PCSFE-Topic-2
Question #: 91
Topic #: 1
The Cloud NGFW for AWS can capture and save which three types of logs? (Choose three.)
A. Threat
B. WildFire submissions
C. Decryption
D. URL Filtering
E. Traffic
Selected Answer: ACE
Question #: 78
Topic #: 1
Using what two commands can an engineer confirm that the installation of the CN-series firewall as a K8S service on the production GKE cluster was successful after it was protected by the cloud workloads on GKE and YAML was downloaded to completed the setup? (Choose two.)
A. kubectl get pods -f app=pan-cn-mgmt -n kube-system
B. kubectl get pods -l app=pan-mgmt -n kube-system
C. kubectl get pods -n kube-system -l app=pan-ngfw -o wide
D. kubectl get pods app=pan-cn-ngfw -o wide
Selected Answer: BC
Question #: 108
Topic #: 1
A system engineer managing a deployment of CN-Series with Panorama (software version 11.0) installs the Kubernetes Plugin. When the installation is complete, templates are present. What are the names of two of these templates and for what are they used? (Choose two.)
A. K8S-Network-Setup used for daemonset
B. K8S-Network-Setup-V2 used for Kubernetes as a service deployment
C. K8S-Network-Setup-V3 used for Kubernetes as a service deployment
D. K8S-Network-Setup-V3 used for CNF daemonset
Selected Answer: AB
Question #: 87
Topic #: 1
What is the maximum number of vCPUs can software NGFW licensing support with NGFW flex licensing?
A. 16
B. 32
C. 64
D. 128
Selected Answer: C
Question #: 86
Topic #: 1
An engineer is setting up tags in Panorama, but it is not working. How can the engineer verify the issue while viewing the Amazon Web Services (AWS) plugin logs from the CLI?
A. less aws-plugin plugin_aws.log
B. tail plugins-log plugin_aws_ret.log
C. less plugins-log
D. tail aws-plugin
Selected Answer: B
Question #: 84
Topic #: 1
What is the default log destination for S3 bucket in the Cloud NGFW CloudFormation template (CFT) that is launched to set up the tenant?
A. Cloud NGFW
B. PaloAltoCloudNGFW
C. PANWCloudNGFW
D. Cortex Data Lake
Selected Answer: B
Question #: 101
Topic #: 1
A user must be assigned one of which two roles in order to create local rulestacks in the Cloud NGFW for AWS tenant? (Choose two.)
A. LocalRuleStackAdmin
B. FirewallRulestackAdmin
C. GlobalRulestackAdmin
D. GlobalFirewallAdmin
Selected Answer: AC
Question #: 79
Topic #: 1
When deploying a firewall in Amazon Web Services (AWS) utilizing the orchestration through Panorama, which plugin is required?
A. vm_series-2.0.1 or later
B. cloud_services-3.2.0 or later
C. aws-3.0.1 or later
D. aws-5.0.1 or later
Selected Answer: C
Question #: 18
Topic #: 1
Which PAN-OS feature allows for automated updates to address objects when VM-Series firewalls are setup as part of an NSX deployment?
A. Boundary automation
B. Hypervisor integration
C. Bootstrapping
D. Dynamic Address Group
Selected Answer: A
Question #: 68
Topic #: 1
A data center experiences a power outage that results in the reboot of all ESXi servers, including the software firewall’s virtual machine (VM). Subsequently, there is a notable decrease in performance. Most end users complain of being unable to access the internet. The system engineer is still able to log in to the firewall management console smoothly.
What is most likely causing this issue?
A. The firewall license has expired.
B. The dataplane disk partitions are unable to mount after the reboot.
C. There is configuration file corruption on ESXi server.
D. The last saved configuration did not save properly in the boot up partition.
Selected Answer: B
Question #: 19
Topic #: 1
Which two factors lead to improved return on investment for prospects interested in Palo Alto Networks virtualized next-generation firewalls (NGFWs)? (Choose two.)
A. Decreased likelihood of data breach
B. Reduced operational expenditures
C. Reduced time to deploy
D. Reduced insurance premiums
Selected Answer: D
Question #: 100
Topic #: 1
What are the two appropriate routing settings required to deploy software firewall integration with Amazon Web Service (AWS) GWLB? (Choose two.)
A. Route table with ALB subnet association – Add route destined to 0.0.0.0/0 with target as NAT Gateway
B. Route table with ALB subnet association – Add route destined to 0.0.0.0/0 with target as IGW
C. Route table with IGW edge association – Add route destined to ALB with target as GWLBE
D. Route table with GWLBE subnet association – Add route destined to 0.0.0.0/0 with target as IGW
Selected Answer: CD
Question #: 76
Topic #: 1
To list NGFW pods connected to a management plane, which Panorama CLI command should be used?
