New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Paloalto Networks PSE-StrataDC Palo Alto Networks System Engineer Professional - Strata Data Center Exam Practice Test

Demo: 9 questions
Total 60 questions

Palo Alto Networks System Engineer Professional - Strata Data Center Questions and Answers

Question 1

How is traffic directed to a Palo Alto Networks firewall integrated with Cisco ACI?

Options:

A.

by creating an access policy

B.

through a policy-based redirect (PBR)

C.

contracts between EPGs that send traffic to the firewall using a shared policy

D.

through a virtual machine monitor (VMM) domain

Question 2

Which three steps are valid for deploying a VM-Series firewall on NSX? (Choose three )

Options:

A.

create steering policies to redirect traffic to the VM-Series firewall

B.

create a vDC and a vApp that includes the VM-Series firewall

C.

register the VM-Series firewall as a service

D.

obtain the AMI from market place

E.

enable communication between Panorama and the NSX Manager

Question 3

How does Palo Alto Networks VM orchestration help service providers automatically provision security instances and policies on demand? (Choose two.)

Options:

A.

Aperture Orchestration Engine (AOE)

B.

Support for Dynamic Address Groups

C.

Fully instrumented API

D.

VM Orchestration Policy Editor

Question 4

Which task is required to create steering rules on NSX-V Manager?

Options:

A.

Select Steering Rules > 3rd Party Firewalls > Palo Alto Networks and then populate the object with the required details

B.

Configure the rule in Panorama and push it to NSX-V Manager.

C.

Select Fabric > Access Policies > Quick Start and follow the prompts

D.

Add a network introspective service and select Redirect to Service under Action.

Question 5

Which configuration is requiredto share NSX security groups as tags to be used by Dynamic Address Groups in a non-NSX firewall?

Options:

A.

notify device groups within VMware Services Manager

B.

a User-ID agent on a Windows domain server

C.

VMware Information Sources

D.

none, sharing happens by default

Question 6

A customer in a non-NSX VMware environment wantsto add a VM-Series firewall and to partition an existing group of VMs in the same subnet into two groups. One group needs no additional security, but the second group requires substantially more security.

How can this partition be accomplished without editing the IP addresses or the default gateways of any of the guest VMs?

Options:

A.

Create a new virtual switch and use the VM-Series firewall to separate virtual switches using Virtual Wire mode Then move the guests that require more security into the new virtual switch

B.

Edit the IP address of all of the affected VMs

C.

Send the VLAN out of the virtual environment into a hardware Palo Alto Networks firewall in Layer 3 mode. Use the same IP address as the old default gateway, then delete the old default gateway

D.

Create a Layer 3 interface in the same subnet as the VMs and configure proxy ARP

Question 7

Whichthree deployment modes of VM-Series firewalls are supported across NSX-T? (Choose three )

Options:

A.

Partner Service

B.

Boot Strap

C.

Prism Central

D.

Tier-1 insertion

E.

Tier-0 insertion

Question 8

What is the major decision factor that customers use when selecting a managed container platform such as AS/EKS/GKE?

Options:

A.

licensing costs

B.

enhanced capabilities not available in vanilla K8s

C.

no need to manage containers, just the application code.

D.

reduced operational costs and management overhead

Question 9

Which VM-Series can be deployed on Amazon Web Services (AWS)?

Options:

A.

Can deploy any VM-Series except the VM-50

B.

Only VM-100, VM-200 and VM-300

C.

Any VM-Series model

D.

Any VM-Series model except the VM-700

Demo: 9 questions
Total 60 questions