Palo Alto Networks Certified Software Firewall Engineer v1.0

Page:    1 / 9   
Exam contains 125 questions
Expand All

Which two design options address split brain when configuring high availability (HA)? (Choose two.)

  • A. Adding a backup HA1 interface
  • B. Using the heartbeat backup
  • C. Bundling multiple interfaces in an aggregated interface group and assigning HA2
  • D. Sending heartbeats across the HA2 interfaces


Answer : AB

Where do CN-Series devices obtain a VM-Series authorization key?

  • A. Panorama
  • B. Local installation
  • C. GitHub
  • D. Customer Support Portal


Answer : A

Which offering can gain visibility and prevent an attack by a malicious actor attempting to exploit a known web server vulnerability using encrypted communication?

  • A. OCSP
  • B. Secure Sockets Layer (SSL) Inbound Inspection
  • C. Advanced URL Filtering (AURLF)
  • D. WildFire


Answer : B

Which Palo Alto Networks firewall provides network security when deploying a microservices-based application?

  • A. PA-Series
  • B. CN-Series
  • C. VM-Series
  • D. HA-Series


Answer : B

What is the appropriate file format for Kubernetes applications?

  • A. .yaml
  • B. .exe
  • C. .json
  • D. .xml


Answer : A

Which offering inspects encrypted outbound traffic?

  • A. WildFire
  • B. TLS decryption
  • C. Content-ID
  • D. Advanced URL Filtering (AURLF)


Answer : B

Which two features of CN-Series firewalls protect east-west traffic between pods in different trust zones? (Choose two.)

  • A. Intrusion prevention system (IPS)
  • B. Communication with Panorama
  • C. External load balancer (ELB)
  • D. Layer 7 visibility


Answer : AD

Which component can provide application-based segmentation and prevent lateral threat movement?

  • A. DNS Security
  • B. NAT
  • C. URL Filtering
  • D. App-ID


Answer : D

What does the number of required flex credits for a VM-Series firewall depend on?

  • A. vCPU allocation
  • B. IP address allocation
  • C. Network interface allocation
  • D. Memory allocation


Answer : A

Which element protects and hides an internal network in an outbound flow?

  • A. DNS sinkholing
  • B. User-ID
  • C. App-ID
  • D. NAT


Answer : D

Which software firewall would help a prospect interested in securing an environment with Kubernetes?

  • A. KN-Series
  • B. ML-Series
  • C. VM-Series
  • D. CN-Series


Answer : D

Which two valid components are used in installation of a VM-Series firewall in an OpenStack environment? (Choose two.)

  • A. OpenStack heat template in JSON format
  • B. OpenStack heat template in YAML Ain't Markup Language (YAML) format
  • C. VM-Series VHD image
  • D. VM-Series qcow2 image


Answer : BD

Which software firewall would assist a prospect who is interested in securing extensive DevOps deployments?

  • A. CN-Series
  • B. Ion-Series
  • C. Cloud next-generation firewall (NGFW)
  • D. VM-Series


Answer : D

How does a CN-Series firewall prevent exfiltration?

  • A. It employs custom-built signatures based on hash.
  • B. It distributes incoming virtual private cloud (VPC) traffic across the pool of VM-Series firewalls.
  • C. It provides a license deactivation API key.
  • D. It inspects outbound traffic content and blocks suspicious activity.


Answer : D

What helps avoid split brain in active-passive high availability (HA) pair deployment?

  • A. Using a standard traffic interface as the HA2 backup
  • B. Enabling preemption on both firewalls in the HA pair
  • C. Using the management interface as the HA1 backup link
  • D. Using a standard traffic interface as the HA3 link


Answer : C

Page:    1 / 9   
Exam contains 125 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy