Prisma Access Quiz

21. When pushing configuration changes from Panorama to Prisma Access, what target should typically be selected in the 'Push to Devices' scope?

Managed Devices

Log Collectors

Cloud Services

WildFire Appliances

22. What is the primary advantage of using the Cloud-Managed Prisma Access approach (Prisma SASE UI)?

Requires installation of a dedicated management appliance.

Provides a fully cloud-based management experience without needing Panorama.

Stores all logs locally within the browser.

Offers less granular policy control than Panorama.

23. In a Security Policy rule, basing the rule on App-ID (e.g., `facebook-base`) instead of just the Service (e.g., `service-https`) provides what benefit?

Faster policy lookup.

Better performance for encrypted traffic.

More accurate identification and control of the specific application, regardless of port.

Guarantees User-ID mapping.

24. What is the purpose of applying Security Profiles (like Antivirus, URL Filtering) to a Security Policy rule?

To define which traffic the rule should match.

To enable logging for the rule.

To perform content inspection for threats, malicious URLs, etc., on traffic allowed by the rule.

To assign traffic to a QoS class.

25. What does a URL Filtering profile action of 'continue' typically do?

Silently allows the user access.

Blocks access and logs the event.

Presents the user with a warning page they must click through to access the site.

Requires administrator override to allow access.

26. What type of NAT is most commonly configured in Prisma Access to allow mobile users with private IPs to access the internet?

Destination NAT (DNAT)

Source NAT (SNAT) using Dynamic IP and Port (DIPP)

Static Source NAT

No NAT Required

27. What is the primary reason for implementing SSL Forward Proxy decryption?

To speed up encrypted connections.

To allow inspection of encrypted traffic for threats, URLs, App-ID, and sensitive data.

To simplify certificate management.

To bypass HTTPS requirements.

28. For SSL Forward Proxy decryption to work without causing browser errors for users, what must be done?

Users must manually accept certificate warnings.

The Prisma Access Forward Trust CA certificate (or its Root CA) must be installed in the trusted root store of endpoint devices.

Only HTTP traffic should be decrypted.

The Forward Untrust certificate must be deployed to endpoints.

29. Why might traffic to Financial Services or Health and Medicine URL categories commonly be excluded from decryption?

These sites use incompatible encryption.

Due to user privacy concerns and regulations regarding sensitive data.

Because these sites rarely contain threats.

To improve performance for these specific categories.

30. What is the primary goal of configuring QoS policies in Prisma Access?

To block unwanted applications.

To prioritize critical or latency-sensitive application traffic during network congestion.

To increase the total available bandwidth.

To decrypt all traffic.

Prisma Access Quiz (Page 3 of 5)