Palo Alto Networks Certified Software Firewall Engineer v1.0 (PCSFE)

Page:    1 / 9   
Total 125 questions

Which service, when enabled, provides inbound traffic protection?

  • A. Advanced URL Filtering (AURLF)
  • B. Threat Prevention
  • C. Data loss prevention (DLP)
  • D. DNS Security


Answer : B

Which two configuration options does Palo Alto Networks recommend for outbound high availability (HA) design in Amazon Web Services using a VM-Series firewall? (Choose two.)

  • A. Transit VPC and Security VPC
  • B. Traditional active-active HA
  • C. Transit gateway and Security VPC
  • D. Traditional active-passive HA


Answer : AC

Which two criteria are required to deploy VM-Series firewalls in high availability (HA)? (Choose two.)

  • A. Assignment of identical licenses and subscriptions
  • B. Deployment on a different host
  • C. Configuration of asymmetric routing
  • D. Deployment on same type of hypervisor


Answer : AD

What is a benefit of CN-Series firewalls securing traffic between pods and other workload types?

  • A. It protects data center and internet gateway deployments.
  • B. It allows for automatic deployment, provisioning, and immediate policy enforcement without any manual intervention.
  • C. It ensures consistent security across the entire environment.
  • D. It allows extension of Zero Trust Network Security to the most remote locations and smallest branches.


Answer : C

Which type of group allows sharing cloud-learned tags with on-premises firewalls?

  • A. Device
  • B. Notify
  • C. Address
  • D. Template


Answer : B

What needs to be configured to deploy VM-Series firewalls in Azure as an Active/Active High Availability (HA) pair?

  • A. Active/Active HA is not supported in Azure
  • B. HA3 Link
  • C. Floating IP Address
  • D. HA1 and HA2 Link


Answer : C

Organizations using multiple public and private cloud platforms can deploy and configure the VM-Series using which three toolsets? (Choose three.)

  • A. Panorama
  • B. Terraform
  • C. Github
  • D. Ansible
  • E. CloudFormation


Answer : ABD

A data center experiences a power outage that results in the reboot of all ESXi servers, including the software firewall's virtual machine (VM). Subsequently, there is a notable decrease in performance. Most end users complain of being unable to access the internet. The system engineer is still able to log in to the firewall management console smoothly.

What is most likely causing this issue?

  • A. The firewall license has expired.
  • B. The dataplane disk partitions are unable to mount after the reboot.
  • C. There is configuration file corruption on ESXi server.
  • D. The last saved configuration did not save properly in the boot up partition.


Answer : B

Which type of Terraform code is commonly used to deploy infrastructure as code (IaC)?

  • A. Library
  • B. SDK
  • C. Module
  • D. Plugin


Answer : C

With the Panorama plugin for VM-Series installed. Panorama can collect a predefined set of attributes from which services in Amazon Web Services (AWS) as tags and populate it in the VM-Series firewall?

  • A. Load balancers
  • B. VPCs
  • C. Transit gateways
  • D. EC2 instances


Answer : D

Which two community-supported Palo Alto Networks templates will protect cloud workloads by using a CN-Series firewall on GKE? (Choose two.)

  • A. Marketplace
  • B. Ansible
  • C. Helm
  • D. Terraform


Answer : CD

Which two licensing options provide the application visibility and control feature in a VM-Series deployment? (Choose two.)

  • A. Palo Alto Networks Cloud Storage
  • B. PAYG
  • C. BYOL
  • D. AWS Marketplace


Answer : BC

A manager wants to enhance the performance of a Palo Alto Networks VM-Series firewall. How can the use of CLI increase the number of cores in the dataplane?

  • A. Use init-cfg.txt with parameter "plugin-op-commands=dp-cores:<#-cores>.
  • B. Use cfg.txt with parameter "plugin-op-commands=dp-cores:<#-cores>.
  • C. Request vm_series dp-cores <#-cores>.
  • D. Request plugins vm_series dp-cores <#-cores>.


Answer : B

What is created by the Panorama plugin as part of the infrastructure setup in Amazon Web Services (AWS) cloud?

  • A. Route tables and Security VPC with GWLB Endpoints only
  • B. AWS Transit Gateway, route tables, and NAT Gateway subnets
  • C. NAT Gateway subnets, Security VPC with GWLB Endpoints, and route tables
  • D. Security VPC with GWLB endpoints, NAT Gateway subnets, and AWS Transit Gateway


Answer : D

What is the valid command to setup the cluster for CN-series firewall HSF Deployment and to prepare the extend permissions for service account?

  • A. kubectl -n kube-system get secrets
    kubectl -n kube-system get secrets (secrets-from-above-command) -o json >> cred.json
    kubectl apply -f plugin-deploy-serviceaccount.yaml
    kubectl apply -f pan-mgmt-serviceaccount.yaml
  • B. kubectl apply -f plugin-deploy-serviceaccount.yaml
    kubectl apply -f pan-mgmt-serviceaccount.yaml
    kubectl -n kube-system get secrets
    kubectl -n kube-system get secrets (secrets-from-above-command) -o json >> cred.json
  • C. kubectl apply -f plugin-deploy-serviceaccount.yaml
    kubectl -n kube-system get secrets
    kubectl apply -f pan-mgmt-serviceaccount.yaml
    kubectl -n kube-system get secrets (secrets-from-above-command) -o json >> cred.json
  • D. kubectl -n kube-system get secrets
    kubectl -n kube-system get secrets (secrets-from-above-command) -o json >> cred.json
    kubectl apply -f pan-mgmt-serviceaccount.yaml
    kubectl apply -f plugin-deploy-serviceaccount.yaml


Answer : A

Page:    1 / 9   
Total 125 questions