Palo Alto Networks PSE-StrataDC Exam Practice Test Instant Access

Question 1

What is the primary operational benefit of a managed Kubernetes service from a Cloud Service Provider?

Areduced complexity, alleviates the need to run masters

Bless expensive, typically offered at a lower cost than running containers on a VM

Cmore powerful, offers more configuration options than running your own distribution of Kubernetes

Dincreased visibility, provides more insight into application usage than what is natively available

Answer : A

Question 2

What are two types of security that can be implemented across every phase of the Build, Ship, and Run lifecycle of a workload? (Choose two )

ARuntime Security

BFirewalling

CVulnerability Management

DCompliance or Configuration Management

Answer : C, D

Question 3

How does Twistlock offer workload security at runtime?

Aworks with the IDP to identify over-privileged containers and services and restricts network access

Bquarantines containers that demonstrate increased CPU and memory usage

Cautomatically patches vulnerabilities and compliance issues for every container and service

Dbuilds a whitelist security model automatically for every container and service

Answer : A

Question 4

Which two OpenStack components are used in the creation of a VM-Series firewall from a heat template in OpenStack? (Choose two )

ASwift creates the storage resources.

BNova creates the firewall instance.

CHorizon

DNeutron creates the network resources.

Answer : A, C

Question 5

When would a PA-7000 Series NPC GQXM Card be preferable to a PA-7000 Series NPC GQ Card?

AWhen the organization requires a greater number of sessions

BWhen the environment has a need for more SFP+ interfaces

CWhen the organization requires gear with a smaller slot size.

DWhen the environment has a need for more policy rules.

Answer : A

Question 6

A single VM runs a web server and a DNS server A separate VM needs to access the DNS server, but is not allowed to access the web server What network control functionality is necessary to enforce this security posture'?

Acan use a Palo Alto Networks NGFW for this requirement, but not a port filter firewall.

Bcan use either a Palo Alto Networks NGFW or a port filler firewall for this requirement.

Ccan use a port filter firewall for this requirement but not the Palo Alto Networks NGFW.

Dcan use a specialized VM with advanced threat protection for this requirement

Answer : C

Question 7

Which three steps are valid for deploying a VM-Series firewall on NSX? (Choose three )

Acreate steering policies to redirect traffic to the VM-Series firewall

Bcreate a vDC and a vApp that includes the VM-Series firewall

Cregister the VM-Series firewall as a service

Dobtain the AMI from market place

Eenable communication between Panorama and the NSX Manager

Answer : A, B, C

https://docs.paloaltonetworks.com/vm-series/8-1/vm-series-deployment/set-up-the-vm-series-firewall-on-vmware-nsx/vm-series-firewall-for-nsx-deployment-checklist

Palo Alto Networks System Engineer - Strata Data Center Exam Practice Test