clientless VPN
Which App Response Time metric is the measure of network latency?
A. Round Trip Time (RTT)
B. Server Response Time (SRT)
C. Network Transfer Time (NTTn)
D. UDP Response Time (UDP-TRT)
Users connect to a server in the data center for file sharing. The organization wants to decrypt the traffic to this server in order to scan the files being uploaded and downloaded to determine if malware or sensitive data is being moved by users.
Which proxy should be used to decrypt this traffic?
A. SCP Proxy
B. SSL Inbound Proxy
C. SSH Forward Proxy
D. SSL Forward Proxy