Use VCE Exam Simulator to open VCE files
PCSFE Palo Alto Networks Practice Test Questions and Exam Dumps
Question No 1:
Which two subscriptions should be recommended to a customer who is deploying VM-Series firewalls to a private data center but is concerned about protecting data-center resources from malware and lateral movement? (Choose two.)
A. Intelligent Traffic Offload
B. Threat Prevention
C. WildFire
D. SD-WAN
Correct Answer: B, C
Explanation:
When deploying VM-Series firewalls in a private data center, customers often have specific concerns about advanced threats such as malware and lateral movement (which refers to the ability of threats to move from one compromised system to another within the network). To address these concerns, Palo Alto Networks offers a suite of security subscriptions that enhance the capabilities of the firewall beyond basic traffic filtering. The two subscriptions that are best suited to deal with these particular concerns are Threat Prevention and WildFire.
The Threat Prevention subscription is critical for any environment where malware and lateral movement are a concern. It enables the firewall to perform functions such as intrusion prevention (IPS), vulnerability protection, and protection against known exploits and command-and-control traffic. This subscription actively scans for and blocks threats attempting to traverse the network, and it plays a vital role in detecting and preventing lateral movement by recognizing suspicious activity or attack patterns associated with known threats. By blocking these threats at the network level, it stops them from spreading across internal systems.
The WildFire subscription, on the other hand, focuses on unknown threats, particularly zero-day malware. WildFire is a cloud-based threat analysis service that takes suspicious files and executes them in a controlled environment (sandbox) to determine if they are malicious. If a new malware variant is discovered, WildFire updates the firewall’s threat intelligence almost in real time, improving protection across all connected devices. This is particularly effective in protecting data centers where attackers may attempt to introduce unknown malware to compromise high-value assets. WildFire’s ability to detect and respond to emerging threats significantly reduces the risk of successful malware attacks.
The other two options, while valuable in their respective contexts, do not directly address the customer’s concerns:
A. Intelligent Traffic Offload (ITO) is designed to improve performance by redirecting certain types of traffic flows, often in large-scale data centers. It is not a threat detection or prevention service and does not help in stopping malware or lateral movement.
D. SD-WAN is a networking technology focused on optimizing wide-area network performance and simplifying branch connectivity. It does not provide threat detection or malware analysis capabilities and is not applicable to private data center deployments concerned with internal threats.
Therefore, to effectively protect data center resources from malware and lateral movement, the best recommendations are Threat Prevention and WildFire, which together offer both signature-based and behavior-based threat protection.
Question No 2:
Which two mechanisms could trigger a high availability (HA) failover event? (Choose two.)
A. Heartbeat polling
B. Ping monitoring
C. Session polling
D. Link monitoring
Correct Answer: B and D
Explanation:
High Availability (HA) is a configuration that ensures minimal service interruption in the event of a device or network failure. In HA systems, two or more devices are typically configured to work together so that if one fails, the other can immediately take over. Failover mechanisms are used to detect when such a failure occurs, and several detection techniques exist. In this context, the two correct mechanisms that can trigger a failover event are ping monitoring and link monitoring.
Let’s examine each option to determine its relevance:
A. Heartbeat polling: Heartbeat polling is a method of communication between HA devices to confirm they are both operational. Devices send regular "heartbeat" messages to each other to indicate that they are alive. However, heartbeat polling alone is typically used for status checking and coordination, rather than as a direct trigger for a failover. While it contributes to the HA process, the absence of heartbeat alone might not always be enough to trigger a failover, especially in more robust or complex configurations where other checks (like ping or link state) are also considered. Therefore, while important, heartbeat polling is not a primary trigger by itself.
B. Ping monitoring: This is a key mechanism used in HA configurations to detect failures. Ping monitoring involves continuously sending ICMP echo requests to a monitored IP address—often a gateway, internal server, or public IP—to verify network connectivity. If the primary device fails to receive a response within a defined number of attempts, it is considered a network failure, and this can trigger a failover. This ensures that the failover isn’t just due to device failure, but also loss of network connectivity.
C. Session polling: Session polling monitors active session states, typically to ensure session synchronization between primary and secondary devices. This is more commonly used to maintain session continuity after a failover occurs, not as a mechanism to trigger a failover. Its role is supportive and non-deterministic when it comes to initiating the failover process.
