Prisma SASE 问题

LeonHart

请问有人可以帮我以下的题目吗？谢谢！

5. ARemote Network is assigned 100Mbps of bandwidth with ECMP enabled on fourtunnels. How much bandwidth is allocated on each tunnel?

a.      100Mbps

b.      4Gbps

c.      25Mbps*

d.      400Mbps

19.What is the primary reason that Prisma Access offers gateway locations in somany countries?

a.      The many locations enable Palo Alto Networks toprovide local language support for the countries from which mobile users aremost likely to connect.*

b.      The sheer number of locations, relative tocompetitors, impresses potential customers.

c.      Providing more country locations enables PaloAlto Networks to sell more Prisma Access enterprise licenses.

d.      Customer often want to ensure that their CEOscan easily connect from their vacation homes.

34.An ION that operates in DC mode supports which three BGP peer types? (Choosethree.)

a.      core peer*

b.      common peer

c.      eBGP peer

d.      edge peer*

e.      classic peer*

42. Whena high round trip time (RTT) appears in the application response time chart,what condition has occurred?

a.      high network latency as measured by the tunnel

b.      high network latency on that path between theclient and server*

c.      an application server that is slow to respond

d.      an application that is slow to transmit data

20.An access administrator wants to use both a regional and a worldwide pool forMobile Users. However, the administrator is confused about how the differentscopes interact. Which two statements might you make to help thisadministrator? (Choose two.)

a.      The same IP addresses can be used in theworldwide pool and in a specific region without issues.

b.      You must configure a regional pool for each regionin which Mobile User locations are enabled.*

c.       Theworldwide pool can be used to provide addresses to a region that has exhaustedits regional pool.*

d.       You mayconfigure one worldwide pool to provide IP addresses for all regions.

26.The Cortex Data Lake sizing calculator for Prisma Access requires which threevalues as inputs? (Choose three.)

a.      number of log-forwarding destinations

b.       cloud-managed or Panorama-managed deployment

c.       number ofMobile Users purchased*

d.       throughput of Remote Networks purchased*

e.       retentionperiod for the logs to be stored*

14. Which statement describes how to use App-ID and User-IDto create security policy?

a.      Security policy should always use source IPaddresses, because IP addresses never change for users.

b.      Security policy should only allow specific usersand groups to access specific applications, regardless of IP addresses andports.*

c.      Security policy should never block HTTPS trafficfor users that are part of the "managers" group, because those usersoften need to access financial sites.

d.      Security policy should always allow all usersand groups to access port 80, because most websites use port 80.

33. In the aggregate model, how are bandwidth allocationsand interface tags applied beginning in Prisma. Access1.8?

a.      License bandwidth is allocated to a computeregion and interface tags are set with a Prisma Access location.*

b.      License bandwidth is allocated to a CloudGenixcontroller and interface tags are set with a compute region.

c.      License bandwidth is allocated to a computeregion and interface tags are set with a CloudGenix controller.

d.      License bandwidth is allocated to a PrismaAccess location and interface tags are set with a compute region.

2. You are explaining to a peer the features of aggregatebandwidth allocation in Prisma Access for Remote Networks. Which two statementsmight you make to this peer? (Choose two.)

a.      The admin is not required to allocate allpurchased bandwidth to compute locations for the configuration to be valid.*

b.       Theadministrator must assign a minimum of 50 MB to any compute location that willsupport remote networks.

c.       Theadministrator can allocate up to 110% of the total bandwidth purchased foraggregate locations to support traffic peaks.*

d.      Bandwidth that is allocated to a computelocation is statically and evenly distributed across remote networks in thatlocation.

