Which two statements are true about CloudFormation? (Choose two.)
- A . CloudFormation is a procedural configuration management tool.
- B . CloudFormation templates can be used on both Amazon Web Services and Microsoft Azure
- C . CloudFormation templates can be written in JSON or YAML
- D . CloudFormation is a declarative orchestration tool.
Which framework in Prisma Public Cloud can be used to provide general best practices when no specific legal requirements or regulatory standards need to be met?
- A . HIPAA
- B . CIS Benchmark
- C . Payment Card Industry DSS V3
- D . GDPR
An Azure VNet has the IP network 10.0.0.0/16 with two subnets, 10.0.1.0/24 (used for web servers) and 10.0.2.0/24 (used for database servers).
Which is a valid IP address to manage the VM-Series NGFW?
- A . 10.0.1.254
- B . 10.0.2.1
- C . 10.0.3.255
- D . 10.0.3.1
Which option is true about VM-Series NGFW templates available from the Palo Alto Networks GitHub repository?
- A . Palo Alto Networks provides full support if a valid support license is in place.
- B . Support for the templates is available through Professional Services from Palo Alto Networks.
- C . Unless otherwise noted, these templates are released under an as-is. best effort support policy.
- D . The author of the template provides full support as long as the PAN-OS version specific to the template is supported.
A client has a sensitive internet-facing application server in Microsoft Azure and is concerned about resource exhaustion because of distributed denial-of-service attacks.
What can be configured on the VM-Series firewall to specifically protect this server against this type of attack?
- A . Custom threat signature
- B . Zone Protection Profile
- C . QoS Profile to limit incoming requests
- D . DoS Protection Profile with specific session counts
How can you modify a range of dates default policy in Prisma Public Cloud?
- A . Override the value and commit the configuration.
- B . Clone the existing policy and change the value.
- C . Manually create the RQL statement.
- D . Click the Gear icon next to the policy name to open the Edit Policy dialog
Which three methods can provide application-level security for a web server instance on Amazon Web Services? (Choose three.)
- A . Traps
- B . Prisma SaaS
- C . Amazon Web Services WAF
- D . VM-Series firewalls
- E . Security Groups
Palo Alto Networks recommends which two options for outbound HA design in Amazon Web Services using VM-Series NGFW? (Choose two.)
- A . iLB-as-next-hop
- B . transit gateway and security VPC with VM-Series
- C . traditional active/standby HA on VM-Series
- D . transit VPC and security VPC with VM-Series
What are two examples of Amazon Web Services logging services? (Choose two.)
- A . CloudLog
- B . CloudEvent
- C . CloudWatch
- D . CIoudTrail
What configuration on AWS is required in order for VM-Series to forward traffic between its network interfaces?
- A . Both Source and Destination Checks are disabled
- B . Both Source and Destination Checks are enabled
- C . Source Check is disabled and Destination Check is enabled
- D . Source Check is enabled and Destination Check is disabled
A
Explanation:
https://docs.paloaltonetworks.com/vm-series/9-0/vm-series-deployment/set-up-the-vm-series-firewall-on-aws/use-case-secure-the-ec2-instances-in-the-aws-cloud
How can you use Prisma Public Cloud to identify Amazon EC2 instances that have been tagged as "Private?
- A . Create an RQL config query to identify resources with the tag "Private."
- B . Create an RQL network query to identify traffic from resources tagged "Private."
- C . Open the Asset Dashboard, filter on tags: and choose "Private."
- D . Generate a CIS compliance report and review the "Asset Summary."
Which two cloud providers support Load Balancers as next hop configurations for outbound connections? (Choose two.)
- A . Google Cloud Platform
- B . Microsoft Azure
- C . Oracle Cloud
- D . Amazon Web Services
What are two ways to enable interface swap when deploying a VM-Series NGFW in Google Cloud Platform? (Choose two.)
- A . run the PAN-OS CLI command: set system mgmt-interface-swap enable yes
- B . run the PAN-OS CLI command: set system mgmt-interface-swap setting enable yes
- C . create a bootstrap file that includes the mgmt-interface-swap command
- D . in the Google Cloud Console Metadata Field, enter a key-value pair where mgmt-interface-swap is the key and enable is the value
C,D
Explanation:
https://docs.paloaltonetworks.com/vm-series/8-1/vm-series-deployment/set-up-the-vm-series-firewall-on-google-cloud-platform/deploy-the-vm-series-firewall-on-google-cloud/management-interface-mapping-for-google-internal-load-balancing.html