Palo Alto Networks PSE-SoftwareFirewall Exam Practice Test Instant Access

Question 1

How are CN-Series firewalls licensed?

AManagement-plane vCPU

BData-plane vCPU

CControl-plane vCPU

DService-plane vCPU

Answer : B

Data-plane vCPU Licensing:

The CN-Series firewalls are licensed based on the number of data-plane vCPUs. This licensing model reflects the processing power dedicated to handling traffic and security enforcement within the containerized environment.

Palo Alto Networks CN-Series Licensing Guide

Question 2

Which protocol is used for communicating between VM-Series firewalls and a gateway load balancer in Amazon Web Services (AWS)?

AGeneve

BVRLAN

CVMLAN

DGRE

Answer : A

Geneve (Generic Network Virtualization Encapsulation) is the protocol used for communication between VM-Series firewalls and a Gateway Load Balancer (GWLB) in AWS. Geneve provides a flexible encapsulation method and is specifically supported for integrating with AWS GWLB to ensure seamless traffic flow and security inspection.

AWS Gateway Load Balancer Documentation: AWS GWLB

Palo Alto Networks Integration Guide: Integrating VM-Series with AWS GWLB

Question 3

Which technology allows for granular control of east-west traffic in a software-defined network?

AMicrosegmentation

BMAC Access Control List

CRouting

DVirtualization

Answer : A

Microsegmentation is a security technique that enables granular control of east-west traffic within a software-defined network. By dividing the network into smaller segments, each with its own security policies, microsegmentation allows for detailed control over communication between workloads, thereby reducing the attack surface and preventing lateral movement of threats within the network.

Palo Alto Networks Microsegmentation Guide: Microsegmentation Guide

VMware NSX Microsegmentation: NSX Microsegmentation

Question 4

Which two routing options are supported by VM-Series? (Choose two.)

ARIP

BOSPF

CIGRP

DBGP

Answer : B, D

The VM-Series firewalls support various dynamic routing protocols to ensure efficient and resilient network traffic management. Among these, OSPF (Open Shortest Path First) and BGP (Border Gateway Protocol) are supported. OSPF is used for intra-domain routing, while BGP is essential for inter-domain routing, allowing VM-Series to participate in complex and scalable network topologies.

Palo Alto Networks VM-Series Deployment Guide: VM-Series Deployment Guide

Palo Alto Networks Administrator's Guide: Routing Protocols

Question 5

A customer in a VMware ESXi environment wants to add a VM-Series firewall and partition an existing group of virtual machines (VMs) in the same subnet into two groups. One group requires no additional security, but the second group requires substantially more security.

How can this partition be accomplished without editing the IP addresses or the default gateways of any of the guest VMs?

AEdit the IP address of all of the affected VMs.

BCreate a new virtual switch and use the VM-Series firewall to separate virtual switches using virtual wire mode. Then move the guests that require more security into the new virtual switch.

CSend the VLAN out of the virtual environment into a hardware Palo Alto Networks firewall in Layer 3 mode. Use the same IP address as the old default gateway, then delete it.

DCreate a Layer 3 interface in the same subnet as the VMs and then configure proxy Address Resolution Protocol (ARP).

Answer : B

Creating a New Virtual Switch:

By creating a new virtual switch, you can segment the network within the ESXi environment. The VM-Series firewall can then be used to provide security controls between these virtual switches using virtual wire mode.

Palo Alto Networks VM-Series Deployment Guide

Moving Guests to New Virtual Switch:

Guests requiring additional security are moved to the new virtual switch, allowing the VM-Series firewall to inspect and control traffic between the switches. This setup does not necessitate changes to the existing IP addresses or default gateways of the VMs.

Palo Alto Networks VM-Series Virtual Wire Mode

Question 6

What can software next-generation firewall (NGFW) credits be used to provision?

AEnablement of DNS security

BVirtual Panorama appliances

CRemote browser isolation

DMigrating NGFWs from hardware to VMs

Answer : A

Software next-generation firewall (NGFW) credits can be used to enable DNS security on Palo Alto Networks firewalls. These credits allow customers to activate DNS Security service, which provides real-time protection against DNS-based threats by leveraging machine learning and continuous analysis.

Palo Alto Networks DNS Security: DNS Security

Palo Alto Networks Licensing Guide: Software NGFW Credits

Question 7

What is the structure of the YAML Ain't Markup Language (YAML) file repository?

AEnvironment/Kubernetes/Deployment_Type

BKubernetes/Environment/Deployment_Type

CDeployment_Type/Kubernetes/Environment

DKubernetes/Deployment_Type/Environment

Answer : D

YAML File Structure:

The structure of a YAML file repository for managing configurations typically follows the order of Kubernetes/Deployment_Type/Environment. This hierarchy ensures that the configurations are organized logically, with Kubernetes-specific settings at the top level, followed by the type of deployment, and then the specific environment.

Kubernetes YAML Best Practices

Palo Alto Networks Systems Engineer (PSE): Software Firewall Professional PSE-SoftwareFirewall Exam Practice Test