Palo Alto Networks Certified Software Firewall Engineer v1.0 (PCSFE)

Page:    1 / 5   
Total 65 questions

What must be enabled when using Terraform templates with a Cloud next-generation firewall (NGFW) for Amazon Web Services (AWS)?

  • A. AWS CloudWatch logging
  • B. Access to the Cloud NGFW for AWS console
  • C. Access to the Palo Alto Networks Customer Support Portal
  • D. AWS Firewall Manager console access

Answer : B

How does Prisma Cloud Compute offer workload security at runtime?

  • A. It automatically builds an allow-list security model for every container and service.
  • B. It quarantines containers that demonstrate increased CPU and memory usage.
  • C. It automatically patches vulnerabilities and compliance issues for every container and service.
  • D. It works with the identity provider (IdP) to identify overprivileged containers and services, and it restricts network access.

Answer : A

What can be implemented in a CN-Series to protect communications between Dockers?

  • A. Firewalling
  • B. Runtime security
  • C. Vulnerability management
  • D. Data loss prevention (DLP)

Answer : A

Which two public cloud platforms does the VM-Series plugin support? (Choose two.)

  • A. Azure
  • B. IBM Cloud
  • C. Amazon Web Services (AWS)
  • D. OCI

Answer : AC

With which two private cloud environments does Palo Alto Networks have deep integrations? (Choose two.)

  • A. VMware NSX-T
  • B. Cisco ACI
  • C. Dell APEX
  • D. Nutanix

Answer : AB

What is the structure of the YAML Ain't Markup Language (YAML) file repository?

  • A. Deployment_Type/Kubernetes/Environment
  • B. Kubernetes/Deployment_Type/Environment
  • C. Kubernetes/Environment/Deployment_Type
  • D. Environment/Kubernetes/Deployment_Type

Answer : C

Which feature must be configured in an NSX environment to ensure proper operation of a VM-Series firewall in order to secure east-west traffic?

  • A. Deployment of the NSX DFW
  • B. VMware Information Sources
  • C. User-ID agent on a Windows domain server
  • D. Device groups within VMware Services Manager

Answer : A

Which two routing options are supported by VM-Series? (Choose two.)

  • A. OSPF
  • B. RIP
  • C. BGP
  • D. IGRP

Answer : AC

What are two requirements for automating service deployment of a VM-Series firewall from an NSX Manager? (Choose two.)

  • A. vCenter has been given Palo Alto Networks subscription licenses for VM-Series firewalls.
  • B. Panorama has been configured to recognize both the NSX Manager and vCenter.
  • C. The deployed VM-Series firewall can establish communications with Panorama.
  • D. Panorama can establish communications to the public Palo Alto Networks update servers.

Answer : BC

How are CN-Series firewalls licensed?

  • A. Data-plane vCPU
  • B. Service-plane vCPU
  • C. Management-plane vCPU
  • D. Control-plane vCPU

Answer : A

Regarding network segmentation, which two steps are involved in the configuration of a default route to an internet router? (Choose two.)

  • A. Select the Static Routes tab, then click Add.
  • B. Select Network > Interfaces.
  • C. Select the Config tab, then select New Route from the Security Zone Route drop-down menu.
  • D. Select Network > Virtual Router, then select the default link to open the Virtual Router dialog.

Answer : AD

Why are containers uniquely suitable for runtime security based on allow lists?

  • A. Containers have only a few defined processes that should ever be executed.
  • B. Developers define the processes used in containers within the Dockerfile.
  • C. Docker has a built-in runtime analysis capability to aid in allow listing.
  • D. Operations teams know which processes are used within a container.

Answer : B

Which two steps are involved in deployment of a VM-Series firewall on NSX? (Choose two.)

  • A. Create a virtual data center (vDC) and a vApp that includes the VM-Series firewall.
  • B. Obtain the Amazon Machine Images (AMIs) from marketplace.
  • C. Enable communication between Panorama and the NSX Manager.
  • D. Register the VM-Series firewall as a service.

Answer : CD

How are Palo Alto Networks Next-Generation Firewalls (NGFWs) deployed within a Cisco ACI architecture?

  • A. SDN code hooks can help detonate malicious file samples designed to detect virtual environments.
  • B. Traffic can be automatically redirected using static address objects.
  • C. Service graphs are configured to allow their deployment.
  • D. VXLAN or NVGRE traffic is terminated and inspected for translation to VLANs.

Answer : C

What is required to integrate a Palo Alto Networks VM-Series firewall with Azure Orchestration?

  • A. Aperture orchestration engine
  • B. Client-ID
  • C. Dynamic Address Groups
  • D. API Key

Answer : D

Page:    1 / 5   
Total 65 questions