PSE-SoftwareFirewall無料問題集「Palo Alto Networks Systems Engineer (PSE): Software Firewall Professional」

質問 1

A customer in a VMware ESXi environment wants to add a VM-Series firewall and partition an existing group of virtual machines (VMs) in the same subnet into two groups. One group requires no additional security, but the second group requires substantially more security.
How can this partition be accomplished without editing the IP addresses or the default gateways of any of the guest VMs?

（A）Create a Layer 3 interface in the same subnet as the VMs and then configure proxy Address Resolution Protocol (ARP).

（B）Edit the IP address of all of the affected VMs.

（C）Create a new virtual switch and use the VM-Series firewall to separate virtual switches using virtual wire mode. Then move the guests that require more security into the new virtual switch.

（D）Send the VLAN out of the virtual environment into a hardware Palo Alto Networks firewall in Layer 3 mode. Use the same IP address as the old default gateway, then delete it.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

What helps avoid split brain in active-passive high availability (HA) pair deployment?

（A）Using the management interface as the HA1 backup link

（B）Enabling preemption on both firewalls in the HA pair

（C）Using a standard traffic interface as the HA2 backup

（D）Using a standard traffic interface as the HA3 link

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

When implementing active-active high availability (HA), which feature must be configured to allow the HA pair to share a single IP address that may be used as the network's gateway IP address?

（A）HSRP

（B）VRRP

（C）Floating IP address

（D）ARP load sharing

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

A CN-Series firewall can secure traffic between which elements?

（A）Containers

（B）Host containers

（C）Source applications

（D）Pods

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

Which component allows the flexibility to add network resources but does not require making changes to existing policies and rules?

（A）Content-ID

（B）Dynamic address group

（C）External dynamic list (EDL)

（D）App-ID

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

What is a design consideration for a prospect who wants to deploy VM-Series firewalls in an Amazon Web Services (AWS) environment?

（A）Resources are shared within the cluster.

（B）Special AWS plugins are needed for load balancing.

（C）Only active-passive high availability (HA) is supported.

（D）High availability (HA) clusters are limited to fewer than 8 virtual appliances.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

Which two valid components are used in installation of a VM-Series firewall in an OpenStack environment?
(Choose two.)

（A）VM-Series VHD image

（B）VM-Series qcow2 image

（C）OpenStack heat template in YAML Ain't Markup Language (YAML) format

（D）OpenStack heat template in JSON format

正解：B、C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

PSE-SoftwareFirewall 無料問題集「Palo Alto Networks Systems Engineer (PSE): Software Firewall Professional」

弊社を連絡する

関連リンク

トップ試験