PCSFE exam

What can software next-generation firewall (NGFW) credits be used to provision?A . Remote browser isolationB . Virtual Panorama appliancesC . Migrating NGFWs from hardware to VMsD . Enablement of DNS securityView AnswerAnswer: C Explanation: Software next-generation firewall (NGFW) credits can be used to provision migrating NGFWs from hardware to VMs....

Which two deployment modes of VM-Series firewalls are supported across NSX-T? (Choose two.)A . Prism CentralB . BootstrapC . Service ClusterD . Host-basedView AnswerAnswer: B, C Explanation: The two deployment modes of VM-Series firewalls that are supported across NSX-T are: Bootstrap Service Cluster NSX-T is a software-defined network (SDN) solution...

Which feature provides real-time analysis using machine learning (ML) to defend against new and unknown threats?A . Advanced URL Filtering (AURLF)B . Cortex Data LakeC . DNS SecurityD . Panorama VM-Series pluginView AnswerAnswer: C Explanation: DNS Security is the feature that provides real-time analysis using machine learning (ML) to defend...

Which component allows the flexibility to add network resources but does not require making changes to existing policies and rules?A . Content-IDB . External dynamic listC . App-IDD . Dynamic address groupView AnswerAnswer: D Explanation: Dynamic address group is the component that allows the flexibility to add network resources but...

How is traffic directed to a Palo Alto Networks firewall integrated with Cisco ACI?A . By using contracts between endpoint groups that send traffic to the firewall using a shared policyB . Through a virtual machine (VM) monitor domainC . Through a policy-based redirectD . By creating an access policyView...

Which component scans for threats in allowed traffic?A . Intelligent Traffic OffloadB . TLS decryptionC . Security profilesD . NATView AnswerAnswer: C Explanation: Security profiles are the components that scan for threats in allowed traffic. Security profiles are sets of rules or settings that define how the firewall will inspect...

Which two elements of the Palo Alto Networks platform architecture enable security orchestration in a software-defined network (SDN)? (Choose two.)A . Full set of APIs enabling programmatic control of policy and configurationB . VXLAN support for network-layer abstractionC . Dynamic Address Groups to adapt Security policies dynamicallyD . NVGRE support...

Which solution is best for securing an EKS environment?A . VM-Series single hostB . CN-Series high availability (HA) pairC . PA-Series using load sharingD . API orchestrationView AnswerAnswer: B Explanation: CN-Series high availability (HA) pair is the best solution for securing an EKS environment. EKS is a managed service that...

A customer in a VMware ESXi environment wants to add a VM-Series firewall and partition an existing group of virtual machines (VMs) in the same subnet into two groups. One group requires no additional security, but the second group requires substantially more security. How can this partition be accomplished without...

Which of the following can provide application-level security for a web-server instance on Amazon Web Services (AWS)?A . VM-Series firewallsB . Hardware firewallsC . Terraform templatesD . Security groupsView AnswerAnswer: A Explanation: VM-Series firewalls can provide application-level security for a web-server instance on Amazon Web Services (AWS). VM-Series firewalls are...