Question #1
Which three solutions does Strata Cloud Manager (SCM) support? (Choose three.)
- A . Prisma Cloud
- B . CN-Series firewalls
- C . Prisma Access
- D . PA-Series firewalls
- E . VM-Series firewalls
Correct Answer: B, D, E
B, D, E
Explanation:
Strata Cloud Manager (SCM) is designed to simplify the management and operations of Palo Alto Networks next-generation firewalls. It provides centralized management and visibility across various deployment models.
Based on official Palo Alto Networks documentation, SCM directly supports the following firewall platforms:
B. CN-Series firewalls: SCM is used to manage containerized firewalls deployed in Kubernetes environments. It facilitates tasks like policy management, upgrades, and monitoring for CN-Series firewalls. This is clearly documented in Palo Alto Networks’ CN-Series documentation and SCM administration guides.
D. PA-Series firewalls: SCM provides comprehensive management capabilities for hardware-based PA-Series firewalls. This includes tasks like device onboarding, configuration management, software updates, and log analysis. This is a core function of SCM and is extensively covered in their official documentation.
E. VM-Series firewalls: SCM also supports VM-Series firewalls deployed in various public and private cloud environments. It offers similar management capabilities as for PA-Series, including configuration, policy enforcement, and lifecycle management. This is explicitly mentioned in Palo Alto Networks’ VM-Series and SCM documentation.
Why other options are incorrect:
B, D, E
Explanation:
Strata Cloud Manager (SCM) is designed to simplify the management and operations of Palo Alto Networks next-generation firewalls. It provides centralized management and visibility across various deployment models.
Based on official Palo Alto Networks documentation, SCM directly supports the following firewall platforms:
B. CN-Series firewalls: SCM is used to manage containerized firewalls deployed in Kubernetes environments. It facilitates tasks like policy management, upgrades, and monitoring for CN-Series firewalls. This is clearly documented in Palo Alto Networks’ CN-Series documentation and SCM administration guides.
D. PA-Series firewalls: SCM provides comprehensive management capabilities for hardware-based PA-Series firewalls. This includes tasks like device onboarding, configuration management, software updates, and log analysis. This is a core function of SCM and is extensively covered in their official documentation.
E. VM-Series firewalls: SCM also supports VM-Series firewalls deployed in various public and private cloud environments. It offers similar management capabilities as for PA-Series, including configuration, policy enforcement, and lifecycle management. This is explicitly mentioned in Palo Alto Networks’ VM-Series and SCM documentation.
Why other options are incorrect:
Question #2
A company has created a custom application that collects URLs from various websites and then lists bad sites. They want to update a custom URL category on the firewall with the URLs collected.
Which tool can automate these updates?
- A . Dynamic User Groups
- B . SNMP SET
- C . Dynamic Address Groups
- D . XMLAPI
Correct Answer: D
D
Explanation:
The scenario describes a need for programmatic and automated updating of a custom URL category on a Palo Alto Networks firewall. The XML API is specifically designed for this kind of task. It allows external systems and scripts to interact with the firewall’s configuration and operational data.
Here’s why the XML API is the appropriate solution and why the other options are not:
D. XML API: The XML API provides a well-defined interface for making changes to the firewall’s configuration. This includes creating, modifying, and deleting URL categories and adding or removing URLs within those categories. A script can be written to retrieve the list of "bad sites" from the company’s application and then use the XML API to push those URLs into the custom URL category on the firewall. This process can be automated on a schedule. This is the most efficient and recommended method for this type of integration.
Why other options are incorrect:
D
Explanation:
The scenario describes a need for programmatic and automated updating of a custom URL category on a Palo Alto Networks firewall. The XML API is specifically designed for this kind of task. It allows external systems and scripts to interact with the firewall’s configuration and operational data.
Here’s why the XML API is the appropriate solution and why the other options are not:
D. XML API: The XML API provides a well-defined interface for making changes to the firewall’s configuration. This includes creating, modifying, and deleting URL categories and adding or removing URLs within those categories. A script can be written to retrieve the list of "bad sites" from the company’s application and then use the XML API to push those URLs into the custom URL category on the firewall. This process can be automated on a schedule. This is the most efficient and recommended method for this type of integration.
Why other options are incorrect:
Question #3
What are three benefits of Palo Alto Networks VM-Series firewalls as they relate to direct integration with third-party network virtualization solution providers? (Choose three.)
- A . Integration with Cisco ACI allows insertion of a virtual firewall and enforcement of dynamic policies between endpoint groups without the need for manual policy adjustments.