D. Link monitoring: This involves checking the physical or logical status of network interfaces. If an interface goes down (e.g., due to cable disconnection or port failure), link monitoring detects the fault and can immediately trigger a failover. This is particularly useful for identifying local failures, such as a disconnected uplink to the next hop or ISP router. Link monitoring is therefore one of the most direct and effective triggers for failover.
In summary, ping monitoring and link monitoring are both proactive methods used to determine network health and connectivity. They are explicitly designed to trigger HA failover events when predefined thresholds or error conditions are met. Heartbeat polling and session polling, on the other hand, are more passive and support-oriented mechanisms, making them less suitable as direct failover triggers. Therefore, the correct answers are B and D.
Question No 3:
Which technology allows for granular control of east-west traffic in a software-defined network?
A. Routing
B. Microsegmentation
C. MAC Access Control List
D. Virtualization
Correct Answer: B
Explanation:
In a software-defined network (SDN), managing internal network traffic—commonly referred to as east-west traffic—requires a level of control that goes beyond traditional perimeter-based security approaches. The correct answer here is microsegmentation, as it specifically provides granular control over traffic within the data center or virtual environment, enabling security policies to be applied at the workload or application level.
East-west traffic represents communication between systems or workloads within the same data center or cloud environment, such as between virtual machines (VMs), containers, or microservices. This is in contrast to north-south traffic, which is traffic flowing in and out of the data center to and from external networks. Traditional security mechanisms like firewalls are typically optimized for north-south traffic, and therefore they do not provide sufficient granularity for securing east-west traffic.
Microsegmentation is a network security technique that divides the data center or cloud environment into distinct security segments down to the individual workload level. Policies can then be tailored and enforced per segment or even per workload, ensuring that only authorized traffic can flow between them. For example, you could use microsegmentation to ensure that only a specific web server can communicate with a particular application server, and only on designated ports. This level of control greatly reduces the attack surface and prevents lateral movement within the network, a critical feature in stopping threats once they have breached the perimeter.
Now, consider the other options:
Routing is the process of directing traffic between different networks or subnets, usually based on IP addresses. While important in any network, routing doesn't inherently provide granular security controls. It determines how traffic flows, but not whether it should be allowed or denied based on detailed criteria such as application type, user identity, or VM state.
MAC Access Control List (MAC ACL) is a security feature used to control access based on device MAC addresses. While MAC ACLs can provide a basic layer of control, they are relatively coarse and inflexible, and not suitable for granular, dynamic environments like virtualized or cloud-native data centers where workloads can rapidly spin up and down. They also do not scale well in large environments and offer limited visibility into application-level traffic.
Virtualization is the technology that allows multiple virtual machines or containers to run on a single physical machine. While virtualization is foundational to cloud and SDN environments, it does not itself provide security or traffic control features. Instead, it creates the environment in which technologies like microsegmentation operate.
In summary, microsegmentation is the most appropriate technology for enabling detailed control over east-west traffic in a software-defined network. It enables organizations to enforce fine-grained security policies that follow workloads wherever they move within the data center or cloud, thereby improving both visibility and security posture.
Question No 4:
Which solution is best for securing an EKS environment?
A. VM-Series single host
B. CN-Series high availability (HA) pair
C. PA-Series using load sharing
D. API orchestration
Correct Answer: B
Explanation:
To determine the best solution for securing an Amazon Elastic Kubernetes Service (EKS) environment, it's important to consider the architecture of Kubernetes itself and the security technologies that are designed specifically for containerized workloads. Kubernetes environments, including EKS, are dynamic, distributed, and involve rapid scaling of containerized applications. As such, traditional firewall and perimeter-based security models often fall short in securing traffic within the cluster (east-west traffic), monitoring workloads, and enforcing granular network security policies.
The CN-Series is Palo Alto Networks’ next-generation firewall solution built specifically for Kubernetes and containerized environments. It integrates seamlessly into Kubernetes platforms such as EKS, providing Layer 7 security, microsegmentation, threat prevention, and visibility into container traffic within the cluster. When deployed as a high availability (HA) pair, the CN-Series ensures both resilience and continuous protection, allowing traffic inspection and policy enforcement even in the case of a failure or rescheduling of containers and pods.
