ExamGecko
Question list
Search
Search

Related questions











Question 70 - PCNSE discussion

Report
Export

A customer is replacing their legacy remote access VPN solution The current solution is in place to secure only internet egress for the connected clients Prisma Access has been selected to replace the current remote access VPN solution

During onboarding the following options and licenses were selected and enabled

- Prisma Access for Remote Networks 300Mbps

- Prisma Access for Mobile Users 1500 Users

- Cortex Data Lake 2TB

- Trusted Zones trust

- Untrusted Zones untrust

- Parent Device Group shared

How can you configure Prisma Access to provide the same level of access as the current VPN solution?

A.
Configure mobile users with trust-to-untrust Security policy rules to allow the desired traffic outbound to the internet
Answers
A.
Configure mobile users with trust-to-untrust Security policy rules to allow the desired traffic outbound to the internet
B.
Configure mobile users with a service connection and trust-to-trust Security policy rules to allow the desired traffic outbound to the internet
Answers
B.
Configure mobile users with a service connection and trust-to-trust Security policy rules to allow the desired traffic outbound to the internet
C.
Configure remote networks with a service connection and trust-to-untrust Security policy rules to allow the desired traffic outbound to the internet
Answers
C.
Configure remote networks with a service connection and trust-to-untrust Security policy rules to allow the desired traffic outbound to the internet
D.
Configure remote networks with trust-to-trust Security policy rules to allow the desired traffic outbound to the internet
Answers
D.
Configure remote networks with trust-to-trust Security policy rules to allow the desired traffic outbound to the internet
Suggested answer: A

Explanation:

To provide the same level of access as the current VPN solution, which is to secure only Internet egress for the connected clients, you can configure mobile users with trust-to-untrust Security policy rules to allow the desired traffic outbound to the Internet. This way, the mobile users will beassigned an IP address from a pool that belongs to the trust zone, and they will be able to access the Internet through Prisma Access using a gateway that belongs to the untrust zone1. You do not need to configure a service connection for this scenario, as a service connection is used to enable access between mobile users and remote networks or private apps2. You also do not need to configure trust-to-trust Security policy rules, as they are used to enable access between mobile users and other trusted resources3. Reference: 1: https://docs.paloaltonetworks.com/prisma/prisma-access/prisma- access-panorama-admin/prepare-the-prisma-access-infrastructure/service-connection- overview/create-a-service-connection-to-enable-access-between-users-and-networks 2: https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-cloud-managed-admin/prisma-access-service-connections 3: https://docs.paloaltonetworks.com/prisma/prisma- access/prisma-access-cloud-managed-admin/prisma-access-mobile-users/mobile-users- globalprotect/globalprotect-features-for-prisma-access.html

asked 23/09/2024
Meghan Crofford
39 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first