Study Guide for SE Data Center Professional Exam (PSE: Data Center – P) Version Control: 2015-‐10-‐15T10:04 Overview: This document is the Study Guide for the Palo Alto Networks Systems Engineer: Data Center – Professional Accreditation Exam, abbreviated as PSE: Data Center – P. Prerequisites: It’s expected that you will have met three prerequisites before attempting this exam: • • • You have passed the Palo Alto Networks Systems Engineer: Data Center – Associate Accreditation Exam, abbreviated as PSE: Data Center – A. You have passed the Palo Alto Networks Systems Engineer: Platform – Professional Accreditation Exam, abbreviated as PSE: Platform – P. You have completed a year of full-‐time experience as a Palo Alto Networks SE, either as a Palo Alto Networks employee SE or as a Partner employee SE. Exam Format: The test format is approximately 40 items, all multiple-‐choice. You will have 50 minutes to complete the items for English speaking, an additional 30 minutes for non-‐native English speakers. How to Take This Exam: The exam is available through the third-‐party Pearson VUE testing platform at http://www.pearsonvue.com/. Study and Exam Objectives: Here are the Learning Objectives and some Sample Questions for this exam. Each exam item is designed to test competence on a single Learning Objective. PAN-‐OS 7. but only with PAN-‐OS 7. and what is the minimum version of PAN-‐OS required to support them? A. Front-‐to-‐back airflow is standard. PAN-‐OS 6. A second SMC is standard. Sample Question: By increasing the number of vCPUs in a VM-‐Series firewall from 4 to 8.0 B. PAN-‐OS 6.0 and higher Answer: C Objective DP-‐020: I can design a customer's implementation of Palo Alto Networks products. Available 100Gbps interfaces. 12.0 Answer: F Objective DP-‐030: I can size Palo Alto Networks products to meet the customer's needs.0 E.1 F. PAN-‐OS 6. Eight D. Six C. A second LPC is standard. It depends upon whether the front-‐to-‐back airflow duct is in use. Answer: A Sample Question: In addition to the expanded capacity for NPCs. PAN-‐OS 7.1 C. C. B.0 D. 20.Objective DP-‐010: I can prepare a Bill of Materials (BoM). Sample Question: How many more NPCs can fit in a PA-‐7080 compared to a PA-‐7050? A. what else is improved in the PA-‐7080 over the PA-‐7050? A. Sample Question: What is the maximum number of QSFP+ interfaces that can be supported in a PA-‐7080. D. 20. 12. 12. by what factor is performance expected to increase? . Four B. 20. PAN-‐OS 6. C. and C Sample Question: What is the difference between static and dynamic tags? A. Static tags are part of the configuration on the firewall. but static tags do not. the operating system. PAN-‐OS 6. a PA-‐7080 is required. They enable the flexibility to apply different rules to the same server based on tags that define its role on the network. Performance will not increase Answer: D Objective DP-‐210: I can configure a PA-‐7050. Sample Question: Which of these statements is true about Dynamic Address Groups? A. B.8 C. The PA-‐7050 cannot support the second generation NPCs. D. B. and not operators.2 D. They allow you to create a policy that automatically adapts to changes—adds. or.1 or higher C. or the different kinds of traffic it processes. The filtering criteria uses logical and. PAN-‐OS 7. or deletions of servers. C. By approximately a factor of 1. Answer: A. Static tags exist. Dynamic tags exist. A dynamic address group uses tags as a filtering criterion to determine its members. The second generation NPCs must be installed in matched pairs. Answer: C Objective DP-‐220: I can configure tags and Dynamic Address Groups. By approximately a factor of 2 B. Sample Question: What is required to support the second generation NPCs on a PA-‐7050? A. but dynamic tags are part of the runtime configuration. B.A. . moves. By approximately a factor of 2. B. but dynamic tags do not.0 or higher D. The second VM-‐Series firewall should be in the same virtual machine so the HA3 connection does not have to travel over a physical connection. C. Custom C. Recommended B. Answer: C Objective DP-‐230: I understand and can configure HA on VM-‐Series firewalls. Low-‐latency E. Advanced Answer: A. The HA3 connection should traverse no more than a single virtual switch. Sample Question: Which statement is true regarding the HA3 interface on VM-‐Series firewalls in an HA configuration? A. 5 seconds Answer: B Objective DP-‐240: I can explain Software Defined Networks (SDN). There is no HA3 connection on a VM-‐Series firewall. Answer: D Sample Question: Which three of these are valid profiles for configuring HA timers? A. but dynamic tags are assigned by the firewall during runtime. Aggressive D. 100 milliseconds B. and E Sample Question: What is the default interval for the HA heartbeat?: A.D. C. 1000 milliseconds C. Static tags are hard coded into each VM. D. . The second VM-‐Series firewall should be in a different host and the HA3 connection should be over a dedicated high-‐speed link. 2 seconds D. B. html PA-‐7000 Series: PA-‐7050 Overview Page: https://www.com/products/platforms/firewalls/pa-‐ 7050/overview.html PA-‐7000 Series Data Sheet: https://www.html PA-‐7050 Rollout Campaign: https://paloaltonetworks.Objective DP-‐250: I can explain how VM-‐Series firewalls can integrate with orchestration tools.com/products/platforms/virtualized-‐firewalls/vm-‐ series/overview. Objective DP-‐260: I can configure a VM-‐Series firewall on supported virtualization platforms.com/resources/datasheets/pa-‐7000-‐series.com/resources/datasheets/product-‐summary-‐specsheet.com/content/dam/paloaltonetworks-‐ com/en_US/assets/pdf/technical-‐documentation/hardware-‐guides/PA-‐7050/PA-‐ 7050_Hardware_Guide.pdf VM-‐Series 7.paloaltonetworks.paloaltonetworks.pdf Virtualized Firewalls: Virtualized Firewalls Overview Page: https://www. Many exam items are taken verbatim from these resources.html VM-‐Series Datasheet: https://www.com/content/dam/paloaltonetworks-‐ com/en_US/assets/pdf/datasheets/vm-‐series/vm-‐series.paloaltonetworks. General: Product Summary Spec Sheet: https://paloaltonetworks.paloaltonetworks.paloaltonetworks. Study Resources: These are the study resources for this exam.html PA-‐7050 Hardware Reference Guide: https://www.com/content/campaigns/pa-‐7050/pa-‐7050/index.0 Documentation: . com/resources/techbriefs/vmware-‐nsx-‐solution-‐ brief.paloaltonetworks.com/resources/datasheets/pa-‐7000-‐series.html VM-‐Series for KVM Datasheet: https://www.com/resources/datasheets/vm-‐series-‐amazon-‐ web-‐services.paloaltonetworks.https://www.box.com/resources/datasheets/vm-‐series-‐kvm.app.html VM-‐Series on Specific Virtualization Platforms: VM-‐Series for VMware NSX Datasheet: https://www.html VM-‐Series for Citrix NetScaler SDX Datasheet: https://www.com/s/1vexf3eps9d23r8f80zo .html VM-‐Series for Amazon Web Services Datasheet: https://www.com/resources/datasheets/citrix-‐netscaler-‐ sdx.paloaltonetworks.paloaltonetworks.html Virtualization-‐Related Presentations and Recordings: https://paloaltonetworks.paloaltonetworks.