The CN-Series is designed to operate as a Kubernetes-native solution, meaning it can be orchestrated using Kubernetes constructs, ensuring it fits smoothly into DevOps pipelines and autoscaling environments. It can also enforce Zero Trust principles by controlling traffic between microservices and monitoring application behavior for anomalies. This makes B (CN-Series HA pair) the most effective and scalable choice for securing an EKS deployment.
Let’s briefly consider why the other options are not ideal:
A. VM-Series single host: While the VM-Series is a powerful virtual firewall solution, it is not optimized for containerized environments like EKS. A single-host deployment would introduce scalability limitations and could become a bottleneck or single point of failure. Moreover, VM-Series is better suited for securing VPC traffic rather than intra-cluster Kubernetes traffic.
C. PA-Series using load sharing: The PA-Series is Palo Alto Networks’ physical firewall line and is most effective in traditional data center or perimeter security roles. It lacks the integration and automation necessary for Kubernetes environments. Moreover, hardware firewalls cannot be embedded within a Kubernetes cluster and thus cannot inspect east-west traffic between pods and services within EKS.
D. API orchestration: This is a vague option in the context of security. While API orchestration is useful for automating and managing infrastructure, it is not a security solution by itself. It does not provide visibility, threat prevention, or access control, which are all essential for securing a Kubernetes environment.
In conclusion, CN-Series in an HA pair is explicitly designed to secure Kubernetes environments like EKS, providing dynamic, scalable, and robust protection for containerized workloads. It supports native Kubernetes orchestration, integrates with cloud platforms, and offers advanced threat prevention capabilities. This makes B the best solution among the provided options.
Question No 5:
What components can a CN-Series firewall secure traffic between?
A. Host containers
B. Source applications
C. Containers
D. Pods
Correct Answer: D
Explanation:
The CN-Series firewall, developed by Palo Alto Networks, is specifically designed to address security in containerized environments such as those orchestrated by Kubernetes. It enables granular visibility and control over east-west traffic—i.e., traffic that flows laterally within the environment, such as between workloads inside a Kubernetes cluster. Among the components listed, pods are the most fundamental unit of deployment in Kubernetes and the actual runtime environment where containers live. Thus, the CN-Series firewall is most accurately described as securing traffic between pods.
A pod in Kubernetes is a logical host for one or more containers that share network and storage resources. Since multiple containers can run inside a pod and share the same IP address and port space, network security enforcement is most effective and relevant at the pod level rather than the individual container level. CN-Series firewalls integrate directly with the Kubernetes networking model to secure traffic between these pods, inspecting Layer 7 traffic, applying threat prevention, and providing visibility into communication patterns within the cluster.
Let’s analyze the other options to understand why they are not correct:
A. Host containers: This option is vague and doesn’t accurately reflect Kubernetes terminology. It may be interpreted as securing traffic between containers hosted on the same node, but CN-Series does not operate at this ambiguous level. The firewall is designed to function within the Kubernetes paradigm, where “pod” is the recognized network boundary.
B. Source applications: This is too broad and abstract. “Source applications” could refer to any application initiating traffic, whether inside or outside the cluster. While CN-Series can help secure application traffic, its core integration point and operational level are specifically defined in terms of Kubernetes constructs such as pods.
C. Containers: While containers are the components running application code, securing traffic directly between containers inside a pod is typically unnecessary because they share the same network namespace. CN-Series focuses on securing traffic between pods, where containers exist in separate runtime environments, making the enforcement of policies more effective and meaningful.
Therefore, D is the most accurate answer because the CN-Series firewall is purpose-built to monitor and control traffic at the pod level in containerized Kubernetes environments. This alignment with the pod-based architecture of Kubernetes allows for fine-grained security enforcement that is crucial for protecting modern microservices-based applications.
Question No 6:
Which feature offers real-time analysis powered by machine learning (ML) to protect against emerging and previously unknown threats?
A. Advanced URL Filtering (AURLF)
B. Cortex Data Lake
C. DNS Security
D. Panorama VM-Series plugin
Correct Answer: A
Explanation:
When evaluating which feature provides real-time threat analysis using machine learning (ML) to defend against new and unknown threats, it's important to understand the specific roles each feature plays in a cybersecurity ecosystem.
