A financial services firm is deploying Prisma Access managed by Strata Cloud Manager. For compliance reasons, they must log all DNS queries made by mobile users to an on-premises SIEM. The current configuration forwards all other traffic logs to the Strata Logging Service. Which configuration change is required to selectively forward only the DNS logs to the on-premises SIEM while maintaining other logging functions?
An organization wants to provide secure, agentless access for third-party contractors to a specific internal web application. The security team's requirements are to prevent data exfiltration by disabling copy-paste and printing, and to isolate the contractors' browser sessions from the internal network. Which combination of Prisma Access features should an engineer implement to meet these requirements?
During a Prisma Access deployment, an engineer observes that mobile user traffic to Microsoft 365 applications is experiencing higher latency than expected. The organization wants to optimize this traffic without compromising security inspection. What is the recommended Prisma Access feature to address this specific issue?
A network architect is designing a Prisma Access solution for a multinational corporation. The design must ensure that traffic from a remote network in Germany is routed to a service connection in a UK data center over the Palo Alto Networks backbone, bypassing the public internet for the majority of the path. Which routing component is primarily responsible for facilitating this traffic flow? ```mermaid graph TD subgraph Germany RN[Remote Network] end subgraph UK DC[Data Center] SC[Service Connection] end subgraph Prisma_Access_Cloud [Prisma Access Cloud] SPN_DE[SPN Germany] SPN_UK[SPN UK] Backbone(Palo Alto Networks Backbone) end RN --> SPN_DE SPN_DE --> Backbone Backbone --> SPN_UK SPN_UK --> SC SC --> DC ```
True or False: When using the Prisma Access ZTNA Connector for private application access, a service connection is no longer required to establish connectivity between Prisma Access and the data center where the applications are hosted.
A retail company is onboarding 500 branch locations as remote networks into Prisma Access. The network team wants to use dynamic routing to advertise the branch subnets and receive routes from the data center. Each branch has a single CPE device. What is the most scalable and efficient method to configure routing for these remote networks?
An administrator is using the Best Practice Assessment (BPA) tool within Strata Cloud Manager to evaluate their Prisma Access configuration. The BPA report indicates a failing check related to 'Decryption Profile with no-decrypt action'. What is the most likely reason for this failing check and the recommended remediation?
An SSE engineer needs to configure Prisma Access to authenticate mobile users based on their membership in specific Active Directory groups. The organization uses Azure AD as its identity provider and has synchronized its on-premises AD. Which Prisma Access component is essential for retrieving user and group information from Azure AD to enforce user-based policies? (Select TWO)
A security team is concerned about employees using unsanctioned generative AI services, which could lead to sensitive data exposure. They want to allow access to their corporate-sanctioned AI tool but block all others, while also logging all prompts sent to the sanctioned tool. Which Prisma Access service is specifically designed to meet these requirements?
A user reports intermittent connectivity issues when connected to Prisma Access via the GlobalProtect client. The help desk has verified the user has a stable internet connection. As a troubleshooting step, the SSE engineer wants to analyze the traffic flow from the user's endpoint through the Prisma Access infrastructure. Which tool within Strata Cloud Manager provides detailed, hop-by-hop visibility and performance metrics for a user's connection to a specific application?