Palo Alto Networks Systems Engineer (PSE): Software Firewall Professional PSE-SoftwareFirewall Exam Questions
Page: 1 / 14 Total 65 questions
Want more questions? Get Premium Access. ()
Question 1
Which protocol is used for communicating between VM-Series firewalls and a gateway load balancer in Amazon Web Services (AWS)?
Answer : A
Geneve (Generic Network Virtualization Encapsulation) is the protocol used for communication between VM-Series firewalls and a Gateway Load Balancer (GWLB) in AWS. Geneve provides a flexible encapsulation method and is specifically supported for integrating with AWS GWLB to ensure seamless traffic flow and security inspection.
Palo Alto Networks Integration Guide: Integrating VM-Series with AWS GWLB
Question 2
Which solution is best for securing an EKS environment?
Answer : B
CN-Series for EKS Security:
The CN-Series firewalls are specifically designed to secure Kubernetes environments, such as Amazon EKS. Deploying them in a high availability (HA) pair ensures robust, fault-tolerant security for containerized workloads, providing continuous protection and high availability.
Palo Alto Networks CN-Series Deployment Guide
Question 3
A CN-Series firewall can secure traffic between which elements?
Answer : C
The CN-Series firewalls are specifically designed to secure containerized environments. They can secure traffic between Kubernetes pods, which are the smallest deployable units in a Kubernetes cluster, and are often composed of one or more containers. The primary focus of CN-Series firewalls is to ensure security within Kubernetes environments by managing traffic and enforcing security policies at the pod level.
What can software next-generation firewall (NGFW) credits be used to provision?
Answer : A
Software next-generation firewall (NGFW) credits can be used to enable DNS security on Palo Alto Networks firewalls. These credits allow customers to activate DNS Security service, which provides real-time protection against DNS-based threats by leveraging machine learning and continuous analysis.
What is required to integrate a Palo Alto Networks VM-Series firewall with Azure Orchestration?
Answer : B
To integrate a Palo Alto Networks VM-Series firewall with Azure Orchestration, an API Key is required. The API Key is used to authenticate and authorize the firewall to interact with Azure services, enabling automated management and orchestration of security policies and configurations.
Palo Alto Networks Integration with Azure: Azure Integration
Which two criteria are required to deploy VM-Series firewalls in high availability (HA)? (Choose two.)
Answer : B, D
For deploying VM-Series firewalls in high availability (HA), it is crucial to ensure that both firewalls in the HA pair have identical licenses and subscriptions to ensure feature parity and uninterrupted service during failover. Additionally, both firewalls must be deployed on the same type of hypervisor to ensure compatibility and proper synchronization of state and configurations between the active and passive units.
Palo Alto Networks High Availability Guide: HA Requirements
Palo Alto Networks VM-Series Deployment Guide: High Availability
Question 7
Which two mechanisms could trigger a high availability (HA) failover event? (Choose two.)
Answer : A, B
Ping monitoring:
This mechanism involves monitoring the reachability of a specified IP address. If the firewall cannot ping the address, it may trigger a failover.
PAN-OS Administrator's Guide - HA
Link monitoring:
Link monitoring checks the status of network links. If a monitored link fails, an HA failover can be triggered.
All Official Question Types