- B . Integration with a third-party network virtualization solution allows management and deployment of the entire virtual network and hosts directly from Panorama.
- C . Integration with Nutanix AHV allows the firewall to be dynamically informed of changes in the environment and ensures policy is applied to virtual machines (VMs) as they join the network.
- D . Integration with VMware NSX provides comprehensive visibility and security of all virtualized data center traffic including intra-host ESXi virtual machine (VM) communications.
- E . Integration with network virtualization solution providers allows manual deployment and management of firewall rules through multiple interfaces and front ends specific to each technology.
Correct Answer: A, C, D
A, C, D
Explanation:
The question focuses on the benefits of VM-Series firewalls concerning direct integration with third-party network virtualization solutions.
A, C, D
Explanation:
The question focuses on the benefits of VM-Series firewalls concerning direct integration with third-party network virtualization solutions.
Question #4
Which three statements describe common characteristics of Cloud NGFW and VM-Series offerings? (Choose three.)
- A . In Azure, both offerings can be integrated directly into Virtual WAN hubs.
- B . In Azure and AWS, both offerings can be managed by Panorama.
- C . In AWS, both offerings can be managed by AWS Firewall Manager.
- D . In Azure, inbound destination NAT configuration also requires source NAT to maintain flow symmetry.
- E . In Azure and AWS, internal (east-west) flows can be inspected without any NAT.
Correct Answer: B, D, E
B, D, E
Explanation:
This question asks about common characteristics of Cloud NGFW (specifically referring to Cloud NGFW for AWS and Azure) and VM-Series firewalls.
B. In Azure and AWS, both offerings can be managed by Panorama. This is correct. Panorama is the centralized management platform for Palo Alto Networks firewalls, including both VM-Series and Cloud NGFW deployments in AWS and Azure. Panorama allows for consistent policy management, logging, and reporting across these different deployment models.
D. In Azure, inbound destination NAT configuration also requires source NAT to maintain flow symmetry. This is accurate specifically within the Azure environment. Due to how Azure networking functions, when performing destination NAT (DNAT) for inbound traffic to resources behind a firewall (whether VM-Series or Cloud NGFW), it’s typically necessary to also implement source NAT (SNAT) to ensure return traffic follows the same path. This maintains flow symmetry and prevents routing issues. This is an Azure networking characteristic, not specific to the Palo Alto offerings themselves, but it applies to both in Azure.
E. In Azure and AWS, internal (east-west) flows can be inspected without any NAT. This is generally true. For traffic within the same Virtual Network (Azure) or VPC (AWS), both VM-Series and Cloud NGFW can inspect traffic without requiring NAT. This is a key advantage for microsegmentation and internal security. The firewalls can act as transparent security gateways for internal traffic.
Why other options are incorrect:
B, D, E
Explanation:
This question asks about common characteristics of Cloud NGFW (specifically referring to Cloud NGFW for AWS and Azure) and VM-Series firewalls.
B. In Azure and AWS, both offerings can be managed by Panorama. This is correct. Panorama is the centralized management platform for Palo Alto Networks firewalls, including both VM-Series and Cloud NGFW deployments in AWS and Azure. Panorama allows for consistent policy management, logging, and reporting across these different deployment models.
D. In Azure, inbound destination NAT configuration also requires source NAT to maintain flow symmetry. This is accurate specifically within the Azure environment. Due to how Azure networking functions, when performing destination NAT (DNAT) for inbound traffic to resources behind a firewall (whether VM-Series or Cloud NGFW), it’s typically necessary to also implement source NAT (SNAT) to ensure return traffic follows the same path. This maintains flow symmetry and prevents routing issues. This is an Azure networking characteristic, not specific to the Palo Alto offerings themselves, but it applies to both in Azure.
E. In Azure and AWS, internal (east-west) flows can be inspected without any NAT. This is generally true. For traffic within the same Virtual Network (Azure) or VPC (AWS), both VM-Series and Cloud NGFW can inspect traffic without requiring NAT. This is a key advantage for microsegmentation and internal security. The firewalls can act as transparent security gateways for internal traffic.
Why other options are incorrect:
Question #5
When registering a software NGFW to the deployment profile without internet access (i.e., offline registration), what information must be provided in the customer support portal?
