Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

PCSFEFree trial

By palo-alto-networks

Verified

25Q per page

Question 1

How is traffic directed to a Palo Alto Networks firewall integrated with Cisco ACI?

A: By using contracts between endpoint groups that send traffic to the firewall using a shared policy
B: Through a virtual machine (VM) monitor domain
C: Through a policy-based redirect (PBR)
D: By creating an access policy

—

Question 2

What are the two appropriate routing settings required to deploy software firewall integration with Amazon Web Service (AWS) GWLB? (Choose two.)

A: Route table with ALB subnet association - Add route destined to 0.0.0.0/0 with target as NAT Gateway
B: Route table with ALB subnet association - Add route destined to 0.0.0.0/0 with target as IGW
C: Route table with IGW edge association - Add route destined to ALB with target as GWLBE
D: Route table with GWLBE subnet association - Add route destined to 0.0.0.0/0 with target as IGW

—

Question 3

A user must be assigned one of which two roles in order to create local rulestacks in the Cloud NGFW for AWS tenant? (Choose two.)

A: LocalRuleStackAdmin
B: FirewallRulestackAdmin
C: GlobalRulestackAdmin
D: GlobalFirewallAdmin

—

Question 4

Which deployment method should a GCP administrator use to deploy a VM-Series firewall to secure east-west traffic between Virtual Private Clouds (VPCs)?

A: Internet gateway
B: Hybrid IPSec VPN
C: Segmentation gateway
D: GlobalProtect

—

Question 5

What are three attributes monitored by the Panorama AWS plugin? (Choose three.)

A: Private DNS name
B: Subnet ID
C: IAM instance profile
D: VPC ID
E: Public DNS name

—

Question 6

In the Cloud NGFW for AWS distributed outbound architecture model, what is the first hop the traffic takes from the source?

A: Internet gateway
B: Cloud NGFW
C: NGFW endpoint
D: NAT gateway

—

Question 7

Which port / interface must be assigned as the HA2 link when deploying VM-Series firewalls in High Availability (HA) on Amazon Web Services (AWS)?

A: HA2
B: MGT port
C: HSCI port
D: Ethernet1/1

—

Question 8

A system engineer is working on the Proof of Concept (POC) for Cloud Next-Generation Firewall (NGFW) for Azure using an existing Panorama setup. However, connection with the Cloud NGFW instance. What could be the cause of this issue?

A: There has not been an upgrade to the PAN-OS 10.2.
B: Cloud NGFW plugin has not been installed.
C: Valid device certificate is missing.
D: Necessary ports 8443 and 443 for communication between Cloud NGFW and Panorama are blocked.

—

Question 9

A system engineer managing a deployment of CN-Series with Panorama (software version 11.0) installs the Kubernetes Plugin. When the installation is complete, templates are present. What are the names of two of these templates and for what are they used? (Choose two.)

A: K8S-Network-Setup used for daemonset
B: K8S-Network-Setup-V2 used for Kubernetes as a service deployment
C: K8S-Network-Setup-V3 used for Kubernetes as a service deployment
D: K8S-Network-Setup-V3 used for CNF daemonset

—

Question 10

Which two statements apply to the management Cloud NGFW by AWS firewall manager? (Choose two.)

A: Availability Zone can be created.
B: Firewall policy can be included only with specified accounts and OUs.
C: Firewall policy must be applied to all accounts under the Amazon Web Services (AWS) organization.
D: Endpoints will be created via the firewall manager.

—

Question 11

Which protocol is used for communicating between VM-Series firewalls and a gateway load balancer in Amazon Web Services (AWS)?

A: VRLAN
B: Geneve
C: GRE
D: VMLAN

—

Question 12

In which area of the Customer Support Portal should a firewall administrator complete the steps to deactivate an accidentally deleted VM-Series firewall and free up Software NGFW Credits?

A: Resources
B: Tools
C: Assets
D: Support Cases

—

Question 13

A cloud infrastructure architect wants to monitor NGFW in production running on Amazon Web Services (AWS). It is known that the software firewalls are able to publish native PAN-OS metrics to AWS CloudWatch. The cloud infrastructure architect is unable to browse any firewall metrics on CloudWatch.

Which two features are needed to remediate this issue? (Choose two.)

A: IAM policy with action = "cloudwatch:PutMetricData"
B: IAM policy with action = "cloudwatch:SharetMetricData"
C: CloudWatch Monitoring with namespace = VMseries
D: CloudWatch Monitoring with namespace = aws

—

Question 14

Which two components are required for Intelligent Traffic Offload (ITO) on a VM-Series firewall? (Choose two.)

A: PAN-OS 10.1 or later
B: VM-Series plugin 2.1.0 or later
C: VM-Series plugin 3.1.0 or later
D: PAN-OS 9.1 or later

—

Question 15

When using Ansible with PAN-OS, which type of connection method should be used?

A: OpenSSH
B: Local
C: Paramiko
D: Smart

—

Question 16

To which service does the Cloud NGFW for Azure send its logs?

A: Kinesis Data Firehose
B: S3 Bucket
C: CloudWatch Log Group
D: Log Analytics Workspace

—

Question 17

Which automation tools should be used to create policies for Cloud NGFW for AWS?

A: Ansible, Terraform, and Panorama Console
B: Panorama Console and Panorama API only
C: Terraform, Panorama Console, and Panorama API
D: Panorama API, Ansible, Terraform, and Panorama Console

—

Question 18

Intelligent Traffic Offload (ITO) requires a firewall be deployed in which mode?

A: Layer 2
B: Layer 3
C: Tap
D: Vwire

—

Question 19

Which two elements of the Palo Alto Networks platform architecture enable security orchestration in a software-defined network (SDN)? (Choose two.)

A: Full set of APIs enabling programmatic control of policy and configuration
B: VXLAN support for network-layer abstraction
C: Dynamic Address Groups to adapt Security policies dynamically
D: NVGRE support for advanced VLAN integration

—

Question 20

Which service enables a firewall or Panorama to download App-IDs for unknown SaaS applications from the cloud?

A: App-ID Cloud Engine
B: Application Library
C: Application machine learning (ML) Engine
D: App-ID Database Engine

—

Question 21

What are three valid deployment options for Panorama in Amazon Web Services (AWS)? (Choose three.)

A: Panorama in AWS for management and log collection
B: Panorama in AWS and Panorama on-premises for a high availability (HA) array
C: Panorama in AWS CN-Series form factor for management and log collection
D: Panorama in AWS with Cortex Data Lake
E: On-premises Panorama with log collectors in AWS

—

That’s the end of your free questions

You’ve reached the preview limit for PCSFE

Consider upgrading to gain full access!

Page 1 of 5 • Questions 1-25 of 101

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!