Free Paloalto Networks PSE-StrataDC Practice Exam with Questions & Answers | Set: 2

Yes, containers do not have unique vulnerabilities.

No, you should do vulnerability analysis only against the running containers, which are vulnerable.

Yes, you are ensuring that the images the containers are based on are secure.

No, you need to do analysis in the CI system, in the registry, and against instantiated containers

Mirantis OpenStack distribution

Nuage VSP SDN controller

VMWare NSX for OpenStack

Cisco ACI

Contrail SDN controller

does not integrate with VXLAN tagging, so virtual appliances cannot be provided, but hardware appliances can be offered at the data center gateway border

integrates with VXLAN. but scripting is necessary, and Professional Services should be engaged

integrates fully into VXLAN architectures if they are provided by VMware

does not integrate natively with VXLAN tagging, network equipment can convert VXLAN flows to VLANs and send those VLANs to Palo Alto Networks firewalls

Aperture Orchestration Engine (AOE)

Support for Dynamic Address Groups

Fully instrumented API

VM Orchestration Policy Editor

Developers typically define the processes used in their containers within the Dockerfile

Docker has a built-in runtime analysis capability to aid in whitelisting.

Containers typically have only a few defined processes that should ever be executed.

Operations teams typically know what processes are used within a container

by creating an access policy

through a policy-based redirect (PBR)

contracts between EPGs that send traffic to the firewall using a shared policy

through a virtual machine monitor (VMM) domain

one per virtual network

one per vCenter server

one per SaaS application in use

one per ESXi host

IP addresses of Firewall interfaces will move between devices when a firewall fails

The 2 firewalls are in Active-Standby HA status

Firewalls use dynamic routing protocols to determine the best path

Floating IP addresses are necessary for HA configuration