Question 1

Which software firewall would help a prospect interested in securing an environment with Kubernetes?

AML-Series

BCN-Series

CKN-Series

DVM-Series

Answer : B

The CN-Series firewalls are purpose-built for securing Kubernetes environments. They provide network security, visibility, and threat prevention specifically tailored to containerized applications and microservices running in Kubernetes.

Palo Alto Networks CN-Series Overview

Question 2

What is a benefit of network runtime security?

AIt removes vulnerabilities that have been baked into containers.

BIt more narrowly focuses on one security area and requires careful customization, integration, and maintenance.

CIt is siloed to enhance workload security.

DIt identifies unknown vulnerabilities that cannot be identified by known Common Vulnerability and Exposure (CVE) lists.

Answer : D

Identifying Unknown Vulnerabilities:

Network runtime security is beneficial because it can identify unknown vulnerabilities that are not listed in known CVE lists. This type of security focuses on monitoring the behavior of applications and containers in real-time, which helps detect anomalies and potential threats that static analysis might miss.

Palo Alto Networks Runtime Security Guide

Question 3

How does Prisma Cloud Compute offer workload security at runtime?

AIt quarantines containers that demonstrate increased CPU and memory usage.

BIt automatically patches vulnerabilities and compliance issues for every container and service.

CIt works with the identity provider (IdP) to identify overprivileged containers and services, and it restricts network access.

DIt automatically builds an allow-list security model for every container and service.

Answer : D

Allow-list Security Model:

Prisma Cloud Compute provides runtime security by automatically creating an allow-list security model for each container and service. This model ensures that only expected and authorized behaviors are allowed, effectively preventing unauthorized activities.

Prisma Cloud Compute Runtime Security

Question 4

Which component scans for threats in allowed traffic?

ASecurity profiles

BNAT

CIntelligent Traffic Offload

DTLS decryption

Answer : A

Security Profiles:

Security profiles in Palo Alto Networks firewalls are used to scan for threats in allowed traffic. These profiles include features such as Antivirus, Anti-Spyware, Vulnerability Protection, URL Filtering, and others that inspect traffic and detect potential threats.

Palo Alto Networks Security Profiles

Question 5

Which two configuration options does Palo Alto Networks recommend for outbound high availability (HA) design in Amazon Web Services using a VM-Series firewall? (Choose two.)

ATraditional active-active HA

BTransit gateway and Security VPC

CTraditional active-passive HA

DTransit VPC and Security VPC

Answer : B, D

Transit Gateway and Security VPC:

Using a transit gateway in conjunction with a Security VPC is a recommended design for outbound high availability (HA) in AWS. This configuration ensures that traffic can be routed efficiently and securely through the VM-Series firewalls deployed in the Security VPC.

Palo Alto Networks AWS Design Guide

Transit VPC and Security VPC:

Another recommended approach is to use a Transit VPC along with a Security VPC. The Transit VPC provides a centralized routing hub, while the Security VPC hosts the VM-Series firewalls to inspect and secure outbound traffic.

Palo Alto Networks AWS Transit VPC Guide

Free Practice Questions for Palo Alto Networks PSE-SoftwareFirewall Exam

Question 1

Question 2

Question 3

Question 4

Question 5