Updated Sep-2021 Test Engine or PDF for the Palo Alto Networks PSE-PrismaCloud test to help you quickly prepare for the Palo Alto Networks exam!
Full PSE-PrismaCloud Practice Test and 62 unique questions with explanations waiting just for you, get it now!
NEW QUESTION 23
What is the default capacity license of a VM-Series NGFW being deployed from the Google Cloud Platform Marketplace?
- A. VM-100
- B. VM-300
- C. VM-GCP
- D. VM-500
Answer: B
Explanation:
Explanation
https://docs.paloaltonetworks.com/vm-series/8-1/vm-series-deployment/set-up-the-vm-series-firewall-on-google
NEW QUESTION 24
Which two cloud providers support Load Balancers as next hop configurations for outbound connections?
(Choose two.)
- A. Oracle Cloud
- B. Amazon Web Services
- C. Microsoft Azure
- D. Google Cloud Platform
Answer: C,D
NEW QUESTION 25
When protecting against attempts to exploit client-side and server-side vulnerabilities, what is the Palo Alto Networks best practice when using NGFW VulnerabilityProtection Profiles?
- A. Use the default Vulnerability Protection Profile to protect servers from all known critical, high, and medium-severity threats
- B. Clone the predefined Strict Profile, with packet capture settings enabled
- C. Clone the predefined Strict Profile, with packet capture settings disabled
- D. Use the default Vulnerability Protection Profile to protect clients from all known critical, high, and medium-severity threats
Answer: B
NEW QUESTION 26
Which regulatory framework in Prisma Public Cloud measures compliance with EU data privacy regulations in Amazon Web Services workloads?
- A. ISO 27001
- B. EU Data Protection Directive 95/46/EC
- C. Payment Card Industry 3.0
- D. GDPR
Answer: B
NEW QUESTION 27
Which three types of security checks can Prisma Public Cloud perform? (Choose three.)
- A. network where
- B. config where
- C. compliance where
- D. user where
- E. event where
Answer: A,C,E
NEW QUESTION 28
What is the scope of the Amazon Web Services 1AM Service?
- A. regional
- B. VPC
- C. global
- D. zonal
Answer: C
NEW QUESTION 29
Which two items are required when a VM-100 BYOL instance is upgraded to a VM-300 BYOL instance?
(Choose two.)
- A. CPU ID
- B. new Auth Code
- C. API Key
- D. UUID
Answer: B,C
Explanation:
Explanation
In a public cloud deployment, if your firewall is licensed with the BYOL option, you must Deactivate VM before you change the instance type or VM type and apply the license again on the firewall after you complete the model or instance upgrade. When you change the instance type, because the firewall has a new UUID and CPU ID, the existing license will no longer be valid.
https://docs.paloaltonetworks.com/vm-series/9-0/vm-series-deployment/about-the-vm-series-firewall/upgrade-th
NEW QUESTION 30
A customer has deployed a VM-Series NGFW on Amazon Web Services using a PAYG license. What is the sequence required by the customer to switch to a BYOL license?
Answer:
Explanation:
NEW QUESTION 31
How is license utilization displayed within the Prisma Public Cloud interface?
- A. navigate to Dashboard > Asset Inventory
- B. navigate to the CLI and run show license command
- C. navigate to Settings (via the gear icon) > Licensing
- D. navigate to General > Licensing
Answer: C
NEW QUESTION 32
What are the two options to dynamically register tags used by Dynamic Address Groups that are referenced in policy? (Choose two.)
- A. CFT Template
- B. XML API
- C. VM Monitoring
- D. External Dynamic List
Answer: B,C
Explanation:
Explanation
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/policy/monitor-changes-in-the-virtual-environment/
NEW QUESTION 33
How can you create a custom compliance standard in Prisma Public Cloud?
- A. Generate a new Compliance Report.
- B. From Compliance tab > Compliance Standards, click "Add New."
- C. From Compliance tab, clone a default framework and customize.
- D. Create compliance framework in a spreadsheet then import into Prisma Public Cloud.
