Palo Alto Networks PSE-StrataDC Exam Questions Instant Access

Question 1

In which two ways can micro-segmentation save money for the enterprise? (Choose two.)

Afewer capital expenses because fewer physical servers need to be bought

Bfewer operating expenses because a smaller data center is operated

Cfewer operating expenses because less public cloud capacity needs to be rented

Dfewer capital expenses because the same number of physical servers can be kept in a smaller space

Answer : A, C

Question 2

How do Palo Alto Networks NGFWs integrate with an ACI architecture?

ASDN code hooks can help to detonate malicious file samples designed to detect virtual environments

BTraffic can be automatically redirected using static Address objects.

CVXLAN or NVGRE traffic is terminated and inspected for translation to VLANs.

DControllers can program firewalls using a REST-based API.

Answer : B

Question 3

What are the benefits of NSX-V?

Asupports the Data Plane Development Kit (DPDK) libraries; enables Stackdnver Monitoring on the VMware Series Firewall; works with Cloud Launcher

Bvirt-manager wizard to help with the installation process; virsh command to deploy the VM-Series; virt-install command to install

Csturdier centralized management; automated deployment ease in administering tenants and dedicated compute infrastructure; tighter integration between virtual environment and security enforcement of dynamic security

Dleverages Prism Central

Answer : A

Question 4

When deploying VM series on Openstack platform, which statement is correct?

AAllow configuration of at least one interface

BOpenStack compute node could be installed on a hypervisor platform

CAccept the VM-Series OVA image

DSet Instance type OS::Nova Server

Answer : B

Question 5

A network administrator is working on a VMware NSX installation with VM-1000-HV firewalls The administrator has created a security group that is populated with VMs The administrator is trying to create a Dynamic Address Group in Panorama, but the security group is not showing.

Which task should the administrator perform first?

AGo into vCenter/NSX and push the objects to Panorama

BDelete and re-add the security group.

CGo into Panorama and synchronize the Address objects with NSX

DCheck the NSX Security policy to ensure the security group has been used in a policy.

Answer : D

Question 6

Which VM series model is NOT supported on VMware NSX platform?

AVM-500

BVM-1000-HV

CVM-700

DVM-300

Answer : C

on VMware NSX, only the VM-100, VM-200, VM-300, VM-500, and VM-1000-HV firewalls are supported.

https://docs.paloaltonetworks.com/vm-series/9-0/vm-series-deployment/about-the-vm-series-firewall/vm-series-models.html

Question 7

Which three deployment modes of VM-Series firewalls are supported across NSX-T? (Choose three )

APartner Service

BBoot Strap

CPrism Central

DTier-1 insertion

ETier-0 insertion

Answer : A, D, E

https://docs.paloaltonetworks.com/vm-series/9-0/vm-series-deployment/set-up-the-vm-series-firewall-on-nsx/set-up-the-vm-series-firewall-on-nsx-t/supported-deployments-of-the-vm-series-firewall-on-vmware-nsx-t.html

You can deploy one or more instances of the VM-Series firewall as a partner service in your VMware NSX-T Data Center. Attach a VM-Series firewall to any tier-0 or tier-1 logical router to protect north-south traffic. You can deploy the VM-Series firewall as standalone service instance or two firewalls in a high-availability (HA) pair. Panorama manages the connection with NSX-T Manager and the VM-Series firewalls deployed in your NSX-T software-defined datacenter.

Tier-0 Insertion---Tier-0 insertion deploys a VM-Series firewall to a tier-0 logical router, which processes traffic between logical and physical networks. When you deploy the VM-Series firewall with tier-0 insertion, NSX-T Manager uses the deployment information you configured on Panorama to attach a firewall to a tier-0 logical router in virtual wire mode.

Tier-1 Insertion---Tier-1 insertion deploys a VM-Series firewall to a tier-1 logical router, which provides downlink connections to segments and uplink connection to tier-0 logical routers. NSX-T Manager attaches VM-Series firewalls deployed with tier-1 insertions to a tier-1 logical router in virtual wire mode.

After deploying the firewall, you configure traffic redirection rules that send traffic to the VM-Series firewall when crossing a tier-0 or tier-1 router. Security policy rules that you configure on Panorama are pushed to managed VM-Series firewalls and then applied to traffic passing through the firewall.

Palo Alto Networks System Engineer - Strata Data Center PSE-StrataDC Exam Questions