New Year Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

PCSFE Palo Alto Networks Certified Software Firewall Engineer (PCSFE) Questions and Answers

Questions 4

What helps avoid split brain in active-passive high availability (HA) pair deployment?

Options:

A.

Using a standard traffic interface as the HA2 backup

B.

Enabling preemption on both firewalls in the HA pair

C.

Using the management interface as the HA1 backup link

D.

Using a standard traffic interface as the HA3 link

Buy Now
Questions 5

Which offering inspects encrypted outbound traffic?

Options:

A.

WildFire

B.

TLS decryption

C.

Content-ID

D.

Advanced URL Filtering (AURLF)

Buy Now
Questions 6

What is the appropriate file format for Kubernetes applications?

Options:

A.

.yaml

B.

.exe

C.

.json

D.

.xml

Buy Now
Questions 7

What is a design consideration for a prospect who wants to deploy VM-Series firewalls in an Amazon Web Services (AWS) environment?

Options:

A.

Special AWS plugins are needed for load balancing.

B.

Resources are shared within the cluster.

C.

Only active-passive high availability (HA) is supported.

D.

High availability (HA) clusters are limited to fewer than 8 virtual appliances.

Buy Now
Questions 8

Which component can provide application-based segmentation and prevent lateral threat movement?

Options:

A.

DNS Security

B.

NAT

C.

URL Filtering

D.

App-ID

Buy Now
Questions 9

What can software next-generation firewall (NGFW) credits be used to provision?

Options:

A.

Remote browser isolation

B.

Virtual Panorama appliances

C.

Migrating NGFWs from hardware to VMs

D.

Enablement of DNS security

Buy Now
Questions 10

Auto scaling templates for which type of firewall enable deployment of a single auto scaling group (ASG) of VM-Series firewalls to secure inbound traffic from the internet to Amazon Web Services (AWS) application workloads?

Options:

A.

HA-Series

B.

CN-Series

C.

IPA-Series

D.

VM-Series

Buy Now
Questions 11

Which three NSX features can be pushed from Panorama in PAN-OS? (Choose three.)

Options:

A.

Security group assignment of virtual machines (VMs)

B.

Security groups

C.

Steering rules

D.

User IP mappings

E.

Multiple authorization codes

Buy Now
Questions 12

How is traffic directed to a Palo Alto Networks firewall integrated with Cisco ACI?

Options:

A.

By using contracts between endpoint groups that send traffic to the firewall using a shared policy

B.

Through a virtual machine (VM) monitor domain

C.

Through a policy-based redirect

D.

By creating an access policy

Buy Now
Questions 13

Why are VM-Series firewalls and hardware firewalls that are external to the Kubernetes cluster problematic for protecting containerized workloads?

Options:

A.

They are located outside the cluster and have no visibility into application-level cluster traffic.

B.

They do not scale independently of the Kubernetes cluster.

C.

They are managed by another entity when located inside the cluster.

D.

They function differently based on whether they are located inside or outside of the cluster.

Buy Now
Questions 14

Which two methods of Zero Trust implementation can benefit an organization? (Choose two.)

Options:

A.

Compliance is validated.

B.

Boundaries are established.

C.

Security automation is seamlessly integrated.

D.

Access controls are enforced.

Buy Now
Questions 15

A customer in a VMware ESXi environment wants to add a VM-Series firewall and partition an existing group of virtual machines (VMs) in the same subnet into two groups. One group requires no additional security, but the second group requires substantially more security.

How can this partition be accomplished without editing the IP addresses or the default gateways of any of the guest VMs?

Options:

A.

Edit the IP address of all of the affected VMs. www*

B.

Create a new virtual switch and use the VM-Series firewall to separate virtual switches using virtual wire mode. Then move the guests that require more security into the new virtual switch.

C.

Create a Layer 3 interface in the same subnet as the VMs and then configure proxy Address Resolution Protocol (ARP).

D.

Send the VLAN out of the virtual environment into a hardware Palo Alto Networks firewall in Layer 3 mode. Use the same IP address as the old default gateway, then delete it.

Buy Now
Questions 16

Which two steps are involved in deployment of a VM-Series firewall on NSX? (Choose two.)

Options:

A.

Create a virtual data center (vDC) and a vApp that includes the VM-Series firewall.

B.

Obtain the Amazon Machine Images (AMIs) from marketplace.

C.

Enable communication between Panorama and the NSX Manager.

D.

Register the VM-Series firewall as a service.

Buy Now
Questions 17

Which protocol is used for communicating between VM-Series firewalls and a gateway load balancer in Amazon Web Services (AWS)?

Options:

A.

VRLAN

B.

Geneve

C.

GRE

D.

VMLAN

Buy Now
Questions 18

Which service, when enabled, provides inbound traffic protection?

Options:

A.

Advanced URL Filtering (AURLF)

B.

Threat Prevention

C.

Data loss prevention (DLP)

D.

DNS Security

Buy Now
Questions 19

Which technology allows for granular control of east-west traffic in a software-defined network?

Options:

A.

Routing

B.

Microseqmentation

C.

MAC Access Control List

D.

Virtualization

Buy Now
Exam Code: PCSFE
Exam Name: Palo Alto Networks Certified Software Firewall Engineer (PCSFE)
Last Update: Dec 21, 2024
Questions: 65

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now PCSFE testing engine

PDF (Q&A)

$36.75  $104.99
buy now PCSFE pdf