4. Identify the three false statements about how User-IDinformation is used in Prisma Access policies? (Choose three.)

a.      AD Sync or an active AD server profile must beactive and enabled.

b.      The User-ID checkbox for the mobile users trustzone must be selected (enabled).

c.      By default, GlobalProtect sends user informationto Prisma Access.*

d.      When you use GlobalProtect, by default, User-IDinformation is available for use within policies.*

e.      To use User-ID policies, you must configurePrisma Access to redistribute User-ID information to on-premises firewalls.*

7. Prisma Access gives Mobile Users which three benefits?(Choose three.)

a.      Web-based traffic is inspected but other trafficis omitted from inspection, which improves performance.

b.      User traffic is inspected and secured as closeas possible to the end-user, which reduces latency.*

c.      User traffic with a destination in SaaS-basedapplications can route straight to those SaaS applications without firsttunneling back to the data center.*

d.      All user traffic is inspected, then allowed ordenied based on policy.*

e.      Outbound internet traffic from the data centeris secured, which supports scalability.

8. A potential customer wants the most cost-effectiveInstant-On Network (ION) device for a branch location. The customer expects anecessary throughput of 125Mbps for the network. The customer also needs ahigh-availability hardware implementation and wants to maintain a 100% circuituptime during device failure. What is the minimum ION model that can meet the customer’sneeds?

a.      ION1000

b.      ION9000

c.      ION3000

d.      ION2000*

15. To compose a path policy action, which three values mustyou know? (Choose three.)

a.      active path, backup path, and L3 failure paths*

b.      direct overlay type, VPN overlay type, andthird-party VPN overlay type*

c.      any private circuit category type or any publiccircuit category type*

d.      BGP neighbor or next hop

e.      source IP prefix filter or destination IP prefixfilter*MAYBE?

17. A customer needs a secondary WAN tunnel for a 100Mremote network. How will adding the tunnel affect the customer's licensedbandwidth?

a.      The secondary WAN tunnel will use an additional100M from the customer's license.*

b.      A secondary WAN tunnel is not supported forremote network deployments.

c.      The secondary WAN tunnel will not use any morebandwidth from the customer's license.

d.      The secondary WAN tunnel will use 50M (half ofthe primary tunnel's amount) from the customer's license.

1. You are administering a DC mode site with two DC ION7000s. You must add another classic peer to the configuration pictured below.This session will be to a remote peer that requires you to source your BGPsession from a different ASN than the default global one pictured. How wouldyou configure this using a Local ASN of 3000?

a.      Configure the BGP global configuration on thesecond ION 7000 and set the AS Number to 3000, then add a BGP classic peer.*

b.      Add a new BGP global configuration, andconfigure the local AS number as 3000.

c.      Add a new BGP classic peer and (on the AdvancedOptions tab) override the Local AS number.

d.      The pictured session is not a configurableoption. You must have the remote peer accept a peer session from AS Number2000.

3. To onboard mobile users, which three prerequisites mustyour environment meet? (Choose three.)

a.      If there will be a VPN tunnel to Prisma Access,GlobalProtect must be installed on user devices.

b.      "Zoning must be configured to require auser ID for the mobile users trust zone. "

c.      Mapping of trust and untrust zone must beconfigured.*

d.      BGP must be configured so that serviceconnection networks can be advertised to the mobile gateways.*

e.      A mobile user subnet and DNS portal name must beconfigured.*

6. A network engineer needs to peer a Prisma SD-WAN branchwith Prisma Access Business or Prisma Access Business Premium. Which functionpermits load balancing of traffic with a destination on the internet via thePrisma Access remote network VPN tunnels?

a.      per-packet load balancing that uses BGP withECMP

b.      per-session balancing that uses BGP with ECMPand symmetric path return

c.      per-flow load balancing that uses statefulSource NAT on the ION device

d.        per-sessionload balancing that uses a flow hash table that is based on the 5-tuples of IP,port, and protocol*

9. What are three functions of Prisma Access? (Choosethree.)

a.      secure configuration of cloud workloads

b.      reduction of cost, complexity, andadministrative overhead

c.      securing of user web traffic without the needfor backhauling

10. Prisma Access Enterprise licensing Prisma AccessEnterprise 1.8 or later with service links supports which three features?(Choose three.)

a.      1000 routes advertised via BGP

b.      IPsec transport*

c.      BGP using ECMP with symmetric path returnenabled

d.      static route definitions for the serviceconnection*

e.      AD Sync or an active AD server profile*

11. A customer that uses the simplified, web-based onboardingmethod will complete which three steps to activate the Prisma Access license?(Choose three.)

a.      Contact the Palo Alto Networks core sales teamfor an OTP.

b.      The customer will copy and paste the OTP intothe Panorama Cloud Services plugin for final validation*

c.      Select an existing Panorama serial number or anew Panorama serial number, or select the cloud-management options.*

d.      Log in to the support account.*

e.      Call TAC to complete the onboarding process.

