Palo Alto Networks System Engineer - Strata Data Center PSE-StrataDC Exam Practice Test

Page: 1 / 14
Total 60 questions
Question 1

Which VM series model is NOT supported on VMware NSX platform?



Answer : C

on VMware NSX, only the VM-100, VM-200, VM-300, VM-500, and VM-1000-HV firewalls are supported.

https://docs.paloaltonetworks.com/vm-series/9-0/vm-series-deployment/about-the-vm-series-firewall/vm-series-models.html


Question 2

A company allows employees some personal use of the internet during work time However the CEO is concerned that employees are using too much of the bandwidth for YouTube. thus causing a performance problem. Which section of the SLR could confirm or allay this concern?



Answer : B


Question 3

Which interface mode do you use to generate the statdump file that can be converted into an SLR? Assume that the SE wants to make the evaluation as unintrusive as possible.



Answer : C


Question 4

Which three deployment modes of VM-Series firewalls are supported across NSX-T? (Choose three )



Answer : A, D, E

https://docs.paloaltonetworks.com/vm-series/9-0/vm-series-deployment/set-up-the-vm-series-firewall-on-nsx/set-up-the-vm-series-firewall-on-nsx-t/supported-deployments-of-the-vm-series-firewall-on-vmware-nsx-t.html

You can deploy one or more instances of the VM-Series firewall as a partner service in your VMware NSX-T Data Center. Attach a VM-Series firewall to any tier-0 or tier-1 logical router to protect north-south traffic. You can deploy the VM-Series firewall as standalone service instance or two firewalls in a high-availability (HA) pair. Panorama manages the connection with NSX-T Manager and the VM-Series firewalls deployed in your NSX-T software-defined datacenter.

Tier-0 Insertion---Tier-0 insertion deploys a VM-Series firewall to a tier-0 logical router, which processes traffic between logical and physical networks. When you deploy the VM-Series firewall with tier-0 insertion, NSX-T Manager uses the deployment information you configured on Panorama to attach a firewall to a tier-0 logical router in virtual wire mode.

Tier-1 Insertion---Tier-1 insertion deploys a VM-Series firewall to a tier-1 logical router, which provides downlink connections to segments and uplink connection to tier-0 logical routers. NSX-T Manager attaches VM-Series firewalls deployed with tier-1 insertions to a tier-1 logical router in virtual wire mode.

After deploying the firewall, you configure traffic redirection rules that send traffic to the VM-Series firewall when crossing a tier-0 or tier-1 router. Security policy rules that you configure on Panorama are pushed to managed VM-Series firewalls and then applied to traffic passing through the firewall.


Question 5

Which VM-Series can be deployed on Amazon Web Services (AWS)?



Answer : C


Question 6

What is the default session distribution policy in the PA-7000 Series?



Answer : D

(

PA-7000 Series firewalls only

) New sessions are assigned to a DP on the same NPC on which the first packet of the session arrived. The selection of the DP is based on the session-load algorithm but, in this case, sessions are limited to the DPs on the ingress NPC.

Depending on the traffic and network topology, this policy generally decreases the odds that traffic will need to traverse the switch fabric.

Use this policy to reduce latency if both ingress and egress are on the same NPC. If the firewall has a mix of NPCs (PA-7000 20G and PA-7000 20GXM for example), this policy can isolate the increased capacity to the corresponding NPCs and help to isolate the impact of NPC failures.


Question 7

Which configuration is required to share NSX security groups as tags to be used by Dynamic Address Groups in a non-NSX firewall?



Answer : B


Page:    1 / 14   
Total 60 questions