Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Paloalto Networks PSE-SWFW-Pro-24 Palo Alto Networks Systems Engineer Professional - Software Firewall Exam Practice Test

Demo: 25 questions
Total 85 questions

Palo Alto Networks Systems Engineer Professional - Software Firewall Questions and Answers

Question 1

What is a benefit of credit-based flexible licensing for software firewalls?

Options:

A.

Permanently setting the capabilities of the software firewalls

B.

Adding Cloud-Delivered Security Services (CDSS) to CN-Series firewalls

C.

Adding subscriptions to PA-Series firewalls

D.

Creating Cloud NGFWs

Question 2

What is the primary purpose of the pan-os-python SDK?

Options:

A.

To create a Python-based firewall that is compatible with the latest PAN-OS

B.

To replace the PAN-OS web interface with a Python-based interface

C.

To automate the deployment of PAN-OS firewalls by using Python

D.

To provide a Python interface to interact with PAN-OS firewalls and Panorama

Question 3

Which three statements describe the functionality of Dynamic Address Groups and tags? (Choose three.)

Options:

A.

Static tags are part of the configuration on the firewall, while dynamic tags are part of the runtime configuration.

B.

Dynamic Address Groups that are referenced in Security policies must be committed on the firewall.

C.

To dynamically register tags, use either the XML API or the VM Monitoring agent on the firewall or on the User-ID agent.

D.

IP-Tag registrations to Dynamic Address Groups must be committed on the firewall after each change.

E.

Dynamic Address Groups use tags as filtering criteria to determine their members, and filters do not use logical operators.

Question 4

Where are auth codes registered in the bootstrapping process?

Options:

A.

ESXi server manifest

B.

AutoConfig template

C.

Palo Alto Networks Support Portal

D.

Palo Alto Networks App Hub

Question 5

When using VM-Series firewall bootstrapping, which three methods can be used to install licensed content, including antivirus, applications, and threats? (Choose three.)

Options:

A.

Panorama 10.2 or later to use the content auto push feature

B.

Complete bootstrapping and either Azure Blob storage or Amazon S3 bucket

C.

Content-Security-Policy update URL in the init-cfg.txt file

D.

Custom-AMI or Azure VM image, with content preloaded

E.

Panorama software licensing plugin

Question 6

Which capability, as described in the Securing Applications series of design guides for VM-Series firewalls, is common across Azure, GCP, and AWS?

Options:

A.

BGP dynamic routing to peer with cloud and on-premises routers

B.

GlobalProtect portal and gateway services

C.

Horizontal scalability through cloud-native load balancers

D.

Site-to-site VPN

Question 7

Which three resources are deployment options for Cloud NGFW for Azure or AWS? (Choose three.)

Options:

A.

Azure CLI or Azure Terraform Provider

B.

Azure Portal

C.

AWS Firewall Manager

D.

Panorama AWS and Azure plugins

E.

Palo Alto Networks Ansible playbooks

Question 8

Which two software firewall types can protect egress traffic from workloads attached to an Azure vWAN hub? (Choose two.)

Options:

A.

Cloud NGFW

B.

PA-Series

C.

CN-Series

D.

VM-Series

Question 9

Tags can be created for which three objects? (Choose three.)

Options:

A.

Address groups

B.

Dynamic NAT objects

C.

External dynamic lists

D.

Address objects

E.

Service groups

Question 10

Which statement is valid for both VM-Series firewalls and Cloud NGFWs?

Options:

A.

VM-Series firewalls and Cloud NGFWs can be deployed in a customer's private cloud.

B.

Panorama can manage VM-Series firewalls and Cloud NGFWs.

C.

Updates for VM-Series firewalls and Cloud NGFWs are performed by the customer.

D.

VM-Series firewalls and Cloud NGFWs can be deployed in all public cloud vendor environments.

Question 11

A prospective customer plans to migrate multiple applications to Amazon Web Services (AWS) and is considering deploying Palo Alto Networks NGFWs to protect these workloads from threats. The customer currently uses Panorama to manage on-premises firewalls and wants to avoid additional management complexity.

Which AWS deployment option meets the customer's technical and business value requirements while minimizing risk exposure?

Options:

A.

Software NGFW credits and Strata Cloud Manager (SCM)

B.

Cloud NGFWs and Panorama

C.

Cloud NGFWs and Strata Cloud Manager (SCM)

D.

Software NGFW credits and Panorama

Question 12

Which two deployment models are supported by Cloud NGFW for AWS? (Choose two.)

Options:

A.

Hierarchical

B.

Distributed

C.

Linear

D.

Centralized

Question 13

Which three statements describe functionality of NGFW inline placement for Layer 2/3 implementation? (Choose three.)

Options:

A.

VMs on VMware ESXi hypervisors can be segregated from one another on the network by the VM-Series NGFW by IP addressing and Layer 3 gateways.

B.

VMs on VMware ESXi hypervisors can be segregated from each other by the VM-Series NGFW using VLAN tags while preserving existing Layer 3 gateways.

C.

VM-Series next-generation firewalls cannot be positioned between the physical datacenter network and guest VM workloads.

D.