12. To use App-ID effectively in security policies, whichthree best practices should you follow? (Choose three.)

a.      After the application is specified in policy,set the service to "any."*

b.      Use Policy Optimizer to migrate to anapplication-based policy.

c.      Whenever possible, enable App-ID override.*

d.      Use phased transition to safely enableapplications.*

e.      Use Expedition to migrate a port-based policy toPAN-OS.

LeonHart

13. Using a SASE provider that is delivered from the PublicCloud provides which two benefits? (Choose two.)

a.      eliminates the need for firewall sizing*

b.      dynamically scales*

c.      enables you to share IP addresses with othercustomers

d.      replaces data center firewalls

16. What three qualifying questions will reveal client needsthat steer a solution towards Panorama or a Cloud Console? (Choose three.)

a.      Do you want to manage the server or do you wantthe server to be delivered as SaaS?*

b.      Do you plan to integrate the console with XSOAR?

c.      Are you an existing Panorama customer or user?*

d.      Do you need to configure SSL decryptionpolicies?

e.      Do you use External Dynamic Lists, or EDLs?*

18. To build a stacked QoS or path policy rule, which threevalues must you know? (Choose three.)

a.      source MAC address and destination MAC address

b.      application name*

c.      site name

d.      context*

e.      source and destination prefix*

21. At a minimum, a secure web gateway must have which threefeatures? (Choose three.)

URL filtering

malicious code detection

web-based application controls

22. What are three benefits of installing hardwarefail-to-write port pairs on ION devices? (Choose three.)

a.      analytics mode insertion without modification ofexisting network configuration

b.      simplified cabling for high-availabilityhardware redundancy*

c.      LAN DHCP and DHCP Relay functionality

d.      network controller communication and monitoring*

e.      control mode insertion without modification ofexisting network configuration*

23.

Link quality metrics indicate a poor or unreachable path.

24. What is the most accurate description of the DigitalExperience Monitor (DEM)?

a.      a new monitoring service that ensures thatcompanies are happy with their ability to access digital resources in publicclouds

b.      a feature of Prisma Access that monitors BGProutes to ensure that that mobile users are always connected to a secure Wi-Fihotspot

c.      a Prisma Access client add-on that monitorsperformance to applications and helps identify areas of concern on the networkpath*

d.      a network monitoring tool that ensures thatmobile users are always connected to a secure Wi-Fi hotspot

25. When you deploy two IONs in High Availability branchmode, which two controller port requirements must be met? (Choose two.)

The IONs must be connected to the same VLAN.

The IONs must be directly connected via crossover Ethernetcable.*

The IONs must be configured with unique static IP addresses.*

The IONs must be configured with DHCP dynamic IP addresses.

27. Service Connections and Remote Network connectionsdiffer in which two ways? (Choose two.)

A single service connection can support higher throughputthan Remote Network connections, up to 1Gbps of traffic.*

Connections useBackup Service Connection for redundancy; Remote Network connections provideSecondary WAN options.*

Service Connections are the only connections that supportquality of service (QoS) policy in Prisma Access.

Service Connections support both OSPF and BGP for routingprotocols; Remote Networks support only BGP.