Advanced URL Filtering (AURLF) stands out as the correct answer because it incorporates machine learning at the core of its functionality to evaluate and classify web content in real time. It doesn't rely solely on static databases of known URLs. Instead, AURLF uses ML algorithms to perform inline analysis of web content, making it capable of identifying zero-day threats, phishing attempts, and other forms of malicious or suspicious behavior even if those URLs have not been previously categorized or seen. This proactive, real-time evaluation is essential for detecting and preventing threats that are unknown or newly emerging. By analyzing web page content, structure, and behavior dynamically, AURLF offers up-to-date, predictive protection.
Let’s break down why the other options are not correct in this context:
B. Cortex Data Lake is a secure, cloud-based storage solution that collects large volumes of data from Palo Alto Networks products. While it plays a crucial role in data aggregation and is used by analytics tools like Cortex XDR, it itself does not perform real-time ML-based threat prevention. It supports analysis, but indirectly—serving as a data source rather than a front-line defense.
C. DNS Security enhances traditional DNS with intelligence to block access to known malicious domains. Although it helps defend against threats like command-and-control (C2) communication and domain generation algorithms (DGAs), it primarily works by leveraging known indicators of compromise (IOCs) rather than performing real-time content inspection using machine learning. It’s more about threat intelligence integration than inline ML analysis.
D. Panorama VM-Series plugin is a management utility that allows Panorama to manage VM-Series firewalls. It extends Panorama’s capabilities to virtual environments and orchestrates configuration and policies. However, it does not directly perform real-time threat analysis or employ machine learning. Its function is management and policy enforcement, not dynamic threat detection.
In summary, Advanced URL Filtering is uniquely equipped among the options to analyze web content in real time using ML models. It provides the necessary mechanisms to prevent access to unknown or emerging threats by evaluating new URLs on-the-fly, which is essential in a cybersecurity landscape where static threat databases are no longer sufficient. Therefore, the correct answer is A.
Question No 7:
Which of the following can provide application-level security for a web-server instance on Amazon Web Services (AWS)?
A. VM-Series firewalls
B. Hardware firewalls
C. Terraform templates
D. Security groups
Correct Answer: A
Explanation:
When deploying a web server on Amazon Web Services (AWS), ensuring the security of that instance is a multi-layered process that spans infrastructure, network, and application layers. Among the options listed, only one provides true application-level security — and that is the VM-Series firewalls.
Let’s evaluate each option in the context of application-level protection:
A. VM-Series firewalls: These are virtualized versions of next-generation firewalls, such as those from Palo Alto Networks, and they are designed specifically to provide deep, application-level security in cloud environments like AWS. These firewalls can inspect traffic at Layer 7 (the application layer) and offer features such as application identification, user-based policies, threat prevention, URL filtering, and intrusion detection and prevention. They go beyond basic port/protocol filtering and can identify specific applications (like Skype, BitTorrent, etc.), block malicious payloads, and detect abnormal behavior in application traffic. Because of this, VM-Series firewalls are particularly well-suited for application-level security in AWS.
B. Hardware firewalls: While hardware firewalls can provide powerful protection in traditional on-premises networks, they are not applicable in the context of AWS, which is a virtualized environment. AWS does not support traditional hardware firewalls within its infrastructure. Instead, cloud-native or virtual appliances like the VM-Series are used. Furthermore, even when hardware firewalls are used, their primary focus is generally on network-level (Layer 3/4) traffic filtering, not deep application-level inspection.
C. Terraform templates: Terraform is an Infrastructure as Code (IaC) tool used to automate the provisioning of cloud infrastructure. While Terraform templates can be used to configure security resources such as virtual firewalls, security groups, IAM roles, and more, they themselves do not provide security. They define infrastructure, including policies or configurations that can enhance security, but they are not a security mechanism. In short, Terraform can deploy security tools, but it does not provide application-level protection.
D. Security groups: AWS security groups are virtual firewalls that operate at the instance level. They control inbound and outbound traffic based on IP addresses, ports, and protocols. However, they are limited to network-level security (Layer 3 and Layer 4) and do not provide any application-layer inspection or protections. For example, they can block or allow HTTP or HTTPS traffic, but they cannot inspect whether that traffic is part of a SQL injection attack or contains malware.
In conclusion, among all the options listed, VM-Series firewalls are the only ones that provide deep inspection and control at the application level. This makes A the correct answer. These firewalls are purpose-built for cloud environments and integrate well with AWS, providing comprehensive visibility and control over web application traffic. They enable organizations to enforce security policies based on the actual application and user identity, offering a much more granular and effective defense against threats compared to traditional network firewalls or basic AWS security controls.
