Palo Alto Networks Security Service Edge Engineer
Last Update Jul 14, 2026
Total Questions : 68
We are offering FREE SSE-Engineer Paloalto Networks exam questions. All you do is to just go and sign up. Give your details, prepare SSE-Engineer free exam questions and then go for complete pool of Palo Alto Networks Security Service Edge Engineer test questions that will help you more.
Which feature within Strata Cloud Manager (SCM) allows an operations team to view applications, threats, and user insights for branch locations for both NGFW and Prisma Access simultaneously?
Which two actions can a company with Prisma Access deployed take to use the Egress IP API to automate policy rule updates when the IP addresses used by Prisma Access change? (Choose two.)
An administrator needs to enforce access to all applications via Prisma Access Browser (PAB) for unmanaged or non-compliant devices. Configuration of which two enforcement actions will ensure all access to applications only happens through PAB? (Choose two.)
A financial institution needs to prevent employees from easily moving textual information from secure financial portals accessed using Prisma Access Browser (PAB) directly into other applications on their workstations. The goal is to stop the practice of selecting data within the browser and then inserting that selected content into external documents or programs. Which PAB control should be configured to disable this particular method of data transference?
How can an engineer use risk score customization in SaaS Security Inline to limit the use of unsanctioned SaaS applications by employees within a Security policy?
Based on the image below, which two statements describe the reason and action required to resolve the errors? (Choose two.)

Which two statements apply when a customer has a large branch office with employees who all arrive and log in within a five-minute time period? (Choose two.)
A large retailer has deployed all of its stores with the same IP address subnet. An engineer is onboarding these stores as Remote Networks in Prisma Access. While onboarding each store, the engineer selects the " Overlapping Subnets " checkbox. Which Remote Network flow is supported after onboarding in this scenario?
An engineer has configured a Web Security rule that restricts access to certain web applications for a specific user group. During testing, the rule does not take effect as expected, and the users can still access blocked web applications. What is a reason for this issue?
Which two configurations must be enabled to allow App Acceleration for SaaS applications? (Choose two.)
What is the flow impact of updating the Cloud Services plugin on existing traffic flows in Prisma Access?
A customer is implementing Prisma Access (Managed by Strata Cloud Manager) to connect mobile users, branch locations, and business-to-business (B2B) partners to their data centers. [Same scenario as above.] Which two options will allow the engineer to support the requirements? (Choose two.)
In an Explicit Proxy deployment where no agent can be used on the endpoint, which authentication method is supported with mobile users?
A user connected to Prisma Access reports that traffic intermittently is denied after matching a Catch-All Deny rule at the bottom and bypassing HIP-based policies. Refreshing VPN connection restores the access. What are two reasons for this behavior? (Choose two.)
Which Cloud Identity Engine capability will create a Security policy that uses Entra ID attributes as the source identification?
During a deployment of Prisma Access (Managed by Strata Cloud Manager) for mobile users, a SAML authentication type and authentication profile in the Cloud Identity Engine application is successfully created. Using this SAML authentication, what is a valid next step to configure authentication for mobile users?
Secure Inbound Access has been configured to allow access to an RDP application at a branch location, as shown in the image below. After a successful commit, return traffic from the application is not reaching the internet user. What is causing the return traffic to fail?

A customer using Prisma Access (Managed by Panorama) wants to monitor traffic patterns across all remote networks and use Strata Logging Service to gather insights on network usage. An engineer notices that some network data is missing from the Application Command Center (ACC). What should the engineer do to ensure complete data visibility?
A company is migrating from NGFW-hosted Global Protect to Prisma Access Mobile Users. The authentication method will change from LDAP with Windows Active Directory Domain Controllers to SAML with Microsoft Entra ID. After configuring and applying the SAML Authentication Profile to the Mobile Users configuration, the migrated group-based Security policies are no longer functioning. Which User-ID setting must be updated for the group-based Security policies to begin functioning?
A company has a Prisma Access deployment for mobile users in North America and Europe. Service connections are deployed to the data centers on these continents, and the data centers are connected by private links. With default routing mode, which action will verify that traffic being delivered to mobile users traverses the service connection in the appropriate regions?