ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCSFE
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which two statements apply to the VM-Series plugin? (Choose two.)
Which two public cloud platforms does the VM-Series plugin support? (Choose two.)
Which two methods of Zero Trust implementation can benefit an organization? (Choose two.)
How must a Palo Alto Networks Next-Generation Firewall (NGFW) be configured in order to secure traffic in a Cisco ACI environment?
Which component allows the flexibility to add network resources but does not require making changes to existing policies and rules?
Which two steps are involved in deployment of a VM-Series firewall on NSX? (Choose two.)
Which two valid components are used in installation of a VM-Series firewall in an OpenStack environment? (Choose two.)
Which PAN-OS feature allows for automated updates to address objects when VM-Series firewalls are setup as part of an NSX deployment?
Which of the following can provide application-level security for a web-server instance on Amazon Web Services (AWS)?
Which two configuration options does Palo Alto Networks recommend for outbound high availability (HA) design in Amazon Web Services using a VM-Series firewall? (Choose two.)

Question 37 - PCSFE discussion

Report
Export

Which two features of CN-Series firewalls protect east-west traffic between pods in different trust zones? (Choose two.)

A.
Intrusion prevention system
Answers
A.
Intrusion prevention system
B.
Communication with Panorama
Answers
B.
Communication with Panorama
C.
External load balancer
Answers
C.
External load balancer
D.
Layer 7 visibility
Answers
D.
Layer 7 visibility
Suggested answer: A, D

Explanation:

The two features of CN-Series firewalls that protect east-west traffic between pods in different trust zones are:

Intrusion prevention system

Layer 7 visibility

East-west traffic is the traffic that flows between applications or workloads within a network or a cloud environment. Pods are the smallest units of deployment in Kubernetes, consisting of one or more containers that share resources and network space. Trust zones are segments of the network or the cloud environment that have different levels of security requirements or policies based on data sensitivity, user identity, device type, or application function. CN-Series firewalls are containerized firewalls that integrate with Kubernetes and provide visibility and control over container traffic.

Intrusion prevention system is a feature of CN-Series firewalls that protects east-west traffic between pods in different trust zones by detecting and blocking known exploits and vulnerabilities using signature-based and behavior-based methods. Layer 7 visibility is a feature of CN-Series firewalls that protects east-west traffic between pods in different trust zones by identifying and classifying applications and protocols based on their content and characteristics, regardless of port, encryption, or evasion techniques. Communication with Panorama and external load balancer are not features of CN-Series firewalls that protect east-west traffic between pods in different trust zones, but they are related features that can enhance management and performance. Reference: Palo Alto Networks Certified Software Firewall Engineer (PCSFE), [CN-Series Concepts], [CN-Series Deployment Guide for Native K8], [Intrusion Prevention System Overview], [App-ID Overview]

Show Answer
asked 23/09/2024
GUY XAVIER DONGMO FAPONG
39 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms