Which component of the integrated Palo Alto Networks security solution limits network-
attached workstation access to a corporate mainframe?
threat intelligence cloud
advanced endpoint protection
next-generation firewall
tunnel inspection - C - NGFW
Which Palo Alto Networks product is designe...
PCNSE Study Guide Questions
Which component of the integrated Palo Alto Networks security solution limits network-
attached workstation access to a corporate mainframe?
threat intelligence cloud
advanced endpoint protection
next-generation firewall
tunnel inspection - ✔✔C - NGFW
Which Palo Alto Networks product is designed primarily to provide threat context with
deeper information about attacks?
Which Palo Alto Networks product is designed primarily to provide normalization of
threat intelligence feeds with the potential for automated response?
Which Palo Alto Networks product is designed primarily to prevent endpoints from
successfully running malware programs?
A. GlobalProtect
B. Magnifier
C. Traps
D. RedLock - ✔✔C. Traps
The Palo Alto Networks Cortex Data Lake can accept logging data from which two
products? (Choose two.)
Traps
next-generation firewalls
Aperture
MineMeld
,PCNSE Study Guide Questions
AutoFocus - ✔✔A. Traps
B. next-generation firewalls
Which Palo Alto Networks product is a cloud-based storage service designed to hold log
information?
RedLock
Traps
next-generation firewall
Cortex Data Lake - ✔✔D. Cortex Data Lake
Which product is an example of an application designed to analyze Cortex Data Lake
information?
Cortex XDR - Analytics
RedLock
Cortex XDR - Automated
Response
AutoFocus - ✔✔A. Cortex XDR - Analytics
A potential customer says it wants to maximize the threat detection capability of its next-
generation firewall. Which three additional services should it consider implementing to
enhance its firewall's capability to detect threats? (Choose three.)
Traps
WildFire
URL Filtering
Expedition
DNS Security - ✔✔WildFire
URL Filtering
DNS Security
A VM-Series virtual firewall differs from a physical Palo Alto Networks firewall in which
way?
A VM-Series firewall cannot be managed by Panorama.
A VM-Series firewall supports fewer traffic interface types.
A VM-Series firewall cannot terminate VPN site-to-site tunnels.
,PCNSE Study Guide Questions
A VM-Series firewall cannot use dynamic routing protocols. - ✔✔A VM-Series firewall
supports fewer traffic interface types.
Which product would best secure east-west traffic within a public cloud implementation?
A. RedLock
B. MineMeld
C. VM-Series firewall
D. Cortex - ✔✔C. VM-Series firewall
Why would you recommend an active/active firewall cluster instead of an active/passive
firewall cluster?
A. Active/active is the preferred solution when the firewall cluster is behind a load
balancer that randomizes routing, thus requiring both firewalls to be active.
B. Active/active usually is the preferred solution because it allows for more bandwidth
while both firewalls are up.
C. Active/active is the preferred solution when the PA-7000 Series is used. Use
active/passive with the PA-5200 Series or smaller form factors.
D. Active/active is the preferred solution when the PA-5200 Series or smaller form
factors are used. Use active/passive with the PA-7000 Series. - ✔✔Active/active is the
preferred solution when the firewall cluster is behind a load balancer that randomizes
routing, thus requiring both firewalls to be active.
Which two events can trigger an HA pair failover event? (Choose two.)
A. An HA1 cable is disconnected from one of the firewalls.
B. A dynamic update fails to download and install.
C. The firewall fails to ping a path-monitored destination address successfully.
D. OSPF implemented on the firewall determines that an available route is now down.
E. RIP implemented on the firewall determines that an available route is now down. - ✔
✔A. An HA1 cable is disconnected from one of the firewalls.
C. The firewall fails to ping a path-monitored destination address successfully.
Which two firewall features support floating IP addresses in an active/active HA pair?
(Choose
two.)
How are firewalls configured in an Active/Passive HA pair synchronized if the firewalls
are not under Panorama control?
An administrator commits the changes to one, then commits them to the partner, at
which time the changes are sent to the other.
An administrator pushes the configuration file to both firewalls, then commits them.
An administrator commits changes to one, which automatically synchronizes with the
other.
An administrator schedules an automatic sync frequency in the firewall configurations. -
✔✔An administrator commits changes to one, which automatically synchronizes with
the other.
In which two ways is an active/passive HA pair configured in a virtual firewall deployed
in any
public clouds? (Choose two.)
The virtual firewalls are deployed in a cloud "scale set" with a cloud-supplied load
balancer in front to detect and manage failover.
The virtual firewalls rely on a VM-Series plugin to map appropriate cloud functions to the
firewall's HA settings.
Virtual firewalls use PAN-OS HA configuration combined with appropriate cloud
deployments of interfaces for HA use.
The virtual firewalls use an HA Compatibility module for the appropriate cloud
technology - ✔✔The virtual firewalls are deployed in a cloud "scale set" with a cloud-
supplied load balancer in front to detect and manage failover.
The virtual firewalls rely on a VM-Series plugin to map appropriate cloud functions to the
firewall's HA settings.
Without having to make network address configuration changes, you would use which
type of network interface to insert a Palo Alto Networks firewall in front of a legacy port-
based firewall to collect application information from incoming network traffic?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Layer. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $15.49. You're not tied to anything after your purchase.
