ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCSFE

Palo Alto Networks PCSFE Practice Test - Questions Answers, Page 7

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which two statements apply to the VM-Series plugin? (Choose two.)
Which two methods of Zero Trust implementation can benefit an organization? (Choose two.)
How must a Palo Alto Networks Next-Generation Firewall (NGFW) be configured in order to secure traffic in a Cisco ACI environment?
Which two public cloud platforms does the VM-Series plugin support? (Choose two.)
Which component allows the flexibility to add network resources but does not require making changes to existing policies and rules?
Which two steps are involved in deployment of a VM-Series firewall on NSX? (Choose two.)
Which two valid components are used in installation of a VM-Series firewall in an OpenStack environment? (Choose two.)
Which PAN-OS feature allows for automated updates to address objects when VM-Series firewalls are setup as part of an NSX deployment?
Which of the following can provide application-level security for a web-server instance on Amazon Web Services (AWS)?
Which two configuration options does Palo Alto Networks recommend for outbound high availability (HA) design in Amazon Web Services using a VM-Series firewall? (Choose two.)

Question 61

Report
Export
Collapse

Which service, when enabled, provides inbound traffic protection?

A.
Advanced URL Filtering (AURLF)
A.
Advanced URL Filtering (AURLF)
Answers
B.
Threat Prevention
B.
Threat Prevention
Answers
C.
Data loss prevention (DLP)
C.
Data loss prevention (DLP)
Answers
D.
DNS Security
D.
DNS Security
Answers
Suggested answer: D

Explanation:

DNS Security is a service that provides inbound traffic protection by preventing DNS-based attacks. DNS Security uses machine learning and threat intelligence to identify and block malicious domains, command and control (C2) traffic, and DNS tunneling. Reference: [DNS Security]

Question 62

Report
Export
Collapse

Which two configuration options does Palo Alto Networks recommend for outbound high availability (HA) design in Amazon Web Services using a VM-Series firewall? (Choose two.)

A.
Transit VPC and Security VPC
A.
Transit VPC and Security VPC
Answers
B.
Traditional active-active HA
B.
Traditional active-active HA
Answers
C.
Transit gateway and Security VPC
C.
Transit gateway and Security VPC
Answers
D.
Traditional active-passive HA
D.
Traditional active-passive HA
Answers
Suggested answer: C, D

Explanation:

Palo Alto Networks recommends two configuration options for outbound high availability (HA) design in Amazon Web Services using a VM-Series firewall: transit gateway and Security VPC, and traditional active-passive HA. Transit gateway and Security VPC allows you to use a single transit gateway to route traffic between multiple VPCs and the internet, while using a Security VPC to host the VM-Series firewalls. Traditional active-passive HA allows you to use two VM-Series firewalls in an HA pair, where one firewall is active and handles all traffic, while the other firewall is passive and takes over in case of a failure. Reference: [VM-Series Deployment Guide for AWS Outbound VPC]

Question 63

Report
Export
Collapse

Which two criteria are required to deploy VM-Series firewalls in high availability (HA)? (Choose two.)

A.
Assignment of identical licenses and subscriptions
A.
Assignment of identical licenses and subscriptions
Answers
B.
Deployment on a different host
B.
Deployment on a different host
Answers
C.
Configuration of asymmetric routing
C.
Configuration of asymmetric routing
Answers
D.
Deployment on same type of hypervisor
D.
Deployment on same type of hypervisor
Answers
Suggested answer: A, B

Explanation:

To deploy VM-Series firewalls in high availability (HA), you need to assign identical licenses and subscriptions, and deploy them on a different host. Assigning identical licenses and subscriptions ensures that both firewalls have the same features and capabilities. Deploying them on a different host ensures that they are not affected by the same host failure. Reference: [VM-Series High Availability]

Question 64

Report
Export
Collapse

What is a benefit of CN-Series firewalls securing traffic between pods and other workload types?

A.
It protects data center and internet gateway deployments.
A.
It protects data center and internet gateway deployments.
Answers
B.
It allows for automatic deployment, provisioning, and immediate policy enforcement without any manual intervention.
B.
It allows for automatic deployment, provisioning, and immediate policy enforcement without any manual intervention.
Answers
C.
It ensures consistent security across the entire environment.
C.
It ensures consistent security across the entire environment.
Answers
D.
It allows extension of Zero Trust Network Security to the most remote locations and smallest branches.
D.
It allows extension of Zero Trust Network Security to the most remote locations and smallest branches.
Answers
Suggested answer: B

Explanation:

A benefit of CN-Series firewalls securing traffic between pods and other workload types is that it allows for automatic deployment, provisioning, and immediate policy enforcement without any manual intervention. CN-Series firewalls are integrated with Kubernetes and use the Kubernetes API server to get information about pod labels, namespaces, services, and network policies. CN-Series firewalls can also use Panorama or Terraform to automate the configuration and management of security policies. Reference: [CN-Series Deployment Guide]

Question 65

Report
Export
Collapse

Which type of group allows sharing cloud-learned tags with on-premises firewalls?

A.
Device
A.
Device
Answers
B.
Notify
B.
Notify
Answers
C.
Address
C.
Address
Answers
D.
Template
D.
Template
Answers
Suggested answer: C

Explanation:

Address groups are the type of groups that allow sharing cloud-learned tags with on-premises firewalls. Address groups are dynamic objects that can include IP addresses or tags as members.

Cloud-learned tags are tags that are assigned to cloud resources by cloud providers or third-party tools. By using address groups with cloud-learned tags, you can apply consistent security policies across your hybrid cloud environment. Reference: [Address Groups]


Total 65 questions
Go to page: of 7
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms