Special Summer Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Paloalto Networks PSE-SWFW-Pro-24 Palo Alto Networks Systems Engineer Professional - Software Firewall Exam Practice Test

Page: 1 / 9
Total 85 questions

Palo Alto Networks Systems Engineer Professional - Software Firewall Questions and Answers

Question 1

Which two deployment models are supported by Cloud NGFW for AWS? (Choose two.)

Options:

A.

Hierarchical

B.

Distributed

C.

Linear

D.

Centralized

Question 2

A company is sponsoring a cybersecurity conference for attendees interested in a range of cybersecurity products that include malware protection, SASE, automation products, and firewalls. The company will deliver a single 3–4 hour conference workshop.

Which cybersecurity portfolio tool will give workshop attendees the appropriate exposure to the widest variety of Palo Alto Networks products?

Options:

A.

Capture the Flag

B.

Ultimate Lab Environment

C.

Demo Environment

D.

Ultimate Test Drive

Question 3

Which tool can be used to deploy a CN-Series firewall?

Options:

A.

GCP Automated Deployment Services

B.

Kubernetes

C.

Docker Swarm

D.

Terraform Automated Deployment Services

Question 4

An RFP from a customer who needs multi-cloud Layer 7 network security for both Amazon Web Services (AWS) and Azure environments is being evaluated. The requirements include full management control of the firewall, VPN termination, and BGP routing.

Which firewall solution should be recommended to meet the requirements?

Options:

A.

VM-Series

B.

CN-Series

C.

Cloud NGFW

D.

PA-Series

Question 5

When using VM-Series firewall bootstrapping, which three methods can be used to install licensed content, including antivirus, applications, and threats? (Choose three.)

Options:

A.

Panorama 10.2 or later to use the content auto push feature

B.

Complete bootstrapping and either Azure Blob storage or Amazon S3 bucket

C.

Content-Security-Policy update URL in the init-cfg.txt file

D.

Custom-AMI or Azure VM image, with content preloaded

E.

Panorama software licensing plugin

Question 6

Which method fully automates the initial deployment, configuration, licensing, and threat content download when setting up a new VM-Series firewall?

Options:

A.

Register the VM-Series firewall and launch the Day 1 Configuration Wizard.

B.

Use Panorama to push device groups and template stack configurations to the new VM-Series firewall.

C.

Deploy a complete bootstrap package by using an ISO image, block storage, or a storage bucket.

D.

Connect the VM-Series firewall to Panorama and push the configuration package by using the bootstrap plugin.

Question 7

A prospective customer plans to migrate multiple applications to Amazon Web Services (AWS) and is considering deploying Palo Alto Networks NGFWs to protect these workloads from threats. The customer currently uses Panorama to manage on-premises firewalls and wants to avoid additional management complexity.

Which AWS deployment option meets the customer's technical and business value requirements while minimizing risk exposure?

Options:

A.

Software NGFW credits and Strata Cloud Manager (SCM)

B.

Cloud NGFWs and Panorama

C.

Cloud NGFWs and Strata Cloud Manager (SCM)

D.

Software NGFW credits and Panorama

Question 8

What are two benefits of using Palo Alto Networks NGFWs in a public cloud service provider (CSP) environment? (Choose two.)

Options:

A.

Management of all network traffic in every CSP environment

B.

Consistent Security policies throughout the multi-cloud environment

C.

Deployable in any CSP environment

D.

Automated scaling

Question 9

What are two methods or tools to directly automate the deployment of VM-Series NGFWs into supported public clouds? (Choose two.)

Options:

A.

GitHub PaloAltoNetworks Terraform SWFW modules

B.

Deployment configuration in the public cloud Panorama plugins

C.

paloaltonetworks.panos Ansible collection

D.

panos Terraform provider

Question 10

Which three presales methods will help secure the technical win of software firewalls? (Choose three.)

Options:

A.

Provide link to PAYG Cloud NGFW in the Azure Marketplace

B.

Unsolicited proposals that disregard customer needs

C.

Network Security Design workshops

D.

Proof of Value (POV) product evaluations

Question 11

Which three statements describe functionality of NGFW inline placement for Layer 2/3 implementation? (Choose three.)

Options:

A.

VMs on VMware ESXi hypervisors can be segregated from one another on the network by the VM-Series NGFW by IP addressing and Layer 3 gateways.

B.

VMs on VMware ESXi hypervisors can be segregated from each other by the VM-Series NGFW using VLAN tags while preserving existing Layer 3 gateways.

C.

VM-Series next-generation firewalls cannot be positioned between the physical datacenter network and guest VM workloads.

D.

VM-Series next-generation firewalls do not support VMware vMotion or guest VM workloads.

E.

A next-generation firewall VLAN interface can function as a Layer 3 interface.

