Palo Alto Networks PSE-StrataDC Exam Questions Instant Access

Question 1

Which are two use cases for HSCI ports on the SMC module on PA-7000 Series? (Choose two )

AHA1 backup link in active/active HA

BHA1 link in active/passive HA

CHA3 link in active/active HA

DHA2 link in active/passive HA

Answer : C, D

https://docs.paloaltonetworks.com/hardware/pa-7000-hardware-reference/pa-7000-series-module-and-interface-card-information/pa-7000-series-switch-management-card-smc/pa-7000-series-smc-component-descriptions

Question 2

For which two reasons would an administrator have to install NGFW automatically in a cloud environment? {Choose two )

Areduce capital expenses

Bperformance, to be able to install a new firewall when the demand exceeds the ability of the existing environments to service

Cintegrity, to ensure that data is not changed illicitly

Dresiliency and availability, to be able to install a new firewall as part of a new environment if an existing environment fails

Esecurity, to automatically install a firewall when a security threat is detected

Answer : B, E

Question 3

What is the default session distribution policy in the PA-7000 Series?

AHash

BEgress-Slot

CRound Robin

DIngress-Slot

Answer : D

(

PA-7000 Series firewalls only

) New sessions are assigned to a DP on the same NPC on which the first packet of the session arrived. The selection of the DP is based on the session-load algorithm but, in this case, sessions are limited to the DPs on the ingress NPC.

Depending on the traffic and network topology, this policy generally decreases the odds that traffic will need to traverse the switch fabric.

Use this policy to reduce latency if both ingress and egress are on the same NPC. If the firewall has a mix of NPCs (PA-7000 20G and PA-7000 20GXM for example), this policy can isolate the increased capacity to the corresponding NPCs and help to isolate the impact of NPC failures.

Question 4

In PAN-OS, which three NSX features can be pushed from Panorama? (Choose three )

Auser IP mappings

Bsteering rules

Cmultiple authorization codes

Dsecurity group assignments of VMs

Esecurity groups

Answer : A, C, E

Question 5

Which type of cloud service can be protected by an inline firewall controlled by the organization rather than by the cloud provider?

ASaaS

BlaaS

CPaaS

DFaaS

Answer : B

Question 6

Which environment is least likely to be placed on a public cloud by a hospital that has a large health information management application?

Aproduction

Bdevelopment

Ctesting

DQA

Answer : B

Question 7

Is vulnerability analysis against images in the registry sufficient for security?

AYes, containers do not have unique vulnerabilities.

BNo, you should do vulnerability analysis only against the running containers, which are vulnerable.

CYes, you are ensuring that the images the containers are based on are secure.

DNo, you need to do analysis in the CI system, in the registry, and against instantiated containers

Answer : C

Palo Alto Networks System Engineer - Strata Data Center PSE-StrataDC Exam Questions