Palo Alto Networks PSE-SoftwareFirewall Exam Practice Test Instant Access

Question 1

What are two environments supported by the CN-Series firewall? (Choose two.)

AOpenShift

BPositive K

CNative K8

DOpenStack

Answer : A, C

OpenShift:

The CN-Series firewall supports deployment in Red Hat OpenShift environments. OpenShift is a Kubernetes-based container platform that provides a comprehensive solution for container orchestration.

Palo Alto Networks CN-Series Deployment Guide

Native K8:

The CN-Series firewall is designed to be deployed in native Kubernetes (K8s) environments, providing security for containerized applications running within the Kubernetes clusters.

Palo Alto Networks CN-Series Deployment Guide

Question 2

Regarding network segmentation, which two steps are involved in the configuration of a default route to an internet router? (Choose two.)

ASelect the Static Routes tab, then click Add.

BSelect the Config tab, then select New Route from the Security Zone Route drop-down menu.

CSelect Network > Interfaces.

DSelect Network > Virtual Router, then select the default link to open the Virtual Router dialog.

Answer : A, D

To configure a default route to an internet router, you need to perform the following steps:

Select Network > Virtual Router, then select the default link to open the Virtual Router dialog.

Select the Static Routes tab, then click Add to create a new static route.

These steps ensure that the default route is correctly added to the virtual router configuration, allowing traffic to be directed to the appropriate internet gateway.

Palo Alto Networks Configuration Guide: Configuring Default Route

Palo Alto Networks Virtual Router Configuration: Virtual Router

Question 3

What Palo Alto Networks software firewall protects Amazon Web Services (AWS) deployments with network security delivered as a managed cloud service?

AIon-Series Ion-Series

BCN-Series

CCloud next-generation firewall (NGFW)

DVM-Series

Answer : C

The Cloud NGFW by Palo Alto Networks is a managed cloud service designed to provide advanced network security capabilities within AWS deployments. This service leverages Palo Alto Networks' technology to deliver scalable and comprehensive security without the need for users to manage the infrastructure themselves. It is ideal for organizations looking to integrate robust security within their cloud environments efficiently.

Palo Alto Networks Cloud NGFW for AWS: Cloud NGFW for AWS

AWS Marketplace: Cloud NGFW for AWS

Question 4

Which two public cloud platforms does the VM-Series plugin support? (Choose two.)

AIBM Cloud

BOCI

CAmazon Web Services (AWS)

DAzure

Answer : C, D

The VM-Series plugin supports integration with multiple public cloud platforms, including:

Amazon Web Services (AWS): The VM-Series firewalls can be deployed in AWS to provide comprehensive security for cloud applications and data, leveraging AWS's native services and integration capabilities.

Azure: The VM-Series firewalls also integrate with Microsoft Azure, offering advanced security features and policies for applications and data hosted in Azure's cloud environment.

Palo Alto Networks VM-Series on AWS: VM-Series on AWS

Palo Alto Networks VM-Series on Azure: VM-Series on Azure

Question 5

Which three NSX features can be pushed from Panorama in PAN-OS? (Choose three.)

AMultiple authorization codes

BUser IP mappings

CSteering rules

DSecurity group assignment of virtual machines (VMs)

DSecurity groups

Answer : B, C, D, D

User IP mappings:

Panorama can push user-to-IP mapping information to the NSX manager, enabling dynamic security policy enforcement based on user identity.

PAN-OS NSX Integration Guide

Steering rules:

Steering rules dictate how traffic is directed through security services. Panorama can push these rules to ensure traffic is properly inspected.

Palo Alto Networks NSX Integration

Security group assignment of virtual machines (VMs):

Panorama can push security group information, ensuring that VMs are dynamically assigned to the appropriate security policies.

Palo Alto Networks NSX Integration Guide

Question 6

Which two mechanisms could trigger a high availability (HA) failover event? (Choose two.)

APing monitoring

BLink monitoring

CSession polling

DHeartbeat polling

Answer : A, B

Ping monitoring:

This mechanism involves monitoring the reachability of a specified IP address. If the firewall cannot ping the address, it may trigger a failover.

PAN-OS Administrator's Guide - HA

Link monitoring:

Link monitoring checks the status of network links. If a monitored link fails, an HA failover can be triggered.

PAN-OS High Availability Link Monitoring

Question 7

Which two features of CN-Series firewalls protect east-west traffic between pods in different trust zones? (Choose two.)

AIntrusion prevention system (IPS)

BCommunication with Panorama

CExternal load balancer (ELB)

DLayer 7 visibility

Answer : A, D

Intrusion Prevention System (IPS): The CN-Series firewalls incorporate an Intrusion Prevention System to detect and prevent exploits and attacks on applications and systems. This feature is essential for securing east-west traffic, as it can identify and block threats within the data center traffic between pods in different trust zones.

Layer 7 Visibility: CN-Series firewalls provide Layer 7 (application layer) visibility, enabling deep inspection of application traffic. This allows the firewall to understand and enforce policies based on the application and its behavior, rather than just ports and protocols, ensuring comprehensive security for east-west traffic within a Kubernetes environment.

Palo Alto Networks CN-Series Datasheet: CN-Series Datasheet

Palo Alto Networks CN-Series Documentation: CN-Series Documentation

Palo Alto Networks Systems Engineer (PSE): Software Firewall Professional PSE-SoftwareFirewall Exam Practice Test