Palo Alto Networks SD-WAN Engineer v1.0

Page:    1 / 4   
Exam contains 49 questions
Expand All

What is the basis for calculating the minimum bandwidth subscription required for branch IONs?

  • A. Maximum throughput supported by the ION hardware deployed at data center locations
  • B. Amount of traffic which will traverse the SD-WAN secure fabric
  • C. Maximum traffic (ingress and egress) passing through the ION device
  • D. ISP circuit capacity at the branch location


Answer : C

What are two potential causes when a secondary public circuit has been added to the branch site, but the Prisma SD-WAN tunnel is not forming to the data center? (Choose two.)

  • A. Interface role is not selected as “internet.”
  • B. Circuit label is missing from interface type.
  • C. DNS is not configured.
  • D. Interface scope is set to “local.”


Answer : AB

What does Prisma SD-WAN use for monitoring and operations to deliver flow data and application visibility?

  • A. ADEM
  • B. IPFIX
  • C. SNMPv3
  • D. IP SLA


Answer : B

Which statements accurately describes how the Prisma SD-WAN zone-based firewall functions within a branch network?

  • A. North-south traffic (internet/WAN egress) is handled by zone-based firewall and relies on external firewalls for east-west segmentation.
  • B. East-west traffic between the zones can be explicitly blocked, but traditional Access Control List (ACLs) are required to block north-south traffic.
  • C. North-south traffic is handled by application-aware policies, while east-west traffic requires traditional Access Control List (ACLs).
  • D. Security zones enable granular control over both WAN-to-LAN and LAN-to-WAN as well as east-west (LAN-to-LAN) traffic flows within the branch.


Answer : D

Which statement is valid when integrating Prisma SD-WAN with Prisma Access remote networks?

  • A. Security policies for remote networks are configured in Prisma Access and pushed to Prisma SD-WAN for enforcement on the branch ION devices.
  • B. Easy onboarding automatically recommends the closest preconfigured remote network security processing nodes and can be overridden manually.
  • C. A branch with multiple internet circuits will automatically connect to Prisma Access on each circuit and will be used in an active/standby manner for internet-bound traffic.
  • D. Bandwidth must be allocated to each Prisma Access remote network compute location, and this bandwidth is shared between all branches that terminate on this remote network node.


Answer : B

In a data center (DC) with two ION devices, all of the remote branch Prisma SD-WAN VPNs are active only on DC ION-1.
Why are no VPNs active on DC ION-2?

  • A. The BGP core peer is down.
  • B. The static route to core as a next hop is missing.
  • C. The ION device is behind a NAT.
  • D. The DC and branches are in a different domain.


Answer : D

Based on the HA topology image below, which two statements describe the end-state when power is removed from the ION 1200-S labeled “Active”, assuming that the ION labeled “Standby” becomes the active ION? (Choose two.)

  • A. Both the connection to ISP A and the connection to LTE/5G will be usable.
  • B. The VRRP Virtual IP address assigned to any SVIs will be moved to the newly active ION.
  • C. The newly active ION will send a gratuitous ARP to the LAN for the IP address of any SVIs.
  • D. The connection to ISP A will be usable, but the connection to LTE/5G will not.


Answer : AC

How can a network administrator detect a site outage or a service-level agreement (SLA) violation using controller-generated incidents?

  • A. Incidents, SNMP traps, and audits
  • B. Device logs, alerts, and incidents
  • C. Incidents, alerts, statistics, and audit logs
  • D. Priority alerts, informational alerts, and audit logs


Answer : C

A branch manager reports slow network performance, and the network administrator wants to use Prisma SD-WAN Copilot to quickly identify if a specific user, by source IP address, is consuming excessive bandwidth as well as which applications are contributing to this consumption.
How can Copilot assist in this investigation?

  • A. It will automatically generate and email a “User Bandwidth Consumption” report for the specified branch, which the administrator can use to find the top user and the application details.
  • B. It can identify the top applications being used across the entire branch and can be correlated with Flow Browser to attribute specific application usage or total bandwidth consumption to individual source IPs.
  • C. It can directly process a natural language query such as “Show top bandwidth source IPs at SD-WAN Branch X over last 3 hours,” provide summarized views of the top-consuming source IPs, and view the primary applications they are using.
  • D. It will redirect the administrator to the WAN Clarity “Top N: Source IPs” report and the “Flow Browser” utility, suggesting correlation between these tools to determine a user’s specific application usage.


Answer : C

BGP core peers on data center IONs are learning only a default route from the core router.
Which action will protect the SD-WAN network from getting isolated in the event of BGP misconfiguration on the core routers?

  • A. Enable BGP Bidirectional Forwarding Detection (BFD) on the core peer sessions to rapidly detect BGP neighbor failures.
  • B. Configure BGP max-prefix limits on the ION devices to prevent them from accepting too many routes from the core routers.
  • C. Add a static default route with higher admin distance pointing to the core peer IPs.
  • D. Implement BGP route filtering using prefix lists and route maps on the ION devices to only accept specific, known prefixed from the core.


Answer : C

There are periodic complaintsout the poor performance of a real-time application.
What can be inferredout the performance issue, based on the Network Transfer Time (NTT) and Server Response Time (SRT) image below?

  • A. The NTT value increases periodically resulting in higher SRT.
  • B. The NTT value drops periodically due to network related issues.
  • C. The SRT value increases periodically due to Application Server side issues.
  • D. The SRT value drops periodically due to Application Server side issues.


Answer : C

1000 branches are to be deployed on Prisma SD-WAN with the following constraints:
Devices will be shipped in batches directly to the site
Configuration Management Database (CMDB) has all the necessary details for a site deployment
Field tech will be responsible for rack, stack, and cabling of the IONs at each site
Field tech will need to spend minimum amount of time at each branch site to reduce the cost
The NOC operates in shifts and is responsible for remote cutover support
Which method will achieve the mass deployment in shortest possible time?

  • A. Connect the ION to the LAN switch to bring it online, configure the device using the legacy network, connect the ISP modem or cellular, and cutover the site once the ION is configured.
  • B. Connect the device to the ISP modem or use cellular, use device shell to pre-create the configuration for a site, assign the device to the template when device is online, and connect the LAN switch to the ION.
  • C. Use site templates and device shells to pre-create the configuration using csv bult upload, connect the device to the ISP modem or using cellular, assign the device to the template when device is online, and connect the LAN switch to the ION.
  • D. Connect the device to the ISP modem or use cellular, use Prisma SD-WAN Software Development Kit (SDK) using API method for site deployment once the device is online, connect the LAN switch to the ION.


Answer : C

When deploying a branch gateway, secure fabric VPN tunnels are automatically established between which two site types? (Choose two.)

  • A. Branch to branch gateway (same domain)
  • B. Branch gateway to data center
  • C. Branch gateway to branch gateway
  • D. Branch to branch gateway (different domain)


Answer : BC

What is the default action for real-time media applications if link performance is poor?

  • A. Drop the flow.
  • B. Move flows.
  • C. Apply Forward Error Correction (FEC).
  • D. Raise an alarm.


Answer : C

When an ION device has been claimed, the cloud-based controller generates and communicates with the device by which method?

  • A. Manufacturer Installed Certificate (MIC)
  • B. Existing customer public key infrastructure (KPI)
  • C. Self-signed certificate
  • D. Customer Installed Certificate (CIC)


Answer : A

Page:    1 / 4   
Exam contains 49 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy