Palo Alto Networks PSE-SoftwareFirewall Exam Practice Test Instant Access

Question 1

Which two steps are involved in deployment of a VM-Series firewall on NSX? (Choose two.)

ACreate a virtual data center (vDC) and a vApp that includes the VM-Series firewall.

BEnable communication between Panorama and the NSX Manager.

CRegister the VM-Series firewall as a service.

DObtain the Amazon Machine Images (AMIs) from marketplace.

Answer : B, C

This step involves setting up a connection between Panorama (the centralized management platform for Palo Alto Networks firewalls) and the VMware NSX Manager. This communication is essential for managing and orchestrating the VM-Series firewalls within the NSX environment.

Palo Alto Networks VMware NSX Integration Guide

Registering the VM-Series firewall as a service in the NSX Manager is crucial for the firewall to be recognized and managed within the NSX environment. This step allows the firewall to be deployed and configured as part of the NSX service chaining.

Palo Alto Networks VMware NSX Integration Guide

Question 2

What is required to integrate a Palo Alto Networks VM-Series firewall with Azure Orchestration?

AClient-ID

BAPI Key

CDynamic Address Groups

DAperture orchestration engine

Answer : B

To integrate a Palo Alto Networks VM-Series firewall with Azure Orchestration, an API Key is required. The API Key is used to authenticate and authorize the firewall to interact with Azure services, enabling automated management and orchestration of security policies and configurations.

Palo Alto Networks Integration with Azure: Azure Integration

Azure API Management: Azure API Key

Question 3

Auto scaling templates for which type of firewall enable deployment of a single auto scaling group (ASG) of VM-Series firewalls to secure inbound traffic from the internet to Amazon Web Services (AWS) application workloads?

AHA-Series

BVM-Series

CPA-Series

DCN-Series

Answer : B

VM-Series Auto Scaling:

The VM-Series firewalls are designed to integrate with cloud environments like AWS and support auto-scaling. This allows for the deployment of a single auto-scaling group (ASG) of VM-Series firewalls to secure inbound traffic from the internet to AWS application workloads.

Palo Alto Networks VM-Series Deployment Guide on AWS

Question 4

Why are VM-Series firewalls and hardware firewalls that are external to the Kubernetes cluster problematic for protecting containerized workloads?

AThey function differently based on whether they are located inside or outside of the cluster.

BThey are located outside the cluster and have no visibility into application-level cluster traffic.

CThey are managed by another entity when located inside the cluster.

DThey do not scale independently of the Kubernetes cluster.

Answer : B

Visibility into application-level cluster traffic:

VM-Series firewalls and hardware firewalls that are external to the Kubernetes cluster lack the necessary visibility into the traffic and communications occurring at the application level within the cluster. This limitation impedes their ability to effectively protect containerized workloads.

Palo Alto Networks Kubernetes Security Guide

Question 5

Which two elements of the Palo Alto Networks platform architecture enable security orchestration in a software-defined network (SDN)? (Choose two.)

ANVGRE support for advanced VLAN integration

BFull set of APIs enabling programmatic control of policy and configuration

CVXLAN support for network-layer abstraction

DDynamic Address Groups to adapt Security policies dynamically

Answer : B, D

Full set of APIs enabling programmatic control of policy and configuration:

Palo Alto Networks provides a comprehensive set of APIs that allow for the automation and orchestration of security policies and configurations in an SDN environment.

PAN-OS API Guide

Dynamic Address Groups to adapt Security policies dynamically:

Dynamic Address Groups (DAGs) enable the firewall to automatically adjust policies based on dynamic conditions, crucial for SDN environments where network configurations frequently change.

Dynamic Address Groups - PAN-OS

Question 6

Which two routing options are supported by VM-Series? (Choose two.)

ARIP

BOSPF

CIGRP

DBGP

Answer : B, D

The VM-Series firewalls support various dynamic routing protocols to ensure efficient and resilient network traffic management. Among these, OSPF (Open Shortest Path First) and BGP (Border Gateway Protocol) are supported. OSPF is used for intra-domain routing, while BGP is essential for inter-domain routing, allowing VM-Series to participate in complex and scalable network topologies.

Palo Alto Networks VM-Series Deployment Guide: VM-Series Deployment Guide

Palo Alto Networks Administrator's Guide: Routing Protocols

Question 7

What Palo Alto Networks software firewall protects Amazon Web Services (AWS) deployments with network security delivered as a managed cloud service?

AIon-Series Ion-Series

BCN-Series

CCloud next-generation firewall (NGFW)

DVM-Series

Answer : C

The Cloud NGFW by Palo Alto Networks is a managed cloud service designed to provide advanced network security capabilities within AWS deployments. This service leverages Palo Alto Networks' technology to deliver scalable and comprehensive security without the need for users to manage the infrastructure themselves. It is ideal for organizations looking to integrate robust security within their cloud environments efficiently.

Palo Alto Networks Cloud NGFW for AWS: Cloud NGFW for AWS

AWS Marketplace: Cloud NGFW for AWS

Palo Alto Networks PSE-SoftwareFirewall Palo Alto Networks Systems Engineer (PSE): Software Firewall Professional Exam Practice Test