Which three types of security checks can Prisma Public Cloud perform? (Choose three.)
A. compliance where
B. network where
C. user where
D. config where
E. event where
Palo Alto Networks recommends which two options for outbound HA design in Amazon Web Services using VM-Series NGFW? (Choose two.)
A. iLB-as-next-hop
B. transit gateway and security VPC with VM-Series
C. traditional active/standby HA on VM-Series
D. transit VPC and security VPC with VM-Series
Which three features are not supported by VM-Series NGFWs on Azure Stack? (Choose three.)
A. Azure Application Insight
B. Resource Group
C. Azure Security Center
D. Bootstrapping
E. ARM Template
The VM-Series integration with Amazon GuardDuty feeds malicious IP addresses to the VM-Series NGFW using XML API to populate a Dynamic Address Group within a Security policy that blocks traffic. How does Amazon Web Services achieve this integration?
A. SNS
B. SQS
C. CodeDeploy
D. Lambda
Which two cloud providers support Load Balancers as next hop configurations for outbound connections? (Choose two.)
A. Google Cloud Platform
B. Microsoft Azure
C. Oracle Cloud
D. Amazon Web Services
Which RQL string searches for all EBS volumes that do not have a "DataClassification" tag?
A. config where api.name = 'aws-ec2-describe-volumes, AND json.rule = tags[*]key contains DataClassification
B. config where api.name = ,aws-ec2-describe-volumes' AND json.rule = tags[*]key != DataClassification
C. config where api.name = ,aws-ec2-describe-volumes' AND json.rule = tags[*].key exists
D. config where api.name = 'aws-ec2-describe-volumes' AND json.rule = tags[*].key = 1
What are the two options to dynamically register tags used by Dynamic Address Groups that are referenced in policy? (Choose two.)
A. VM Monitoring
B. External Dynamic List
C. CFT Template
D. XML API
The customer has an Amazon Web Services Elastic Computing Cloud that provides a service to the internet directly and needs to secure that cloud with a VM-Series NGFW. Which component handles address translation?
A. The server VMs have private use only (RFC 1918) IPs. Amazon's cloud infrastructure translates those addresses to publicly accessible IP addresses. The VM-Series NGFW has publicly accessible IP addresses.
B. The server VMs have private use only (RFC 1918) IPs. The VM-Series NGFW translates those addresses to publicly accessible IP addresses.
C. The server VMs and the VM-Series NGFW have private use only (RFC 1918) IPs. Amazons cloud infrastructure translates those addresses to publicly accessible IP addresses
D. The servers and VM-Series NGFW have publicly accessible IP addresses for management purposes.
Which two items are required when a VM-100 BYOL instance is upgraded to a VM-300 BYOL instance? (Choose two.)
A. UUID
B. new Auth Code
C. CPU ID
D. API Key
Which three services can Google Cloud Security Scanner assess? (Choose three.)
A. Google Kubernetes Engine
B. BigQuery
C. Compute Engine
D. App Engine
E. Google Virtual Private Cloud
What is Prisma Public Cloud licensing based on?
A. number of alerts generated
B. number of accounts onboarded
C. number of monitored workloads
D. volume of flow logs consumed
Which RQL string using network query attributes returns all traffic destined for Internet or for Suspicious IPs that also exceeds 1GB?
A. network where publicnetwork = ('Internet IPs', 'Suspicious IPs') AND bytes > 1000000000
B. network where dest.publicnetwork IN ('Internet IPs', 'Suspicious IPs') AND bytes > 1000000000
C. show traffic where destination.network = ('Internet IPs', 'Suspicious IPs') AND bytes > 1000000000
D. network where bytes > 1GB and destination = 'Internet IPs' OR 'Suspicious IPs'
What is required for an EC2 instance to access the internet directly from an AWS VPC?
A. Internet Gateway
B. Transit Gateway
C. Virtual Private Gateway
D. Customer Gateway
How can you modify a range of dates default policy in Prisma Public Cloud?
A. Override the value and commit the configuration.
B. Clone the existing policy and change the value.
C. Manually create the RQL statement.
D. Click the Gear icon next to the policy name to open the Edit Policy dialog
An administrator has deployed an AWS transit gateway and used multiple VPC spokes to segregate a multi-tier application. The administrator also created a security VPC with multiple VM-Series NGFWs in an active/active deployment model via ECMP using Amazon Web Services VPN-based attachments.
What must be configured on the firewall to avoid asymmetric routing?
A. source address translation
B. destination address translation
C. port address translation
D. source and destination address translation