- A . Authcode and serial number of the VM-Series firewall
- B . Hypervisor installation ID and software version
- C . Number of data plane and management plane interfaces
- D . CPUID and UUID of the VM-Series firewall
Correct Answer: A
A
Explanation:
The question is about offline registration of a software NGFW (specifically VM-Series) when there’s no internet connectivity.
A
Explanation:
The question is about offline registration of a software NGFW (specifically VM-Series) when there’s no internet connectivity.
Question #6
Which capability, as described in the Securing Applications series of design guides for VM-Series firewalls, is common across Azure, GCP, and AWS?
- A . BGP dynamic routing to peer with cloud and on-premises routers
- B . GlobalProtect portal and gateway services
- C . Horizontal scalability through cloud-native load balancers
- D . Site-to-site VPN
Correct Answer: C
C
Explanation:
The question asks about a capability common to VM-Series deployments across Azure, GCP, and AWS, as described in the "Securing Applications" design guides.
C. Horizontal scalability through cloud-native load balancers: This is the correct answer. A core concept in cloud deployments, and emphasized in the "Securing Applications" guides, is using cloud-native load balancers (like Azure Load Balancer, Google Cloud Load Balancing, and AWS Elastic Load Balancing) to distribute traffic across multiple VM-Series firewall instances. This provides horizontal scalability, high availability, and fault tolerance. This is common across all three major cloud providers.
Why other options are incorrect:
C
Explanation:
The question asks about a capability common to VM-Series deployments across Azure, GCP, and AWS, as described in the "Securing Applications" design guides.
C. Horizontal scalability through cloud-native load balancers: This is the correct answer. A core concept in cloud deployments, and emphasized in the "Securing Applications" guides, is using cloud-native load balancers (like Azure Load Balancer, Google Cloud Load Balancing, and AWS Elastic Load Balancing) to distribute traffic across multiple VM-Series firewall instances. This provides horizontal scalability, high availability, and fault tolerance. This is common across all three major cloud providers.
Why other options are incorrect:
Question #7
A company that purchased software NGFW credits from Palo Alto Networks has made a decision on the number of virtual machines (VMs) and licenses they wish to deploy in AWS cloud.
How are the VM licenses created?
- A . Access the AWS Marketplace and use the software NGFW credits to purchase the VMs.
- B . Access the Palo Alto Networks Application Hub and create a new VM profile.
- C . Access the Palo Alto Networks Customer Support Portal and request the creation of a new software NGFW serial number.
- D . Access the Palo Alto Networks Customer Support Portal and create a software NGFW credits deployment profile.
Correct Answer: D
D
Explanation:
The question focuses on how VM licenses are created when a company has purchased software NGFW credits and wants to deploy VM-Series firewalls in AWS.
D. Access the Palo Alto Networks Customer Support Portal and create a software NGFW credits deployment profile. This is the correct answer. The process starts in the Palo Alto Networks Customer Support Portal. You create a deployment profile that specifies the number and type of VM-Series licenses you want to deploy. This profile is then used to activate the licenses on the actual VM-Series instances in AWS.
Why other options are incorrect:
D
Explanation:
The question focuses on how VM licenses are created when a company has purchased software NGFW credits and wants to deploy VM-Series firewalls in AWS.
D. Access the Palo Alto Networks Customer Support Portal and create a software NGFW credits deployment profile. This is the correct answer. The process starts in the Palo Alto Networks Customer Support Portal. You create a deployment profile that specifies the number and type of VM-Series licenses you want to deploy. This profile is then used to activate the licenses on the actual VM-Series instances in AWS.
Why other options are incorrect:
Question #8
What is the primary purpose of the pan-os-python SDK?
- A . To create a Python-based firewall that is compatible with the latest PAN-OS
- B . To replace the PAN-OS web interface with a Python-based interface
- C . To automate the deployment of PAN-OS firewalls by using Python
- D . To provide a Python interface to interact with PAN-OS firewalls and Panorama
Correct Answer: D
D
Explanation:
The question asks about the primary purpose of the pan-os-python SDK.
D. To provide a Python interface to interact with PAN-OS firewalls and Panorama: This is the correct
answer. The pan-os-python SDK (Software Development Kit) is designed to allow Python scripts and
applications to interact programmatically with Palo Alto Networks firewalls (running PAN-OS) and
Panorama. It provides functions and classes that simplify tasks like configuration management,
monitoring, and automation.
Why other options are incorrect:
D
Explanation:
The question asks about the primary purpose of the pan-os-python SDK.