28. An administrator finishes onboarding of a Mobile Userdeployment. The administrator then wants to change the Auth Profile that isused by the Mobile User deployment. Where in Panorama should the administratornavigate to make the change?

a.      Cloud Services Plugin > Configuration >Mobile Users > Onboarding > Network Templates section > Portal

b.      Cloud Services Plugin > Configuration >Mobile Users > Onboarding > Network Templates section > Gateway

c.      Cloud Services Plugin > Configuration >Mobile Users > Onboarding*

d.      Portal and Gateway settings > Mobile UsersNetwork Template

29. How can a network engineer export all flow logs andsecurity actions to a security information and event management (SIEM) system?

a.      Use the centralized flow data-export tool thatis built in to the controller*

b.      enable syslog on the Instant-On Network (ION)device

c.      enable SNMP on the Instant-On Network (ION)device

d.      use a zone-based firewall to export directlythrough API to the SIEM

30. When you add domains to the Prisma Access for MobileUsers network settings, how should you format the internal domain list andclient DNS suffix search?

a.      Internal Domain List and Client DNS SuffixSearch list are both formatted as domain.com

b.      Internal Domain List and Client DNS SuffixSearch list are both formatted as *.domain.com

c.      Internal Domain List is formatted as domain.com,and Client DNS Suffix Search list is formatted as *.domain.com

d.      Internal Domain List is formatted as*.domain.com, and Client DNS Suffix Search list is formatted as domain.com*

31. When you set up equal-cost multi-path (ECMP) and PrismaAccess Remote Networks, what are two essential requirements or components?(Choose two.)

a.      You must assign ECMP load balancing when youfirst define the Remote Network; you cannot add ECMP load balancing to anexisting Remote Network.*

b.      On the Prisma Access side, you can configureECMP exclusively with static routing; BGP is not required.

c.      ECMP cannot increase the bandwidth of a remotenetwork above 500MB, because the tunnels all connect to the same IPsectermination node.

d.      Each tunnel in the ECMP group can be configuredto terminate in a different geographic location for fault tolerance.*

32. For an overlay or VPN-only topology, which BGP peer typeis required?

iBGP peer*

classic peer

edge peer

core peer

35. What is the appropriate license for a customer site withthe following features? The customer currently has 150Mbps of capacity at thesite. Customer records show that, on average, 30Mbps of bandwidth is usedacross the two links?

50 Mbps*

250Mbps

150 Mbps

25 Mbps

36. For Prisma SD-WAN or for Prisma Access Business orBusiness Premium 1.8 or later, which event triggers a design review?

a.      Declining number of sites that Prisma goes below100.

b.      Deploying a site that has more than 1000 users.

c.      Configuring Prisma to act as the default routefor SD-WAN.*

d.      Adding a remote network with more than 500Mbps.

37. A customer needs network analytics available in theportal for at least two months. Which license meets this requirement?

WAN Clarity Reporting license

zone-based Firewall License

all licenses

Network DVR license

38. Prisma SD-WAN CloudBlades address which three use cases?(Choose three.)

a.      automatic network topology updates based onglobal static routes

b.      changes to the the time-of-day path policy

c.      automated active-active connectivity into IaaSofferings such as Azure, GCP, and AWS*

d.      operational integration into third-partyoperational services such as ServiceNow*

e.      automated active-active connectivity into PrismaAccess for Remote Networks*

39. A networks analytics graph indicates that aninitialization failure caused an application unreachability event. How does theION respond to the application unreachability event?

a.      The ION automatically moves the affected flow toa new path based on the configured path policy and starts a reachability probeon the original path.

b.      An alarm is raised in the portal.*

c.      Link quality metrics indicate a poor orunreachable path.

d.      The ION marks the path down and moves alltraffic to another path.

40. What is the the SSL decryption process?

Financial transactions occur over a connection to an HTTPSwebsite, rather than an HTTP website.

All traffic is sent over an encrypted VPN tunnel rather thanvia split-tunneling.

A firewall uses a policy to allow secure application trafficbut block non-secure application traffic.

A firewall uses certificates to establish trust betweenclient-server SSL/TLS connections.*

41. How does Prisma Access differ from other next-generationfirewalls?

a.      Prisma Access is delivered from the public cloudfor elastic scale.**

b.      Prisma Access provides only basic Web Proxyfunctionality.

c.      Prisma Access does not provide SSL decryptioncapabilities.

d.      Prisma Access does not include GlobalProtectfunctionality.

thamky

good

xz蓝精灵

666

LeonHart

有人能帮忙解答吗？

LeonHart

没人吗？

毛毛哥

楼主，你这是啥？考证吗？