Answer: B
Explanation:
Explanation
https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-compliance/create-a-c
NEW QUESTION 34
The customer has an Amazon Web Services Elastic Computing Cloud that provides a service to the internet directly and needs to secure that cloud with a VM-Series NGFW.
Which component handles address translation?
- A. The server VMs have private use only (RFC 1918) IPs. Amazon's cloud infrastructure translates those addresses to publicly accessible IP addresses. The VM-Series NGFW has publicly accessible IP addresses.
- B. The server VMs have private use only (RFC 1918) IPs. The VM-Series NGFW translates those addresses to publicly accessible IP addresses.
- C. The server VMs and the VM-Series NGFW have private use only (RFC 1918) IPs. Amazons cloud infrastructure translates those addresses to publicly accessible IP addresses
- D. The servers and VM-Series NGFW have publicly accessible IP addresses for management purposes.
Answer: C
NEW QUESTION 35
Which RQL string returns a list of all Azure virtual machines that are not currently running?
- A. config where api.name = 'azure-vm-list' AND json.rule = powerState = "running"
- B. config where api.name = 'azure-vm-list' AND json.rule = powerState does not contain "running"
- C. config where api.name = 'azure-vm-list' AND json.rule = powerState = "off'
- D. config where api.name = 'azure-vm-list' AND json.rule = powerState contains "running"
Answer: D
NEW QUESTION 36
Prisma Public Cloud enables compliance monitoring and reporting by mapping which configurations to compliance standards?
- A. notification templates
- B. alert rules
- C. RQL queries
- D. policies
Answer: D
NEW QUESTION 37
Based on the diagram, how many routes will the virtual gateway advertise to the on-premises NGFW over the Amazon Web Services Direct Connect link?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: B
NEW QUESTION 38
In which two ways does Palo Alto Networks VM orchestration help service providers automatically provision security instances and policies? (Choose two.)
- A. fully instrumented API
- B. support for Dynamic Address Groups
- C. Aperture Orchestration Engine
- D. VM Orchestration Policy Editor
Answer: A,B
NEW QUESTION 39
What are two examples of Amazon Web Services logging services? (Choose two.)
- A. CloudWatch
- B. CloudLog
- C. CIoudTrail
- D. CloudEvent
Answer: A,C
NEW QUESTION 40
Which three services can Google Cloud Security Scanner assess? (Choose three.)
- A. Compute Engine
- B. App Engine
- C. Google Kubernetes Engine
- D. BigQuery
- E. Google Virtual Private Cloud
Answer: A,B,C
NEW QUESTION 41
What are three examples of outbound traffic flow? (Choose three.)
- A. Microsoft Windows inside Azure requesting a security patch
- B. issue apt-get install command on an instance inside Amazon Web Services
- C. outgoing Prisma Public Cloud API calls
- D. web server inside Amazon Web Services receiving web requests from internet
- E. issue yum update command on an instance inside Amazon Web Services
Answer: A,B,C
NEW QUESTION 42
Palo Alto Networks recommends which two options for outbound HA design in Amazon Web Services using VM-Series NGFW? (Choose two.)
- A. iLB-as-next-hop
- B. transit gateway and security VPC with VM-Series
- C. traditional active/standby HA on VM-Series
- D. transit VPC and security VPC with VM-Series
Answer: C,D
NEW QUESTION 43
Which two statements are true about CloudFormation? (Choose two.)
- A. CloudFormation templates can be used on both Amazon Web Services and Microsoft Azure
- B. CloudFormation is a declarative orchestration tool.
- C. CloudFormation is a procedural configuration management tool.
- D. CloudFormation templates can be written in JSON or YAML
Answer: A,D
NEW QUESTION 44
......
Get Latest PSE-PrismaCloud Dumps Exam Questions: https://drive.google.com/open?id=1Uw4M3rY4MFCgaie9m74mHUnRsy9aBpKn
Full PSE-PrismaCloud Practice Test and 62 unique questions with explanations waiting just for you, get it now: https://www.exam4docs.com/PSE-PrismaCloud-study-questions.html