Question No 8:
Which two statements apply to the VM-Series plugin? (Choose two.)
A. It can manage capabilities common to both VM-Series firewalls and hardware firewalls.
B. It can be upgraded independently of PAN-OS.
C. It enables management of cloud-specific interactions between VM-Series firewalls and supported public cloud platforms.
D. It can manage Panorama plugins.
Correct Answer: B, C
Explanation:
The VM-Series plugin is a critical component in Palo Alto Networks' virtualized firewall offerings, particularly when deploying in public and private cloud environments. Its purpose is to extend and enable cloud-specific capabilities for VM-Series firewalls that are not inherently part of the base PAN-OS functionality. The following explains the correct and incorrect choices in this context.
B is correct because the VM-Series plugin can indeed be upgraded independently of PAN-OS. This modular architecture allows organizations to update just the plugin to gain newer cloud-specific features or compatibility without needing to perform a full PAN-OS upgrade. This flexibility is beneficial in cloud environments where agility and rapid iteration are often required.
C is also correct because the VM-Series plugin is specifically designed to manage cloud-specific functionality that enables the VM-Series firewall to integrate properly with supported public cloud platforms like AWS, Azure, and Google Cloud. For example, it handles aspects such as retrieving cloud metadata, tagging resources, associating dynamic address groups with cloud instances, and working with cloud automation templates. Without the plugin, the VM-Series would lack essential interactions required for smooth deployment and operation in cloud environments.
A is incorrect because the VM-Series plugin is specialized for virtualized environments and does not manage or influence features common to both virtual and physical (hardware) firewalls. Common functionality is handled by PAN-OS itself, which is the shared operating system across Palo Alto’s physical and virtual firewall platforms. The plugin does not extend capabilities to hardware appliances or attempt to bridge features between virtual and physical form factors.
D is incorrect because the VM-Series plugin does not manage Panorama plugins. Panorama is Palo Alto Networks’ centralized management platform, and it has its own plugin infrastructure to support things like SD-WAN or cloud services. These Panorama plugins are managed within the Panorama environment itself and are separate from the VM-Series plugin, which is installed and used on individual VM-Series firewalls.
In conclusion, the VM-Series plugin plays a crucial role in adapting Palo Alto Networks’ virtual firewalls to the specific requirements of cloud deployments. It enables advanced integrations with cloud service provider APIs and supports agile deployment practices. Its ability to be upgraded independently of PAN-OS gives administrators more control and flexibility in managing cloud-centric capabilities, which are not needed in traditional hardware firewall environments. Therefore, B and C are the two statements that accurately describe the functionality and use of the VM-Series plugin.
Question No 9:
What can software next-generation firewall (NGFW) credits be used to provision?
A. Remote browser isolation
B. Virtual Panorama appliances
C. Migrating NGFWs from hardware to VMs
D. Enablement of DNS security
Correct Answer: C
Explanation:
Software next-generation firewall (NGFW) credits are a flexible licensing mechanism that allow organizations to deploy and manage NGFW functionality across virtual environments, cloud infrastructure, or on-premises systems without being tied to a specific hardware appliance. These credits are typically part of a consumption-based model that decouples firewall capabilities from physical devices, enabling greater agility, scalability, and cost-efficiency in modern network architectures.
Let’s evaluate each option:
A. Remote browser isolation refers to a security approach that physically separates the browsing process from the endpoint device. This is typically delivered as part of a Secure Web Gateway or cloud-delivered security service, not directly associated with NGFW software credits. While it enhances endpoint and browser security, it falls outside the provisioning scope of NGFW software credits.
B. Virtual Panorama appliances are used for centralized management of Palo Alto Networks’ firewalls, providing configuration, logging, and policy enforcement at scale. While Panorama is essential for managing NGFW environments, software NGFW credits are not used to provision Panorama itself. Panorama typically requires separate licensing and is not part of the core NGFW provisioning process using credits.
C. Migrating NGFWs from hardware to VMs is precisely what software NGFW credits are designed to facilitate. Organizations that previously relied on hardware appliances can use these credits to transition their firewall deployments into virtualized formats, whether in private data centers, hybrid environments, or public cloud platforms such as AWS, Azure, or GCP. This supports cloud adoption and network transformation initiatives, allowing firewall services to be deployed dynamically where they are most needed. The software credits enable the provisioning of VM-Series firewalls, which provide the same Layer 7 traffic inspection, threat prevention, application awareness, and user-based policy enforcement found in physical NGFWs.