A. requests plugins kubernetes get-node-license-info
B. requests plugins kubernetes get-license-tokens
C. requests plugins vm-series list-dp-pods
D. requests tech-support dump
Selected Answer: C
Question #: 92
Topic #: 1
To troubleshoot a missing or expired license for a CN-Series firewall, which Panorama CLI command should be used?
A. requests tech-support dump
B. requests plugins vm-series list-dp-pods
C. requests plugins kubernetes get-node-license-info
D. requests plugins kubernetes get-license-tokens
Selected Answer: D
Question #: 124
Topic #: 1
After how many days does a daily warning message start appearing within the system before a Palo Alto Networks VM-Series license expires?
A. 7
B. 14
C. 30
D. 60
Selected Answer: C
Question #: 123
Topic #: 1
Considering the following information, what are two paths an engineer can follow to implement route tagging with 32-bit decimal notation on existing software firewalls? (Choose two.)
• A network engineer has already deployed a few instances of it.
• The consultant team has recommended using the advanced routing engine to support this functionality.
A. Select Device > Sessions, click “Advanced Routing” and click “Reboot Device”
B. init-cfg.txt op-command-modes=advance-routing:enable
C. set deviceconfig setting advanced-routing yes
D. Select Device > Setup > Sessions, click “ARE” and click “Reboot Device”
Selected Answer: BC
Question #: 122
Topic #: 1
In order to calculate the total number of Software NGFW Credits for an upcoming virtualization project in ESXi, which two pieces of information are needed? (Choose two.)
A. Number of VM-Series firewalls
B. Memory consumption for each VM-Series firewall
C. Number of interfaces on each VM-Series firewall
D. Number of vCPU on each VM-Series firewall
Selected Answer: AD
Question #: 121
Topic #: 1
What are three valid deployment options for Panorama in Amazon Web Services (AWS)? (Choose three.)
A. Panorama in AWS for management and log collection
B. Panorama in AWS and Panorama on-premises for a high availability (HA) array
C. Panorama in AWS CN-Series form factor for management and log collection
D. Panorama in AWS with Cortex Data Lake
E. On-premises Panorama with log collectors in AWS
Selected Answer: ADE
Question #: 120
Topic #: 1
Which service enables a firewall or Panorama to download App-IDs for unknown SaaS applications from the cloud?
A. App-ID Cloud Engine
B. Application Library
C. Application machine learning (ML) Engine
D. App-ID Database Engine
Selected Answer: A
Question #: 117
Topic #: 1
Which automation tools should be used to create policies for Cloud NGFW for AWS?
A. Ansible, Terraform, and Panorama Console
B. Panorama Console and Panorama API only
C. Terraform, Panorama Console, and Panorama API
D. Panorama API, Ansible, Terraform, and Panorama Console
Selected Answer: D
Question #: 105
Topic #: 1
Which port / interface must be assigned as the HA2 link when deploying VM-Series firewalls in High Availability (HA) on Amazon Web Services (AWS)?
A. HA2
B. MGT port
C. HSCI port
D. Ethernet1/1
Selected Answer: D
Question #: 104
Topic #: 1
In the Cloud NGFW for AWS distributed outbound architecture model, what is the first hop the traffic takes from the source?
A. Internet gateway
B. Cloud NGFW
C. NGFW endpoint
D. NAT gateway
Selected Answer: C
Question #: 103
Topic #: 1
What are three attributes monitored by the Panorama AWS plugin? (Choose three.)
A. Private DNS name
B. Subnet ID
C. IAM instance profile
D. VPC ID
E. Public DNS name
Selected Answer: BCD
Question #: 97
Topic #: 1
What must be obtained to deploy a pay-as-you-go (PAYG) based VM-Series firewall in Amazon Web Services (AWS) through the marketplace?
A. MAC address
B. Amazon Machine Image (AMI)
C. Amazon auth code
D. PAN-OS update
Selected Answer: B
Question #: 96
Topic #: 1
Which path should be followed to set up K8s cluster monitoring?
A. Panorama > Plugins > General > Kubernetes > Setup
B. Panorama > Plugins > Kubernetes > Setup > General
C. Panorama > Plugins > Kubernetes > General > Setup
D. Panorama > Plugins > Setup > Kubernetes > General
Selected Answer: B
