PSE-SWFW-Pro-24 Exam Dumps : Palo Alto Networks SystemsEngineer Professional - Software Firewall

The question focuses on how VM licenses are created when a company has purchased software NGFW credits and wants to deploy VM-Series firewalls in AWS.

D. Access the Palo Alto Networks Customer Support Portal and create a software NGFW credits deployment profile.This is the correct answer. The process starts in the Palo Alto Networks Customer Support Portal. You create a deployment profile that specifies the number and type of VM-Series licenses you want to deploy. This profile is then used to activate the licenses on the actual VM-Series instances in AWS.

Why other options are incorrect:

A. Access the AWS Marketplace and use the software NGFW credits to purchase the VMs.Youdodeploy the VM-Series instances from the AWS Marketplace (or through other deployment methods like CloudFormation templates), but you don't "purchase" the licenses there. The credits are managed separately through the Palo Alto Networks Customer Support Portal. The Marketplace deployment is for theVM instance itself, not the license.

B. Access the Palo Alto Networks Application Hub and create a new VM profile.The Application Hub is not directly involved in the license creation process. It's more focused on application-level security and content updates.

C. Access the Palo Alto Networks Customer Support Portal and request the creation of a new software NGFW serial number.You don't request individual serial numbers for each VM. The deployment profile manages the allocation of licenses from your pool of credits. While each VMwill havea serial number once deployed, you don't request them individually during this stage. The deployment profile ties the licenses to thedeployment, not individual serial numbers ahead of deployment.

Palo Alto Networks References:

The Palo Alto Networks Customer Support Portal documentation and the VM-Series Deployment Guide are the primary references. Search the support portal (live.paloaltonetworks.com) for "software NGFW credits," "deployment profile," or "VM-Series licensing."

The documentation will describe the following general process:

Purchase software NGFW credits.

Log in to the Palo Alto Networks Customer Support Portal.

Create a deployment profile, specifying the number and type of VM-Series licenses (e.g., VM-Series for AWS, VM-Series for Azure, etc.) you want to allocate from your credits.

Deploy the VM-Series instances in your cloud environment (e.g., from the AWS Marketplace).

Activate the licenses on the VM-Series instances using the deployment profile.

This process confirms that creating a deployment profile in the customer support portal is the correct way to manage and allocate software NGFW licenses.

Credit-based flexible licensing provides flexibility in deploying and managing Palo Alto Networks software firewalls. Let's analyze the options:

A. Create virtual Panoramas:While Panorama can manage software firewalls, credit-based licensing is primarily focused on the firewalls themselves (VM-Series, CN-Series, Cloud NGFW), not on Panorama. Panorama has its own licensing model.

B. Add Cloud-Delivered Security Services (CDSS) subscriptions to CN-Series firewalls:This is aVALIDbenefit. Credit-based licensing allows customers to use credits to enable CDSS subscriptions (like Threat Prevention, URL Filtering, WildFire) on CN-Series firewalls. This provides flexibility in choosing and applying security services as needed.

Cloud NGFW for AWS supports two primary deployment models:

A. Hierarchical:This is not a standard deployment model for Cloud NGFW for AWS. Hierarchical typically refers to a parent-child relationship in management, which isn't the core focus of the Cloud NGFW's deployment models.

B. Centralized:This is aVALIDdeployment model. In a centralized deployment, the Cloud NGFW is deployed in a central VPC (often a Transit Gateway VPC) and inspects traffic flowing between different VPCs and on-premises networks. This provides a single point of control for security policies.