Exam PSE-SWFW-Pro-24 Topic 1 Question 28 Discussion
Actual exam question for Palo Alto Networks's PSE-SWFW-Pro-24 exam
Question #: 28
Topic #: 1
Question #: 28
Topic #: 1
When using VM-Series firewall bootstrapping, which three methods can be used to install licensed content, including antivirus, applications, and threats? (Choose three.)
Suggested Answer: A,B,D Vote an answer
VM-Series bootstrapping allows for automated initial configuration. Several methods exist for installing licensed content.
Why A, B, and D are correct:
A . Panorama 10.2 or later to use the content auto push feature: Panorama can push content updates to bootstrapped VM-Series firewalls automatically, streamlining the process. This requires Panorama 10.2 or later.
B . Complete bootstrapping and either Azure Blob storage or Amazon S3 bucket: You can store the content updates in cloud storage (like S3 or Azure Blob) and configure the VM-Series to retrieve and install them during bootstrapping.
D . Custom-AMI or Azure VM image, with content preloaded: Creating a custom image with the desired content pre-installed is a valid approach. This is particularly useful for consistent deployments.
Why C and E are incorrect:
C . Content-Security-Policy update URL in the init-cfg.txt file: The init-cfg.txt file is used for initial configuration parameters, not for direct content updates. While you can configure the firewall to check for updates after bootstrapping, you don't put the actual content within the init-cfg.txt file.
E . Panorama software licensing plugin: The Panorama software licensing plugin is for managing licenses, not for pushing content updates during bootstrapping.
Palo Alto Networks Reference:
VM-Series Deployment Guides (AWS, Azure, GCP): These guides detail the bootstrapping process and the various methods for installing content updates.
Panorama Administrator's Guide: The Panorama documentation describes the content auto-push feature.
These resources confirm that Panorama auto-push, cloud storage, and custom images are valid methods for content installation during bootstrapping.
.
Why A, B, and D are correct:
A . Panorama 10.2 or later to use the content auto push feature: Panorama can push content updates to bootstrapped VM-Series firewalls automatically, streamlining the process. This requires Panorama 10.2 or later.
B . Complete bootstrapping and either Azure Blob storage or Amazon S3 bucket: You can store the content updates in cloud storage (like S3 or Azure Blob) and configure the VM-Series to retrieve and install them during bootstrapping.
D . Custom-AMI or Azure VM image, with content preloaded: Creating a custom image with the desired content pre-installed is a valid approach. This is particularly useful for consistent deployments.
Why C and E are incorrect:
C . Content-Security-Policy update URL in the init-cfg.txt file: The init-cfg.txt file is used for initial configuration parameters, not for direct content updates. While you can configure the firewall to check for updates after bootstrapping, you don't put the actual content within the init-cfg.txt file.
E . Panorama software licensing plugin: The Panorama software licensing plugin is for managing licenses, not for pushing content updates during bootstrapping.
Palo Alto Networks Reference:
VM-Series Deployment Guides (AWS, Azure, GCP): These guides detail the bootstrapping process and the various methods for installing content updates.
Panorama Administrator's Guide: The Panorama documentation describes the content auto-push feature.
These resources confirm that Panorama auto-push, cloud storage, and custom images are valid methods for content installation during bootstrapping.
.
by Harlan at May 27, 2025, 02:05 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).