Question 12

Which three tools are available to customers to facilitate the simplified and/or best-practice configuration of Palo Alto Networks Next-Generation Firewalls (NGFWs)? (Choose three.)

Options:

A.

Policy Optimizer to help identify and recommend Layer 7 policy changes

B.

Telemetry to ensure that Palo Alto Networks has full visibility into the firewall configuration

C.

Expedition to enable the creation of custom threat signatures

D.

Day 1 Configuration through the customer support portal (CSP)

E.

Best Practice Assessment (BPA) in Strata Cloud Manager (SCM)

Question 13

Which feature allows customers to dynamically increase the capability of their VM-Series firewalls without needing to increase performance they do not need?

Question # 13

Options:

A.

Elastic vCPU profiles

B.

Increased RAM cache

C.

Increased fixed vCPUs and memory

D.

Elastic Memory Profiles

Question 14

Which element protects and hides an internal network in an outbound flow?

Options:

A.

DNS sinkholing

B.

User-ID

C.

App-ID

D.

NAT

Question 15

Which three presales resources are available to field systems engineers for technical assistance, innovation consultation, and industry differentiation insights? (Choose three.)

Options:

A.

Palo Alto Networks consulting engineers

B.

Professional services delivery

C.

Technical account managers

D.

Reference architectures

E.

Palo Alto Networks principal solutions architects

Question 16

Which three tools or methods automate VM-Series firewall deployment? (Choose three.)

Options:

A.

Bootstrap the VM-Series firewall

B.

Palo Alto Networks GitHub repository

C.

Panorama Software Library image

D.

Panorama Software Firewall License plugin

E.

Shared Disk Software Library folder

Question 17

A company has created a custom application that collects URLs from various websites and then lists bad sites. They want to update a custom URL category on the firewall with the URLs collected.

Which tool can automate these updates?

Options:

A.

Dynamic User Groups

B.

SNMP SET

C.

Dynamic Address Groups

D.

XMLAPI

Question 18

Which two public cloud service provider (CSP) environments offer, through their marketplace, a Cloud NGFW under the CSP's own brand name? (Choose two.)

Options:

A.

Oracle Cloud Infrastructure (OCI)

B.

IBM Cloud (previously Softlayer)

C.

Alibaba Cloud

D.

Google Cloud Platform (GCP)

Question 19

Tags can be created for which three objects? (Choose three.)

Options:

A.

Address groups

B.

Dynamic NAT objects

C.

External dynamic lists

D.

Address objects

E.

Service groups

Question 20

Per reference architecture, which default PAN-OS configuration should be overridden to make VM-Series firewall deployments in the public cloud more secure?

Options:

A.

Intrazone-default rule action and logging

B.

Intrazone-default rule service

C.

Interzone-default rule action and logging

D.

Interzone-default rule service

Question 21

Which three statements describe the functionality of Panorama plugins? (Choose three.)

Options:

A.

Limited to one plugin installation on Panorama

B.

Supports other Palo Alto Networks products and configurations with NGFWs

C.

May be installed on Panorama from the Palo Alto Networks customer support portal

D.

Complies with third-party product/platform integration and configuration with NGFWs

E.

Expands capabilities of hardware and software NGFWs

Question 22

What three benefits does flex licensing for VM-Series firewalls offer? (Choose three.)

Options:

A.

Licensing additional memory resources to increase session capacity

B.

Licensing Strata Cloud Manager, Panorama with Dedicated Log Collectors, and CDSS per deployment profile

C.

Using a pool of credits for both CN-Series firewall and VM-Series firewall deployment profiles

D.

Moving credits between public and private cloud VM-Series firewall deployments

E.

Vertically scaling the number of licensed cores in an existing fixed deployment profile

Question 23

Why should a customer use advanced versions of Cloud-Delivered Security Services (CDSS) subscriptions compared to legacy versions when creating or editing a deployment profile?

(e.g., using Advanced Threat Prevention instead of Threat Prevention.)

Options:

A.

To improve firewall throughput by inspecting hashes of advanced packet headers

B.

To download and install new threat-related signature databases in real-time

C.

To use cloud-scale machine learning inline for detection of highly evasive and zero-day threats

D.

To use external dynamic lists for blocking known malicious threat sources and destinations

Question 24

Which two deployment models does Cloud NGFW for AWS support? (Choose two.)

Options:

A.

Hierarchical

B.

Centralized

C.

Distributed

D.

Linear

Question 25

What are three valid methods that use firewall flex credits to activate VM-Series firewall licenses by specifying authcode? (Choose three.)

Options:

A.

/config/bootstrap.xml file of complete bootstrapping package

B.

/license/authcodes file of complete bootstrap package

C.

Panorama device group in Panorama SW Licensing Plugin

D.

authcodes= key value pair of Azure Vault configuration

E.

authcodes= key value pair of basic bootstrapping configuration

Page: 1 / 9
Total 85 questions