Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

Which three solutions does Strata Cloud Manager (SCM) support? (Choose three.)

A.

Prisma Cloud

B.

CN-Series firewalls

C.

Prisma Access

D.

PA-Series firewalls

E.

VM-Series firewalls

Full Access
Question # 5

Which three statements describe the functionality of Panorama plugins? (Choose three.)

A.

Limited to one plugin installation on Panorama

B.

Supports other Palo Alto Networks products and configurations with NGFWs

C.

May be installed on Panorama from the Palo Alto Networks customer support portal

D.

Complies with third-party product/platform integration and configuration with NGFWs

E.

Expands capabilities of hardware and software NGFWs

Full Access
Question # 6

What are two benefits of credit-based flexible licensing for software firewalls? (Choose two.)

A.

Create virtual Panoramas.

B.

Add Cloud-Delivered Security Services (CDSS) subscriptions to CN-Series firewalls.

C.

Create Cloud NGFWs.

D.

Add Cloud-Delivered Security Services (CDSS) subscriptions to PA-Series firewalls.

Full Access
Question # 7

What are three components of Cloud NGFW for AWS? (Choose three.)

A.

Cloud NGFW Resource

B.

Local or Global Rulestacks

C.

Cloud NGFW Inspector

D.

Amazon S3 bucket

E.

Cloud NGFW Tenant

Full Access
Question # 8

CN-Series firewalls offer threat protection for which three use cases? (Choose three.)

A.

Prevention of sensitive data exfiltration from Kubernetes environments

B.

All Kubernetes workloads in the public and private cloud

C.

Inbound, outbound, and east-west traffic between containers

D.

All workloads deployed on-premises or in the public cloud

E.

Enforcement of segmentation policies that prevent lateral movement of threats

Full Access
Question # 9

Which two capabilities are shared by the deployments of Cloud NGFW for Azure and VM-Series firewalls? (Choose two.)

A.

Using NGFW credits to deploy the firewall

B.

Securing public and private datacenter traffic

C.

Performing firewall administration using Azure Firewall Manager

D.

Securing inbound, outbound, and lateral traffic

Full Access
Question # 10

Which two presales methods will help secure the technical win of software firewalls? (Choose two.)

A.

PA-Series security lifecycle review (SLR) report

B.

Proof of Value (POV) product evaluations

C.

Network Security Design workshops

D.

Link to PAYG Cloud NGFW in the Azure Marketplace

Full Access
Question # 11

What is an advantage of using a Palo Alto Networks Cloud NGFW compared to deploying a VM-Series firewall in the cloud?

A.

Cloud NGFW integrates natively into the AWS management console.

B.

The customer maintains complete control of the Cloud NGFW.

C.

Layer 2 network functionality can be customized on Cloud NGFW.

D.

Cloud NGFW can easily be deployed using NGFW Software Credits.

Full Access
Question # 12

Which statement is valid for both VM-Series firewalls and Cloud NGFWs?

A.

VM-Series firewalls and Cloud NGFWs can be deployed in a customer's private cloud.

B.

Panorama can manage VM-Series firewalls and Cloud NGFWs.

C.

Updates for VM-Series firewalls and Cloud NGFWs are performed by the customer.

D.

VM-Series firewalls and Cloud NGFWs can be deployed in all public cloud vendor environments.

Full Access
Question # 13

Which two statements accurately describe cloud-native load balancing with Palo Alto Networks VM-Series firewalls and/or Cloud NGFW in public cloud environments? (Choose two.)

A.

Cloud NGFW’s distributed architecture model requires deployment of a single centralized firewall and will force all traffic to the firewall across pre-built VPN tunnels.

B.

VM-Series firewall deployments in the public cloud will require the deployment of a cloud-native load balancer if high availability (HA) or redundancy is needed.

C.

Cloud NGFW in AWS or Azure has load balancing built into the underlying solution and does not require the deployment of a separate load balancer.

D.

VM-Series firewall load balancing is automated and is handled by the internal mechanics of the NGFW software without the need for a load balancer.

Full Access
Question # 14

Which three presales resources are available to field systems engineers for technical assistance, innovation consultation, and industry differentiation insights? (Choose three.)

A.

Palo Alto Networks consulting engineers

B.

Professional services delivery

C.

Technical account managers

D.

Reference architectures

E.

Palo Alto Networks principal solutions architects

Full Access
Question # 15

Why should a customer use advanced versions of Cloud-Delivered Security Services (CDSS) subscriptions compared to legacy versions when creating or editing a deployment profile?

