Free PCSFE Sample Questions — Palo Alto Networks Certified Software Firewall Engineer

What is the maximum number of Kubernetes clusters Panorama can support?

• A. 8
• B. 16
• C. 32
• D. 64

Which feature must be configured in an NSX environment to ensure proper operation of a VM-Series firewall in order to secure east-west traffic?

• A. Deployment of the NSX DFW
• B. VMware Information Sources
• C. User-ID agent on a Windows domain server
• D. Device groups within VMware Services Manager

Which two statements apply to the management Cloud NGFW by AWS firewall manager? (Choose two.)

• A. Availability Zone can be created
• B. Firewall policy can be included only with specified accounts and OUs
• C. Firewall policy must be applied to all accounts under the Amazon Web Services (AWS) organization
• D. Endpoints will be created via the firewall manager

What is the structure of the YAML Ain't Markup Language (YAML) file repository?

• A. Deployment_Type/Kubernetes/Environment
• B. Kubernetes/Deployment_Type/Environment
• C. Kubernetes/Environment/Deployment_Type
• D. Environment/Kubernetes/Deployment_Type

Which port / interface must be assigned as the HA2 link when deploying VM-Series firewalls in High Availability (HA) on Amazon Web Services (AWS)?

• A. HA2
• B. MGT port
• C. HSCI port
• D. Ethernet1/1

When deploying a firewall in Amazon Web Services (AWS) utilizing the orchestration through Panorama, which plugin is required?

• A. vm_series-2.0.1 or later
• B. cloud_services-3.2.0 or later
• C. aws-3.0.1 or later
• D. aws-5.0.1 or later

To list NGFW pods connected to a management plane, which Panorama CLI command should be used?

• A. requests plugins kubernetes get-node-license-info
• B. requests plugins kubernetes get-license-tokens
• C. requests plugins vm-series list-dp-pods
• D. requests tech-support dump

What does GlobalProtect gateway use to determine which resources a compliant device should be accessing and a non-compliant device should not be accessing?

• A. VPN posture
• B. Device posture
• C. Host information profile (HIP)
• D. Host posture

A data center experiences a power outage that results in the reboot of all ESXi servers, including the software firewall's virtual machine (VM). Subsequently, there is a notable decrease in performance. Most end users complain of being unable to access the internet. The system engineer is still able to log in to the firewall management console smoothly. What is most likely causing this issue?

• A. The firewall license has expired
• B. The dataplane disk partitions are unable to mount after the reboot
• C. There is configuration file corruption on ESXi server
• D. The last saved configuration did not save properly in the boot up partition

A system engineer is working on the Proof of Concept (POC) for Cloud Next-Generation Firewall (NGFW) for Azure using an existing Panorama setup. However, connection with the Cloud NGFW instance. What could be the cause of this issue?

• A. There has not been an upgrade to the PAN-OS 10.2.
• B. Cloud NGFW plugin has not been installed
• C. Valid device certificate is missing
• D. Necessary ports 8443 and 443 for communication between Cloud NGFW and Panorama are blocked

Which two valid components are used in installation of a VM-Series firewall in an OpenStack environment? (Choose two.)

• A. OpenStack heat template in JSON format
• B. OpenStack heat template in YAML Ain't Markup Language (YAML) format
• C. VM-Series VHD image
• D. VM-Series qcow2 image

Which two deployment modes of VM-Series firewalls are supported across NSX-T? (Choose two.)

• A. Prism Central
• B. Bootstrap
• C. Service Cluster
• D. Host-based

What are three attributes monitored by the Panorama AWS plugin? (Choose three.)

• A. Private DNS name
• B. Subnet ID
• C. IAM instance profile
• D. VPC ID
• E. Public DNS name

When implementing active-active high availability (HA), which feature must be configured to allow the HA pair to share a single IP address that may be used as the network's gateway IP address?

• A. ARP load sharing
• B. Floating IP address
• C. HSRP
• D. VRRP

What is the correct sequence of events for offloading by the Intelligent Traffic Offload (ITO) service?

• A. Sample packets sent to ITO > ITO instructs Smart NIC to inspect of bypass > Smart NIC sends rest of flow to VM-Series for inspection
• B. ITO instructs Smart NIC to inspect of bypass > Sample packets sent to ITO > Smart NIC forwards flow directly to destination
• C. Sample packets sent to ITO > ITO instructs Smart NIC to inspect of bypass > Smart NIC forwards flow directly to destination
• D. ITO instructs Smart NIC to inspect of bypass > Sample packets sent to ITO > Smart NIC sends rest of flow to VM-Series for inspection

With the Panorama plugin for VM-Series installed. Panorama can collect a predefined set of attributes from which services in Amazon Web Services (AWS) as tags and populate it in the VM-Series firewall?

• A. Load balancers
• B. VPCs
• C. Transit gateways
• D. EC2 instances

What needs to be configured to deploy VM-Series firewalls in Azure as an Active/Active High Availability (HA) pair?

• A. Active/Active HA is not supported in Azure
• B. HA3 Link
• C. Floating IP Address
• D. HA1 and HA2 Link

What are the three required ethernet interfaces to deploy the VM-Series in AWS as a centralized model? (Choose three.)

• A. Private interface for traffic to the GWLB
• B. Private interface for traffic from the GWLB
• C. Public interface for outbound traffic
• D. Public interface for inbound traffic
• E. Management interface

Which tool or actions should users employ to estimate the amount of flex credits for VM-Series and CN-Series deployment?

• A. Cloud NGFW for AWS Pricing Estimator
• B. Open up a support case
• C. Software NGFW Flex Credits Calculator
• D. Software NGFW Credit Estimator

Which two mechanisms could trigger a high availability (HA) failover event? (Choose two.)

• A. Heartbeat polling
• B. Ping monitoring
• C. Session polling
• D. Link monitoring