VM-Series next-generation firewalls do not support VMware vMotion or guest VM workloads.

E.

A next-generation firewall VLAN interface can function as a Layer 3 interface.

Question 14

A Cloud NGFW for Azure can be deployed to which two environments? (Choose two.)

Options:

A.

Azure Kubernetes Service (AKS)

B.

Azure Virtual WAN

C.

Azure DevOps

D.

Azure VNET

Question 15

A systems engineer (SE) is informed by the primary contact at a bank of an unused balance of 15,000 software NGFW flexible credits the bank does not want to lose when they expire in 1.5 years. The SE is told that the bank's new risk and compliance officer is concerned that its operation is too permissive when allowing its servers to send traffic to SaaS vendors. Currently, its AWS and Azure VM-Series firewalls only use Advanced Threat Prevention.

What should the SE recommend to address the customer's concerns?

Options:

A.

Activate Advanced WildFire within the software NGFW deployment profiles, starting with the largest vCPU models and working down to the smallest to protect their biggest workloads.

B.

Subscribe to DNS Security, Advanced URL Filtering, and Advanced WildFire across all software NGFW deployment profiles until all the credits are used.

C.

Verify conformance to standards and regulations, the risk of failure, and the criticality of each workload to be protected, then determine which deployment profile subscriptions address the needs.

D.

Activate Advanced WildFire within the software NGFW deployment profiles, starting with the smallest vCPU models and working up to the largest to provide coverage for more VPCs and VNets with their current credit balance.

Question 16

Which two capabilities are shared by the deployments of Cloud NGFW for Azure and VM-Series firewalls? (Choose two.)

Options:

A.

Using NGFW credits to deploy the firewall

B.

Securing public and private datacenter traffic

C.

Performing firewall administration using Azure Firewall Manager

D.

Securing inbound, outbound, and lateral traffic

Question 17

Which two products are deployed with Terraform for high levels of automation and integration? (Choose two.)

Options:

A.

Cloud NGFW

B.

VM-Series firewall

C.

Cortex XSOAR

D.

Prisma Access

Question 18

Which three statements describe restrictions or characteristics of Firewall flex credit profiles of a credit pool in the Palo Alto Networks customer support portal? (Choose three.)

Options:

A.

The number of licensed cores must match the number of provisioned CPU cores per instance.

B.

Allocate credits for use with Cloud NGFW for AWS and Azure.

C.

Each VM-Series firewall deployment profile is either fixed or flexible.

D.

All firewalls activated to a deployment profile will have the same Cloud-Delivered Security Services (CDSS).

E.

Each deployment profile is either CN-Series firewall or VM-Series firewall.

Question 19

What is an advantage of using advanced versions of Cloud-Delivered Security Services (CDSS) subscriptions compared to legacy versions of CDSS?

Options:

A.

Threats are detected with inline cloud-scale machine learning (ML).

B.

New threat-related signature databases can be downloaded and installed in real time.

C.

External dynamic lists block known malicious threat sources and destinations.

D.

Firewall throughput is improved by inspecting hashes of advanced packet headers.

Question 20

Which two features offer the ability to manage Cloud NGFW in Azure or AWS? (Choose two.)

Options:

A.

Azure Firewall Portal

B.

Palo Alto Networks Ansible playbooks

C.

Panorama

D.

AWS Firewall Manager

Question 21

Why are VM-Series firewalls now grouped by four tiers?

Options:

A.

To obscure the supported hypervisor manufacturer into generic terms

B.

To simplify the portfolio and reduce the number of VM-Series models customers must choose from

C.

To define the maximum limits for key criteria based on allocated memory

D.

To define the priority level of support customers expect when opening a TAC case, from lowest tier 1 to highest tier 4

Question 22

A customer is concerned about the administrative effort required to deploy over 200 VM- and CN-Series firewalls across multiple public and private clouds. The customer wants to integrate the deployment of these firewalls into the application-development process to ensure security at the speed of DevOps.

Which deployment option meets the requirements?

Options:

A.

Push configurations to all firewalls by using Panorama

B.

Integration with automation and orchestration platforms

C.

Preconfigured Software Firewall Deployment Profiles

D.

Execution of Cloud NGFW bootstrapping

Question 23

Which two deployment models does Cloud NGFW for AWS support? (Choose two.)

Options:

A.

Hierarchical

B.

Centralized

C.

Distributed

D.

Linear

Question 24

Which statement applies when identifying the appropriate Palo Alto Networks firewall platform for virtualized as well as cloud environments?

Options:

A.

VM-Series firewalls cannot be used to protect container environments.

B.

All NGFW platforms support API integration.

C.

Panorama is the only unified management console for all NGFWs.

D.

CN-Series firewalls are used to protect virtualized environments.

Question 25

What are two benefits of credit-based flexible licensing for software firewalls? (Choose two.)

Options:

A.

Create virtual Panoramas.

B.

Add Cloud-Delivered Security Services (CDSS) subscriptions to CN-Series firewalls.

C.

Create Cloud NGFWs.

D.

Add Cloud-Delivered Security Services (CDSS) subscriptions to PA-Series firewalls.

Demo: 25 questions
Total 85 questions