PSE-StrataDC Palo Alto Networks System Engineer Professional - Strata Data Center Questions and Answers

Partner Service

Boot Strap

Prism Central

Tier-1 insertion

Tier-0 insertion

Allow configuration of at least one interface

OpenStack compute node could be installed on a hypervisor platform

Accept the VM-Series OVA image

Set Instance type OS::Nova Server

HA1 backup link in active/active HA

HA1 link in active/passive HA

HA3 link in active/active HA

HA2 link in active/passive HA

works with the IDP to identify over-privileged containers and services and restricts network access

quarantines containers that demonstrate increased CPU and memory usage

automatically patches vulnerabilities and compliance issues for every container and service

builds a whitelist security model automatically for every container and service

Developers typically define the processes used in their containers within the Dockerfile

Docker has a built-in runtime analysis capability to aid in whitelisting.

Containers typically have only a few defined processes that should ever be executed.

Operations teams typically know what processes are used within a container

PA-3050

VM-100

VM-300

PA-3250

PA-7050

When the organization requires a greater number of sessions

When the environment has a need for more SFP+ interfaces

When the organization requires gear with a smaller slot size.

When the environment has a need for more policy rules.

VRLAN

VXLAN

GRE

VMLAN

deployed on same type of hypervisor

allocate identical CPU cores and network interfaces

assigned identical licenses and subscriptions

deployed on a different host

configured asymmetric routing

a full set of APIs enabling programmatic control of policy and configuration

NVGRE support for advanced VLAN integration

integration with leading orchestration platforms: VMware NSX. OpenStack. and Cisco ACI

Dynamic Address Groups to adapt Security policies dynamically

VXLAN support for network-layer abstraction

does not integrate with VXLAN tagging, so virtual appliances cannot be provided, but hardware appliances can be offered at the data center gateway border

integrates with VXLAN. but scripting is necessary, and Professional Services should be engaged

integrates fully into VXLAN architectures if they are provided by VMware

does not integrate natively with VXLAN tagging, network equipment can convert VXLAN flows to VLANs and send those VLANs to Palo Alto Networks firewalls

can use a Palo Alto Networks NGFW for this requirement, but not a port filter firewall.

can use either a Palo Alto Networks NGFW or a port filler firewall for this requirement.

can use a port filter firewall for this requirement but not the Palo Alto Networks NGFW.

can use a specialized VM with advanced threat protection for this requirement

Virtual Wire

TAP

Layer 2

Layer 3

Arista and VMware are extending secure segmentation with an open API (RESTZJSON)-based exchange, which allows NSX to federate with CloudVision to extend the micro-segmentation policy for physical workloads.

Arista and Kubernetes are extending secure segmentation with an open API (RESTVJSON)-based exchange, which allows Kubernetes to federate with CloudVision to extend the micro-segmentation policy for physical workloads.

Arista's micro-segmentation and macro-segmentation are identical concepts that can be used interchangeably

Arista and VMware both perform identical functions for NGFW micro-segmentation

Swift creates the storage resources.

Nova creates the firewall instance.

Horizon

Neutron creates the network resources.