(e.g., using Advanced Threat Prevention instead of Threat Prevention.)

A.

To improve firewall throughput by inspecting hashes of advanced packet headers

B.

To download and install new threat-related signature databases in real-time

C.

To use cloud-scale machine learning inline for detection of highly evasive and zero-day threats

D.

To use external dynamic lists for blocking known malicious threat sources and destinations

Full Access
Question # 16

What is the primary purpose of the pan-os-python SDK?

A.

To create a Python-based firewall that is compatible with the latest PAN-OS

B.

To replace the PAN-OS web interface with a Python-based interface

C.

To automate the deployment of PAN-OS firewalls by using Python

D.

To provide a Python interface to interact with PAN-OS firewalls and Panorama

Full Access
Question # 17

A company has used software NGFW credits to deploy several VM-Series firewalls with Advanced URL Filtering in the company's deployment profiles. The IT department has determined that the firewalls no longer need the Advanced URL Filtering license.

How can this license be removed from the hosts?

A.

Edit the current deployment profile to remove the Advanced URL Filtering license.

B.

On the firewall, issue this command: > delete url subscription license.

C.

Add a new deployment profile with all the licenses selected except Advanced URL Filtering.

D.

Delete the current deployment profile from the cloud service provider.

Full Access
Question # 18

A customer with multiple virtual private clouds (VPCs) in Amazon Web Services (AWS) protected by the cloud-native firewall experiences a cloud breach. As a result, malware spreads quickly across the VPCs, infecting several workloads.

Which minimum solution should be proposed to prevent similar incidents in the future?

A.

Purchase a software credit pool for flexible Cloud NGFW deployment across the VPCs.

B.

Deploy a single Cloud NGFW.

C.

Subscribe to Palo Alto Networks Advanced Threat Protection for the cloud-native firewall.

D.

Implement a Cloud NGFW for each VPC.

Full Access
Question # 19

Which use case is valid for Strata Cloud Manager (SCM)?

A.

Supporting pre PAN-OS 10.1 SD-WAN migrations to SCM

B.

Provisioning and licensing new CN-Series firewall deployments

C.

Providing AI-Powered ADEM for all Prisma Access users

D.

Providing API-driven plugin framework for integration with third-party ecosystems

Full Access
Question # 20

What are three benefits of using Palo Alto Networks software firewalls in public cloud, private cloud, and hybrid cloud environments? (Choose three.)

A.

They allow for centralized management of all firewalls, regardless of where or how they are deployed.

B.

They allow for complex management of per-use case security needs through multiple point products.

C.

They provide consistent policy enforcement across all architectures, whether on-premises or in the cloud.

D.

They allow management of underlying public cloud architecture without needing to leave the firewall itself.

E.

They create a simplified consumption and deployment model throughout the production environment.

Full Access
Question # 21

When using VM-Series firewall bootstrapping, which three methods can be used to install licensed content, including antivirus, applications, and threats? (Choose three.)

A.

Panorama 10.2 or later to use the content auto push feature

B.

Complete bootstrapping and either Azure Blob storage or Amazon S3 bucket

C.

Content-Security-Policy update URL in the init-cfg.txt file

D.

Custom-AMI or Azure VM image, with content preloaded

E.

Panorama software licensing plugin

Full Access
Question # 22

Which feature allows customers to dynamically increase the capability of their VM-Series firewalls without needing to increase performance they do not need?

A.

Elastic vCPU profiles

B.

Increased RAM cache

C.

Increased fixed vCPUs and memory

D.

Elastic Memory Profiles

Full Access
Question # 23

A Cloud NGFW for Azure can be deployed to which two environments? (Choose two.)

A.

Azure Kubernetes Service (AKS)

B.

Azure Virtual WAN

C.

Azure DevOps

D.

Azure VNET

Full Access
Question # 24

What are three valid methods that use firewall flex credits to activate VM-Series firewall licenses by specifying authcode? (Choose three.)

A.

/config/bootstrap.xml file of complete bootstrapping package

B.

/license/authcodes file of complete bootstrap package

C.

Panorama device group in Panorama SW Licensing Plugin

D.

authcodes= key value pair of Azure Vault configuration

E.

authcodes= key value pair of basic bootstrapping configuration

Full Access
Question # 25

Which element protects and hides an internal network in an outbound flow?

A.

DNS sinkholing

B.

User-ID

C.

App-ID

D.

NAT

Full Access