View all questions & answers for the Palo Alto Security Service Edge Engineer Exam Materials exam


Question 2 Discussion

Which two actions can a company with Prisma Access deployed take to use the Egress IP API to automate policy rule updates when the IP addresses used by Prisma Access change? (Choose two answers)

  • A. Configure a webhook to receive notifications of IP address changes.
  • B. Copy the Egress IP API Key in the service infrastructure settings.
  • C. Enable the Egress IP API endpoint in Prisma Access.
  • D. Download a client certificate to authenticate to the Egress IP API.
Correct Answer: A,B

Brave-Dump Clients Votes

AB 100%

Comments



Anonymous User 2026-02-26 04:18:53

Selected Answers: A, B


The correct answers are
A. Configure a webhook to receive notifications of IP address changes and
B. Copy the Egress IP API Key in the service infrastructure settings.

How These Two Work Together
The Egress IP API uses an API key for authentication — you copy this key from the Infrastructure Settings in Strata Cloud Manager (previously Panorama > Cloud Services > Configuration > Service Setup) to authenticate all API calls that retrieve the current list of egress IP addresses. Without this key, you cannot query the Egress IP API endpoint at all.

A webhook (Egress IP Notification URL) is configured in the same Infrastructure Settings page to receive HTTP POST notifications whenever Prisma Access egress IPs change — such as during autoscaling, new location additions, or infrastructure upgrades. When triggered, your automation script can then call the Egress IP API (using the copied key) to retrieve the updated IP list and push policy rule changes automatically.