PCSFE-Topic-1
Question #: 11
Topic #: 1
Which protocol is used for communicating between VM-Series firewalls and a gateway load balancer in Amazon Web Services (AWS)?
A. VRLAN
B. Geneve
C. GRE
D. VMLAN
Selected Answer: B
Question #: 106
Topic #: 1
A system engineer is working on the Proof of Concept (POC) for Cloud Next-Generation Firewall (NGFW) for Azure using an existing Panorama setup. However, connection with the Cloud NGFW instance. What could be the cause of this issue?
A. There has not been an upgrade to the PAN-OS 10.2.
B. Cloud NGFW plugin has not been installed.
C. Valid device certificate is missing.
D. Necessary ports 8443 and 443 for communication between Cloud NGFW and Panorama are blocked.
Selected Answer: C
Question #: 89
Topic #: 1
Which Cloud NGFW for AWS deployment method requires traffic to pass through an AWS Transit Gateway?
A. East-west
B. Centralized
C. Inter VPC
D. Distributed
Selected Answer: B
Question #: 64
Topic #: 1
What is a benefit of CN-Series firewalls securing traffic between pods and other workload types?
A. It protects data center and internet gateway deployments.
B. It allows for automatic deployment, provisioning, and immediate policy enforcement without any manual intervention.
C. It ensures consistent security across the entire environment.
D. It allows extension of Zero Trust Network Security to the most remote locations and smallest branches.
Selected Answer: B
Question #: 119
Topic #: 1
Intelligent Traffic Offload (ITO) requires a firewall be deployed in which mode?
A. Layer 2
B. Layer 3
C. Tap
D. Vwire
Selected Answer: D
Question #: 125
Topic #: 1
Which three traffic flows can protect against zero-day attacks? (Choose three.)
A. Outbound
B. North-south
C. Inbound
D. Internal
E. East-west
Selected Answer: ACD
Question #: 56
Topic #: 1
Regarding network segmentation, which two steps are involved in the configuration of a default route to an internet router? (Choose two.)
A. Select the Static Routes tab, then click Add.
B. Select Network > Interfaces.
C. Select the Config tab, then select New Route from the Security Zone Route drop-down menu.
D. Select Network > Virtual Router, then select the default link to open the Virtual Router dialog.
Selected Answer: AD
Question #: 43
Topic #: 1
Which software firewall would assist a prospect who is interested in securing extensive DevOps deployments?
A. CN-Series
B. Ion-Series
C. Cloud next-generation firewall (NGFW)
D. VM-Series
Selected Answer: A
Question #: 109
Topic #: 1
Which two statements apply to the management Cloud NGFW by AWS firewall manager? (Choose two.)
A. Availability Zone can be created.
B. Firewall policy can be included only with specified accounts and OUs.
C. Firewall policy must be applied to all accounts under the Amazon Web Services (AWS) organization.
D. Endpoints will be created via the firewall manager.
Selected Answer: AD
Question #: 32
Topic #: 1
Where do CN-Series devices obtain a VM-Series authorization key?
A. Panorama
B. Local installation
C. GitHub
D. Customer Support Portal
Selected Answer: C
Question #: 88
Topic #: 1
In the Cloud NGFW for Amazon Web Services (AWS) centralized inbound deployment architecture, what is the next hop for the traffic after it passes through the application load balancer (ALB)?
A. Ingress VPC TGW ENI
B. Internet gateway
C. Egress VPC TGW ENI
D. AWS Transit Gateway •
Selected Answer: A
Question #: 75
Topic #: 1
What is the valid command to setup the cluster for CN-series firewall HSF Deployment and to prepare the extend permissions for service account?
A. kubectl -n kube-system get secrets
kubectl -n kube-system get secrets (secrets-from-above-command) -o json >> cred.json kubectl apply -f plugin-deploy-serviceaccount.yaml kubectl apply -f pan-mgmt-serviceaccount.yaml
B. kubectl apply -f plugin-deploy-serviceaccount.yaml
kubectl apply -f pan-mgmt-serviceaccount.yaml
kubectl -n kube-system get secrets
kubectl -n kube-system get secrets (secrets-from-above-command) -o json >> cred.json
C. kubectl apply -f plugin-deploy-serviceaccount.yaml
kubectl -n kube-system get secrets
kubectl apply -f pan-mgmt-serviceaccount.yaml
kubectl -n kube-system get secrets (secrets-from-above-command) -o json >> cred.json
D. kubectl -n kube-system get secrets
kubectl -n kube-system get secrets (secrets-from-above-command) -o json >> cred.json kubectl apply -f pan-mgmt-serviceaccount.yaml kubectl apply -f plugin-deploy-serviceaccount.yaml
Selected Answer: B
Question #: 114
Topic #: 1
When using Ansible with PAN-OS, which type of connection method should be used?
A. OpenSSH
B. Local
C. Paramiko
D. Smart
Selected Answer: B
Question #: 85
Topic #: 1
After configuring a new software VM-Series firewall, the network team cannot detect any traffic being transmitted or received on the correct VLAN of the network switch. However, they are able to ping the management IP. Which two actions should be taken to troubleshoot this issue? (Choose two.)
A. Use tcpdump.
B. Debug flow create.
C. Check the port groups and port mapping on the hypervisor.
D. Show counter global filter.
Selected Answer: A
Question #: 50
Topic #: 1
With which two private cloud environments does Palo Alto Networks have deep integrations? (Choose two.)
A. VMware NSX-T
B. Cisco ACI
C. Dell APEX
D. Nutanix
Selected Answer: AB
Question #: 12
Topic #: 1
Which two elements of the Palo Alto Networks platform architecture enable security orchestration in a software-defined network (SDN)? (Choose two.)
A. Full set of APIs enabling programmatic control of policy and configuration
B. VXLAN support for network-layer abstraction
C. Dynamic Address Groups to adapt Security policies dynamically
D. NVGRE support for advanced VLAN integration
Selected Answer: D
Question #: 9
Topic #: 1
What can software next-generation firewall (NGFW) credits be used to provision?
A. Remote browser isolation
B. Virtual Panorama appliances
C. Migrating NGFWs from hardware to VMs
D. Enablement of DNS security
Selected Answer: B
Question #: 73
Topic #: 1
A manager wants to enhance the performance of a Palo Alto Networks VM-Series firewall. How can the use of CLI increase the number of cores in the dataplane?
A. Use init-cfg.txt with parameter “plugin-op-commands=dp-cores:<#-cores>.
B. Use cfg.txt with parameter “plugin-op-commands=dp-cores:<#-cores>.
C. Request vm_series dp-cores <#-cores>.
D. Request plugins vm_series dp-cores <#-cores>.
Selected Answer: D
Question #: 27
Topic #: 1
What is a benefit of network runtime security?
A. It more narrowly focuses on one security area and requires careful customization, integration, and maintenance.
B. It removes vulnerabilities that have been baked into containers.
C. It is siloed to enhance workload security.
D. It identifies unknown vulnerabilities that cannot be identified by known Common Vulnerability and Exposure (CVE) lists.
Selected Answer: D
Question #: 51
Topic #: 1
What is the structure of the YAML Ain’t Markup Language (YAML) file repository?
A. Deployment_Type/Kubernetes/Environment
B. Kubernetes/Deployment_Type/Environment
C. Kubernetes/Environment/Deployment_Type
D. Environment/Kubernetes/Deployment_Type
Selected Answer: B
