Which feature removes the limitation of requiring the first interface to be management?
- A . Management interface swap
- B . Utilize a separate Load Balancer VM
- C . Utilize a separate NAT VM.
- D . Dataport interface switch
In PAN-OS, which three NSX features can be pushed from Panorama? (Choose three)
- A . user IP mappings
- B . steering rules
- C . multiple authorization codes
- D . security group assignments of VMs
- E . security groups
What is a company that is moving as much of its business as possible into Microsoft Azure trying to minimize?
- A . capital expenses
- B . operating expenses
- C . security exposure
- D . operating expenses and capital expenses
How does Palo Alto Networks integrate with VXLAN tagging?
- A . does not integrate with VXLAN tagging, so virtual appliances cannot be provided, but hardware appliances can be offered at the data center gateway border
- B . integrates with VXLAN. but scripting is necessary, and Professional Services should be engaged
- C . integrates fully into VXLAN architectures if they are provided by VMware
- D . does not integrate natively with VXLAN tagging, network equipment can convert VXLAN flows to VLANs and send those VLANs to Palo Alto Networks firewalls
When deploying VM series on Openstack platform, which statement is correct?
- A . Allow configuration of at least one interface
- B . OpenStack compute node could be installed on a hypervisor platform
- C . Accept the VM-Series OVA image
- D . Set Instance type OS::Nova Server
Which are two use cases for HSCI ports on the SMC module on PA-7000 Series? (Choose two)
- A . HA1 backup link in active/active HA
- B . HA1 link in active/passive HA
- C . HA3 link in active/active HA
- D . HA2 link in active/passive HA
C,D
Explanation: https://docs.paloaltonetworks.com/hardware/pa-7000-hardware-reference/pa-7000-series-module-and-interface-card-information/pa-7000-series-switch-management-card-smc/pa-7000-series-smc-component-descriptions
Which VM-Series can be deployed on VMware NSX?
- A . VM-100, VM-200, VM-300. VM-500. VM-1000-HV
- B . VM-50r VM-100, VM-200, VM-300, VM-500
- C . VM-100, VM-200, VM-300, VM-500, VM-700
- D . All VM Series Models can be deployed on VMware NSX
A
Explanation: https://docs.paloaltonetworks.com/vm-series/8-1/vm-series-deployment/about-the-vm-series-firewall/vm-series-models.html
What are the benefits of NSX-V?
- A . supports the Data Plane Development Kit (DPDK) libraries; enables Stackdnver Monitoring on the VMware Series Firewall; works with Cloud Launcher
- B . virt-manager wizard to help with the installation process; virsh command to deploy the VM-Series; virt-installcommand to install
- C . sturdier centralized management; automated deployment ease in administering tenants
and dedicated compute infrastructure; tighter integration between virtual environment and
security enforcement of dynamic security - D . leverages Prism Central
When deploying VM series on NSX platform to support micro-segmentation, which statement is NOT correct?
- A . VM-Series uses NetX API to receive and send packets
- B . Traffic steering rules could be defined on Panorama and pushed to NSX Manager
- C . VM-Series provide Multi-tenancy support with multiple zones
- D . One panorama could support to connect with only one NSX manager
Which is not a SaaS product?
- A . Yahoo Maps
- B . Microsoft Office 365
- C . Microsoft Azure
- D . Google Docs
What are two types of security that can be implemented across every phase of the Build, Ship, and Run lifecycle of a workload? (Choose two)
- A . Runtime Security
- B . Firewalling
- C . Vulnerability Management
- D . Compliance or Configuration Management
Whichconfiguration is required in NSX for Panorama to use the tags from security groups in dynamic address groups?
- A . Create security groups only.
- B . Create security groups and mark them as exchangeable.
- C . Create security groups with tags marked as shareable.
- D . Create security groups and use them in an NSX-to-Palo Alto Networks redirection policy.
Which configuration is requiredto share NSX security groups as tags to be used by
Dynamic Address Groups in a non-NSX firewall?
- A . notify device groups within VMware Services Manager
- B . a User-ID agent on a Windows domain server
- C . VMware Information Sources
- D . none, sharing happens by default
Which environment is least likely to be placed on a public cloud by a hospital that has a large health information management application?
- A . production
- B . development
- C . testing
- D . QA
A customer in a non-NSX VMware environment wants to add a VM-Series firewall and to partition an existing group of VMs in the same subnet into two groups. One group needs no additional security, but the second group requires substantially more security.
How can this partition be accomplished without editing the IP addresses or the default gateways of any of the guest VMs?
- A . Create a new virtual switch and use the VM-Series firewall to separate virtual switches using Virtual Wire mode Then move the guests that require more security into the new virtual switch
- B . Edit the IP address of all of the affected VMs
- C . Send the VLAN out of the virtual environment into a hardware Palo Alto Networks firewall in Layer 3 mode. Use the same IP address as the old default gateway, then delete the old default gateway
- D . Create a Layer 3 interface in the same subnet as the VMs and configure proxy ARP
A network administrator is working on a VMware NSX installation with VM-1000-HV firewalls The administrator has created a security group that is populated with VMs The administrator is trying to create a Dynamic Address Group in Panorama, but the security group is not showing.
Which task should the administrator perform first?
- A . Go into vCenter/NSX and push the objects to Panorama
- B . Delete and re-add the security group.
- C . Go into Panorama and synchronize the Address objects with NSX
- D . Check the NSX Security policy to ensure the security group has been used in a policy.
In which two ways can micro-segmentation save money for the enterprise? (Choose two.)
- A . fewer capital expenses because fewer physical servers need to be bought
- B . fewer operating expenses because a smaller data center is operated
- C . fewer operating expenses because less public cloud capacity needs to be rented
- D . fewer capital expenses because the same number of physical servers can be kept in a smaller space
For which two reasons would an administrator have to install NGFW automatically in a cloud environment? {Choose two)
- A . reduce capital expenses
- B . performance, to be able to install a new firewall when the demand exceeds the ability of the existing environments to service
- C . integrity, to ensure that data is not changed illicitly
- D . resiliency and availability, to be able to install a new firewall as part of a new environment if an existing environment fails
- E . security, to automatically install a firewall when a security threat is detected
A customer wants to completely segment their internal networks They have Cisco switches and extensively use 10Gbps interfaces. They are running VMware ESXi and are considering implementing NSX .
Which three Palo Alto Networks firewall models will support this deployment? (Choose three.)
- A . PA-3050
- B . VM-100
- C . VM-300
- D . PA-3250
- E . PA-7050
Which option describes Arista’s micro-segmentation?
- A . Arista and VMware are extending secure segmentation with an open API (RESTZJSON)-based exchange, which allows NSX to federate with CloudVision to extend the micro-segmentation policy for physical workloads.
- B . Arista and Kubernetes are extending secure segmentation with an open API (RESTVJSON)-based exchange, which allows Kubernetes to federate with CloudVision to extend the micro-segmentation policy for physical workloads.
- C . Arista’s micro-segmentation and macro-segmentation are identical concepts that can be used interchangeably
- D . Arista and VMware both perform identical functions for NGFW micro-segmentation