PSE-STRATADC Online Practice Questions and Answers

How is traffic directed to a Palo Alto Networks firewall integrated with Cisco ACI?

A. by creating an access policy

B. through a policy-based redirect (PBR)

C. contracts between EPGs that send traffic to the firewall using a shared policy

D. through a virtual machine monitor (VMM) domain

In which two ways can micro-segmentation save money for the enterprise? (Choose two)

A. fewer capital expenses because fewer physical servers need to be bought

B. fewer operating expenses because a smaller data center is operated

C. fewer operating expenses because less public cloud capacity needs to be rented

D. fewer capital expenses because the same number of physical servers can be kept in a smaller space

Which three software components have integration for deploying a VM-Series firewall in OpenStack? (Choose three)

A. Mirantis OpenStack distribution

B. Nuage VSP SDN controller

C. VMWare NSX for OpenStack

D. Cisco ACI

E. Contrail SDN controller

A network administrator is working on a VMware NSX installation with VM-1000-HV firewalls The administrator has created a security group that is populated with VMs The administrator is trying to create a Dynamic Address Group in Panorama, but the security group is not showing.

Which task should the administrator perform first?

A. Go into vCenter/NSX and push the objects to Panorama

B. Delete and re-add the security group.

C. Go into Panorama and synchronize the Address objects with NSX

D. Check the NSX Security policy to ensure the security group has been used in a policy.

Which protocol is used by VMware to encapsulate packets in NSX?

A. VRLAN

B. VXLAN

C. GRE

D. VMLAN

Which type of cloud service can be protected by an inline firewall controlled by the organization rather than by the cloud provider?

A. SaaS

B. laaS

C. PaaS

D. FaaS

When deploying VM series on NSX platform to support micro-segmentation, which statement is NOT correct?

A. VM-Series uses NetX API to receive and send packets

B. Traffic steering rules could be defined on Panorama and pushed to NSX Manager

C. VM-Series provide Multi-tenancy support with multiple zones

D. One panorama could support to connect with only one NSX manager

In the following scenario, Route-based firewall redundancy is deployed in a Data Center, which statement is true?

A. IP addresses of Firewall interfaces will move between devices when a firewall fails.

B. The 2 firewalls are in Active-Standby HA status.

C. Firewalls use dynamic routing protocols to determine the best path.

D. Floating IP addresses are necessary for HA configuration.

What are three requirements to automate service deployment of a VM-Series firewall from an NSX Manager? (Choose three)

A. vCenter has been given Palo Alto Networks subscription licenses for VM-Series firewalls.

B. The deployed VM-Series firewall can establish communications with Panorama.

C. Panorama has been configured to recognize both the NSX Manager and vCenter.

D. Panorama can establish communications to the public Palo Alto Networks update servers.

E. The NSX Manager completed the host preparation prior to the VM-Series firewall service deployment.

What are the differences between Prisma Cloud Enterprise and Prisma Cloud Compute?

A. The only difference is in the architecture - where the Console is hosted.

B. Prisma Cloud Compute offers lowered runtime defensive capabilities because there is no PANW cloud hosted component.

C. Prisma Cloud Enterprise does not offer workload protection.

D. Only Prisma Cloud Compute offers API based cloud protection.