D. Enablement of DNS security is a feature-level enhancement that adds additional protections to DNS resolution by integrating with threat intelligence and blocking malicious domains. While this is a valuable capability, it typically requires a separate subscription or feature license and is not directly provisioned through software NGFW credits. NGFW software credits are primarily concerned with the deployment and scale of firewall instances rather than individual security services.
In summary, the primary function of software NGFW credits is to enable flexible deployment of firewall functionality in software form factors, especially during migration from traditional hardware appliances to virtualized or cloud-based environments. This makes C the most accurate and comprehensive answer to the question.
Question No 10:
How is network traffic routed to a Palo Alto Networks firewall when it's integrated into a Cisco ACI environment?
A. By using contracts between endpoint groups that send traffic to the firewall using a shared policy
B. Through a virtual machine (VM) monitor domain
C. Through a policy-based redirect (PBR)
D. By creating an access policy
Correct Answer: C
Explanation:
When integrating a Palo Alto Networks firewall into a Cisco Application Centric Infrastructure (ACI) environment, traffic redirection and service insertion are typically accomplished using policy-based redirect (PBR). Cisco ACI's architecture allows for advanced network automation and segmentation by defining endpoint groups (EPGs) and associating them through policies. However, sending traffic through a next-generation firewall like Palo Alto Networks requires specific mechanisms for redirection and inspection, and this is where PBR becomes essential.
Policy-Based Redirect (PBR) is a feature in Cisco ACI that enables traffic to be redirected to a service device, such as a firewall or load balancer, for inspection or other processing, based on policy rules. These rules are applied as part of the service graph configuration. When an administrator integrates a Palo Alto firewall into ACI, they typically define a service graph that includes the firewall as a service node. Then, through contracts associated with the EPGs, ACI can apply a PBR policy to redirect selected traffic flows to the firewall.
Let’s examine why the other options are incorrect:
A. While contracts between endpoint groups are a foundational element in Cisco ACI for controlling communication between EPGs, they do not in themselves perform the redirection to the firewall. Contracts define what type of traffic is allowed or denied between EPGs, but they require service graphs and PBR to actually redirect that traffic through a third-party device like a firewall. Thus, A only partially addresses the mechanism and is not the complete or correct answer.
B. Virtual machine monitor (VMM) domains in Cisco ACI refer to integration with hypervisors like VMware vSphere or Microsoft Hyper-V. They allow ACI to extend policy and visibility into virtual environments but are not used for directing traffic to service appliances like firewalls. Therefore, B is unrelated to the process of redirecting traffic to a Palo Alto firewall.
D. Access policies in ACI govern how the physical interfaces, port channels, and other access elements are configured and connected. These policies do not perform traffic redirection or dictate traffic flow through service appliances. Hence, D is also incorrect.
The correct process for directing traffic through a Palo Alto Networks firewall within Cisco ACI involves using service graphs, contracts, and most importantly, policy-based redirect (PBR). The PBR configuration in the service graph enables traffic that matches certain criteria to be sent to the firewall for inspection or processing. This approach provides the necessary control, visibility, and enforcement mechanisms within the ACI fabric and is essential in achieving advanced security and compliance objectives.
Therefore, among the given options, the only one that accurately and comprehensively reflects the mechanism used to direct traffic to the firewall is C.
Top Training Courses
SY0-701
CompTIA Security+
$14.99
AZ-104
Microsoft Azure Administrator
$14.99
200-301
Cisco Certified Network Associate (CCNA)
$14.99
AWS Certified Solutions Architect - Associate SAA-C03
AWS Certified Solutions Architect - Associate SAA-C03
$14.99
AZ-305
Designing Microsoft Azure Infrastructure Solutions
$14.99
PL-300
Microsoft Power BI Data Analyst
$14.99
350-401
Implementing Cisco Enterprise Network Core Technologies (ENCOR)
$14.99
AZ-900
Microsoft Azure Fundamentals
$14.99
CS0-003
CompTIA CySA+ (CS0-003)
$14.99
CISSP
Certified Information Systems Security Professional
$14.99