D. To provide a Python interface to interact with PAN-OS firewalls and Panorama: This is the correct
answer. The pan-os-python SDK (Software Development Kit) is designed to allow Python scripts and
applications to interact programmatically with Palo Alto Networks firewalls (running PAN-OS) and
Panorama. It provides functions and classes that simplify tasks like configuration management,
monitoring, and automation.
Why other options are incorrect:
Question #9
Which use case is valid for Strata Cloud Manager (SCM)?
- A . Provisioning and licensing new CN-Series firewall deployments
- B . Providing AI-Powered ADEM for all Prisma Access users
- C . Supporting pre PAN-OS 10.1 SD-WAN migrations to SCM
- D . Providing API-driven plugin framework for integration with third-party ecosystems
Correct Answer: D
D
Explanation:
The question asks about the primary purpose of the pan-os-python SDK.
D. To provide a Python interface to interact with PAN-OS firewalls and Panorama: This is the correct
answer. The pan-os-python SDK (Software Development Kit) is designed to allow Python scripts and
applications to interact programmatically with Palo Alto Networks firewalls (running PAN-OS) and
Panorama. It provides functions and classes that simplify tasks like configuration management,
monitoring, and automation.
Why other options are incorrect:
D
Explanation:
The question asks about the primary purpose of the pan-os-python SDK.
D. To provide a Python interface to interact with PAN-OS firewalls and Panorama: This is the correct
answer. The pan-os-python SDK (Software Development Kit) is designed to allow Python scripts and
applications to interact programmatically with Palo Alto Networks firewalls (running PAN-OS) and
Panorama. It provides functions and classes that simplify tasks like configuration management,
monitoring, and automation.
Why other options are incorrect:
Question #10
What are three components of Cloud NGFW for AWS? (Choose three.)
- A . Cloud NGFW Resource
- B . Local or Global Rulestacks
- C . Cloud NGFW Inspector
- D . Amazon S3 bucket
- E . Cloud NGFW Tenant
Correct Answer: A, B, C
A, B, C
Explanation:
Cloud NGFW for AWS is a Next-Generation Firewall as a Service. Its key components work together to provide comprehensive network security.
A, B, C
Explanation:
Cloud NGFW for AWS is a Next-Generation Firewall as a Service. Its key components work together to provide comprehensive network security.
Question #11
Which three methods may be used to deploy CN-Series firewalls? (Choose three.)
- A . Terraform templates
- B . Panorama plugin for Kubernetes
- C . YAML file
- D . Helm charts
- E . Docker Swarm
Correct Answer: ACD
ACD
Explanation:
The CN-Series firewalls are containerized firewalls designed to protect Kubernetes environments.
They offer several deployment methods to integrate with Kubernetes orchestration.
ACD
Explanation:
The CN-Series firewalls are containerized firewalls designed to protect Kubernetes environments.
They offer several deployment methods to integrate with Kubernetes orchestration.
Question #12
What are two benefits of using a Palo Alto Networks NGFW in a public cloud environment? (Choose two.)
- A . Complete security solution for the public cloud provider’s physical host regardless of security measures
- B . Automatic scaling of NGFWs to meet the security needs of growing applications and public cloud environments
- C . Ability to manage the public cloud provider’s physical hosts
- D . Consistent Security policy to inbound, outbound, and east-west network traffic throughout the multi-cloud environment
Correct Answer: B, D
B, D
Explanation:
Using a Palo Alto Networks Next-Generation Firewall (NGFW) in a public cloud environment offers several key advantages related to security and scalability:
B, D
Explanation:
Using a Palo Alto Networks Next-Generation Firewall (NGFW) in a public cloud environment offers several key advantages related to security and scalability:
Question #13
Which three tools are available to customers to facilitate the simplified and/or best-practice configuration of Palo Alto Networks Next-Generation Firewalls (NGFWs)? (Choose three.)
- A . Telemetry to ensure that Palo Alto Networks has full visibility into the firewall configuration
- B . Day 1 Configuration through the customer support portal (CSP)
- C . Policy Optimizer to help identify and recommend Layer 7 policy changes
- D . Expedition to enable the creation of custom threat signatures
- E . Best Practice Assessment (BPA) in Strata Cloud Manager (SCM)
Correct Answer: CDE
CDE
Explanation:
Palo Alto Networks provides several tools to simplify NGFW configuration and ensure best practices are followed:
CDE
Explanation:
Palo Alto Networks provides several tools to simplify NGFW configuration and ensure best practices are followed:
Question #14
Which two statements accurately describe cloud-native load balancing with Palo Alto Networks VM-Series firewalls and/or Cloud NGFW in public cloud environments? (Choose two.)
