A company has four branch offices between Canada Central and Canada East which use the same IPSec termination node and have QoS configured with customized bandwidth per site. An engineer wants to onboard a new branch office on the same IPSec termination node.
What is the QoS behavior for the new branch office?

• A.Automatically distributed to 25% for each site
• B.Unallocated until manually assigned
• C.Automatically distributed to 20% for each site
• D.Cannot be added to existing QoS configuration

Comment: *

Name: *

Email: *

Verification: *

In an Explicit Proxy deployment where no agent can be used on the endpoint, which authentication method is supported with mobile users?

• A.LDAP
• B.Kerberos
• C.SAML
• D.SSO

Comment: *

Name: *

Email: *

Verification: *

All mobile users are unable to authenticate to Prisma Access (Managed by Strata Cloud Manager) using SAML authentication through the Cloud Identity Engine. Users report that after entering their credentials on the Identity Provider (IdP) login page, they are redirected to the Prisma Access portal without successful authentication, and they receive this error message:
Error: Prisma Access Portal Authentication Failed using CIE-SAML with message "400 Bad Request" Which action will identify the root cause of this error?

• A.Verify the SAML metadata configuration in both Strata Cloud Manager and the IdP portal to confirm that the endpoint URLs and certificates are correctly configured.
• B.Examine the Security policy rules in Prisma Access to ensure that traffic from the IdP is allowed and not blocked.
• C.Verify the SAML metadata configuration in both the Cloud Identity Engine and the IdP portal to confirm that the endpoint URLs and certificates are correctly configured.
• D.Review the Authentication logs in Strata Cloud Manager to check for any SAML error messages or authentication failures.

Correct Answer: C

The"400 Bad Request"error when attemptingSAML authenticationthrough theCloud Identity Engine (CIE)suggests amisconfiguration in the SAML metadata. This typically occurs when theendpoint URLs, certificates, or entity IDsdo not match betweenCloud Identity Engine and the IdP portal. To resolve this, verify that:
TheSAML metadatauploaded toCloud Identity Enginematches theconfiguration from the IdP.

TheACS (Assertion Consumer Service) URL, Entity ID, and certificateare correctly set.

There are no incorrect or expired certificates in theCloud Identity Engine and IdP configuration.

By ensuring theSAML metadatais properly configured inboth systems, authentication should proceed without errors.

Comment: *

Name: *

Email: *

Verification: *

Which feature will fetch user and group information to verify whether a group from the Cloud Identity Engine is present on a security processing node (SPN)?

• A.SASE Health Dashboard
• B.User Activity Insights
• C.Prisma Access Locations
• D.Region Activity Insights

Comment: *

Name: *

Email: *

Verification: *

Which policy configuration in Prisma Access Browser (PAB) will protect an organization from malicious BYOD and minimize the impact on the user experience?

• A.One that blocks file exchange
• B.One for session recording
• C.One that blocks elements such as screen scrapers
• D.One that allows access to applications with data masking or watermarking

Comment: *

Name: *

Email: *

Verification: *