- A . Cloud NGFW’s distributed architecture model requires deployment of a single centralized firewall and will force all traffic to the firewall across pre-built VPN tunnels.
- B . VM-Series firewall deployments in the public cloud will require the deployment of a cloud-native load balancer if high availability (HA) or redundancy is needed.
- C . Cloud NGFW in AWS or Azure has load balancing built into the underlying solution and does not require the deployment of a separate load balancer.
- D . VM-Series firewall load balancing is automated and is handled by the internal mechanics of the NGFW software without the need for a load balancer.
Correct Answer: B, C
B, C
Explanation:
Cloud-native load balancing with Palo Alto Networks firewalls in public clouds involves understanding the distinct approaches for VM-Series and Cloud NGFW:
B, C
Explanation:
Cloud-native load balancing with Palo Alto Networks firewalls in public clouds involves understanding the distinct approaches for VM-Series and Cloud NGFW:
Question #15
What three benefits does flex licensing for VM-Series firewalls offer? (Choose three.)
- A . Licensing additional memory resources to increase session capacity
- B . Licensing Strata Cloud Manager, Panorama with Dedicated Log Collectors, and CDSS per deployment profile
- C . Using a pool of credits for both CN-Series firewall and VM-Series firewall deployment profiles
- D . Moving credits between public and private cloud VM-Series firewall deployments
- E . Vertically scaling the number of licensed cores in an existing fixed deployment profile
Correct Answer: C, D, E
C, D, E
Explanation:
Flex licensing provides flexibility in how you consume Palo Alto Networks firewall capabilities, especially in cloud environments:
C, D, E
Explanation:
Flex licensing provides flexibility in how you consume Palo Alto Networks firewall capabilities, especially in cloud environments:
Question #16
A partner has successfully showcased and validated the efficacy of the Palo Alto Networks software firewall to a customer.
Which two additional partner-delivered or Palo Alto Networks-delivered common options can the sales team offer to the customer before the sale is completed? (Choose two.)
- A . Hardware collection and recycling services by Palo Alto Networks or by an approved NextWave Partner for the customer’s existing firewall infrastructure
- B . Professional services delivered by Palo Alto Networks or by an approved Certified Professional Services Partner (CPSP) for deployment assistance or QuickStart
- C . Network encryption services (NES) delivered by an approved NES partner to ensure none of the data traversed is readable by third-party entities
- D . Managed services delivered by an approved Managed Security Services Program (MSSP) partner for day-to-day management of the environment
Correct Answer: B, D
B, D
Explanation:
After a successful software firewall demonstration, the sales team can offer additional services to facilitate the customer’s adoption and ongoing management:
B, D
Explanation:
After a successful software firewall demonstration, the sales team can offer additional services to facilitate the customer’s adoption and ongoing management:
Question #17
Which three resources can help conduct planning and implementation of Palo Alto Networks NGFW solutions? (Choose three.)
- A . Technical assistance center (TAC)
- B . Partners / systems Integrators
- C . Professional services
- D . Proof of Concept Labs
- E . QuickStart services
Correct Answer: B, C, E
B, C, E
Explanation:
Several resources are available to assist with planning and implementing Palo Alto Networks NGFW solutions:
B, C, E
Explanation:
Several resources are available to assist with planning and implementing Palo Alto Networks NGFW solutions:
Question #18
A company wants to make its flexible-license VM-Series firewall, which runs on ESXi, process higher throughput.
Which order of steps should be followed to minimize downtime?
- A . Increase the vCPU within the deployment profile.
Retrieve or fetch license keys on the VM-Series NGFW.
Power-off the VM and increase the vCPUs within the hypervisor.
Power-on the VM-Series NGFW.
Confirm the correct tier level and vCPU appear on the NGFW dashboard. - B . Power-off the VM and increase the vCPUs within the hypervisor.
Power-on the VM-Series NGFW.
Retrieve or fetch license keys on the VM-Series NGFW.
Increase the vCPU within the deployment profile.
Confirm the correct tier level and vCPU appear on the NGFW dashboard. - C . Power-off the VM and increase the vCPUs within the hypervisor.
Increase the vCPU within the deployment profile.
Retrieve or fetch license keys on the VM-Series NGFW.
Confirm the correct tier level and vCPU appear on the NGFW dashboard.
Power-on the VM-Series NGFW. - D . Increase the vCPU within the deployment profile.
Retrieve or fetch license keys on the VM-Series NGFW.
Confirm the correct tier level and vCPU appear on the NGFW dashboard.
Power-off the VM and increase the vCPUs within the hypervisor.
Power-on the VM-Series NGFW.
Correct Answer: A
A
Explanation:
To minimize downtime when increasing throughput on a flexible-license VM-Series firewall running on ESXi, the following steps should be taken:
Increase the vCPU within the deployment profile: This is the first step. By increasing the vCPU allocation in the licensing profile, you prepare the license system for the change. This does not require a VM reboot.
Retrieve or fetch license keys on the VM-Series NGFW: After adjusting the licensing profile, the firewall needs to retrieve the updated license information to reflect the new vCPU allocation. This can be done via the web UI or CLI and usually does not require a reboot.
Power-off the VM and increase the vCPUs within the hypervisor: Now that the license is prepared, the VM can be powered off, and the vCPUs can be increased within the ESXi hypervisor settings. Power-on the VM-Series NGFW: After increasing the vCPUs in the hypervisor, power on the VM. The firewall will now use the allocated resources and the updated license.
Confirm the correct tier level and vCPU appear on the NGFW dashboard: Finally, verify in the firewall’s web UI or CLI that the correct license tier and vCPU count are reflected.
This order minimizes downtime because the licensing changes are handled before the VM is
rebooted.
Reference: While not explicitly documented in a single, numbered step list, the concepts are covered in the VM-Series deployment guides and licensing documentation:
VM-Series Deployment Guides: These guides explain how to configure vCPUs and licensing. Flex Licensing Documentation: This explains how license allocation works with vCPUs. These resources confirm that adjusting the license profile before the VM reboot is crucial for minimizing downtime.
A
Explanation:
To minimize downtime when increasing throughput on a flexible-license VM-Series firewall running on ESXi, the following steps should be taken:
Increase the vCPU within the deployment profile: This is the first step. By increasing the vCPU allocation in the licensing profile, you prepare the license system for the change. This does not require a VM reboot.
Retrieve or fetch license keys on the VM-Series NGFW: After adjusting the licensing profile, the firewall needs to retrieve the updated license information to reflect the new vCPU allocation. This can be done via the web UI or CLI and usually does not require a reboot.
Power-off the VM and increase the vCPUs within the hypervisor: Now that the license is prepared, the VM can be powered off, and the vCPUs can be increased within the ESXi hypervisor settings. Power-on the VM-Series NGFW: After increasing the vCPUs in the hypervisor, power on the VM. The firewall will now use the allocated resources and the updated license.
Confirm the correct tier level and vCPU appear on the NGFW dashboard: Finally, verify in the firewall’s web UI or CLI that the correct license tier and vCPU count are reflected.
This order minimizes downtime because the licensing changes are handled before the VM is
rebooted.
Reference: While not explicitly documented in a single, numbered step list, the concepts are covered in the VM-Series deployment guides and licensing documentation:
VM-Series Deployment Guides: These guides explain how to configure vCPUs and licensing. Flex Licensing Documentation: This explains how license allocation works with vCPUs. These resources confirm that adjusting the license profile before the VM reboot is crucial for minimizing downtime.
Question #19
A Cloud NGFW for Azure can be deployed to which two environments? (Choose two.)
- A . Azure Kubernetes Service (AKS)
- B . Azure Virtual WAN
- C . Azure DevOps
- D . Azure VNET
Correct Answer: B, D
B, D
Explanation:
Cloud NGFW for Azure is designed to secure network traffic within and between Azure environments:
B, D
Explanation:
Cloud NGFW for Azure is designed to secure network traffic within and between Azure environments:
Question #20
Which three statements describe benefits of Palo Alto Networks Cloud-Delivered Security Services (CDSS) over other vendor solutions? (Choose three.)
- A . Individually targeted products provide better security than platform solutions.
- B . Multi-vendor best-of-breed products provide security coverage on a per-use-case basis.
- C . It requires no additional performance overhead when enabling additional features.
- D . It provides simplified management through fewer consoles for more effective security coverage.
- E . It significantly reduces the total cost of ownership for the customer.
Correct Answer: C, D, E
C, D, E
Explanation:
Palo Alto Networks Cloud-Delivered Security Services (CDSS) offer several advantages over other security solutions:
C, D, E
Explanation:
Palo Alto Networks Cloud-Delivered Security Services (CDSS) offer several advantages over other security solutions: