aiotestking uk

PCNSE7 Exam Questions - Online Test


PCNSE7 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

We provide in two formats. Download PDF & Practice Tests. Pass Paloalto Networks PCNSE7 Exam quickly & easily. The PCNSE7 PDF type is available for reading and printing. You can print more and practice many times. With the help of our product and material, you can easily pass the PCNSE7 exam.

Free PCNSE7 Demo Online For Microsoft Certifitcation:

NEW QUESTION 1
What must be used in Security Policy Rule that contain addresses where NAT policy applies?

  • A. Pre-NAT addresse and Pre-NAT zones
  • B. Post-NAT addresse and Post-Nat zones
  • C. Pre-NAT addresse and Post-Nat zones
  • D. Post-Nat addresses and Pre-NAT zones

Answer: C

NEW QUESTION 2
A session in the Traffic log is reporting the application as “incomplete.” What does “incomplete” mean?

  • A. The three-way TCP handshake was observed, but the application could not be identified.
  • B. The three-way TCP handshake did not complete.
  • C. The traffic is coming across USP, and the application could not be identified.
  • D. Data was received but was instantly discarded because of a Deny policy was applied before App-ID could be applied.

Answer: C

NEW QUESTION 3
A customer wants to set up a VLAN interface for a Layer 2 Ethernet port.
Which two mandatory options are used to configure a VLAN interface? (Choose two.)

  • A. Virtual router
  • B. Security zone
  • C. ARP entries
  • D. Netflow Profile

Answer: BD

NEW QUESTION 4
A firewall administrator is troubleshooting problems with traffic passing through the Palo Alto Networks firewall. Which method shows the global counters associated with the traffic after configuring the appropriate packet filters?

  • A. From the CLI, issue the show counter global filter pcap yes command.
  • B. From the CLI, issue the show counter global filter packet-filter yes command.
  • C. From the GUI, select show global counters under the monitor tab.
  • D. From the CLI, issue the show counter interface command for the ingress interface.

Answer: B

NEW QUESTION 5
Which setting allow a DOS protection profile to limit the maximum concurrent sessions from a source IP address?

  • A. Set the type to Aggregate, clear the session’s box and set the Maximum concurrent Sessions to 4000.
  • B. Set the type to Classified, clear the session’s box and set the Maximum concurrent Sessions to 4000.
  • C. Set the type Classified, check the Sessions box and set the Maximum concurrent Sessions to 4000.
  • D. Set the type to aggregate, check the Sessions box and set the Maximum concurrent Sessions to 4000.

Answer: C

NEW QUESTION 6
Which three types of software will receive a Grayware verdict from WildFire? (Choose Three)

  • A. Browser Toolbar
  • B. Trojans
  • C. Ransomeware
  • D. Potentially unwanted programs
  • E. Adware.

Answer: ADE

Explanation: https://www.paloaltonetworks.com/documentation/translated/70/newfeaturesguide/wildfire-features/wildfire-grayware-verdict

NEW QUESTION 7
An administrator creates an SSL decryption rule decrypting traffic on all ports. The administrator also creates a Security policy rule allowing only the applications DNS, SSL, and web-browsing.
The administrator generates three encrypted BitTorrent connections and checks the Traffic logs. There are three entries. The first entry shows traffic dropped as application Unknown. The next two entries show traffic allowed as application SSL.
Which action will stop the second and subsequent encrypted BitTorrent connections from being allowed as SSL?

  • A. Create a decryption rule matching the encrypted BitTorrent traffic with action “No- Decrypt,” and place the rule at the top of the Decryption policy.
  • B. Create a Security policy rule that matches application “encrypted BitTorrent” and place the rule at the top of the Security policy.
  • C. Disable the exclude cache option for the firewall.
  • D. Create a Decryption Profile to block traffic using unsupported cyphers, and attach theprofile to the decryption rule.

Answer: D

NEW QUESTION 8
Which Security Policy Rule configuration option disables antivirus and anti-spyware scanning of server-to-client flows only?

  • A. Disable Server Response Inspection
  • B. Apply an Application Override
  • C. Disable HIP Profile
  • D. Add server IP Security Policy exception

Answer: A

NEW QUESTION 9
People are having intermittent quality issues during a live meeting via web application.

  • A. Use QoS profile to define QoS Classes
  • B. Use QoS Classes to define QoS Profile
  • C. Use QoS Profile to define QoS Classes and a QoS Policy
  • D. Use QoS Classes to define QoS Profile and a QoS Policy

Answer: C

NEW QUESTION 10
Which option is part of the content inspection process?

  • A. Packet forwarding process
  • B. SSL Proxy re-encrypt
  • C. IPsec tunnel encryption
  • D. Packet egress process

Answer: A

NEW QUESTION 11
A company has a pair of Palo Alto Networks firewalls configured as an Acitve/Passive High Availability (HA) pair.
What allows the firewall administrator to determine the last date a failover event occurred?

  • A. From the CLI issue use the show System log
  • B. Apply the filter subtype eq ha to the System log
  • C. Apply the filter subtype eq ha to the configuration log
  • D. Check the status of the High Availability widget on the Dashboard of the GUI

Answer: B

NEW QUESTION 12
A company hosts a publically accessible web server behind a Palo Alto Networks next generation firewall with the following configuration information.
✑ Users outside the company are in the "Untrust-L3" zone
✑ The web server physically resides in the "Trust-L3" zone.
✑ Web server public IP address: 23.54.6.10
✑ Web server private IP address: 192.168.1.10
Which two items must be NAT policy contain to allow users in the untrust-L3 zone to access the web server? (Choose two)

  • A. Untrust-L3 for both Source and Destination zone
  • B. Destination IP of 192.168.1.10
  • C. Untrust-L3 for Source Zone and Trust-L3 for Destination Zone
  • D. Destination IP of 23.54.6.10

Answer: CD

NEW QUESTION 13
What are two prerequisites for configuring a pair of Palo Alto Networks firewalls in an active/passive High Availability (HA) pair? (Choose two.)

  • A. The firewalls must have the same set of licenses.
  • B. The management interfaces must to be on the same network.
  • C. The peer HA1 IP address must be the same on both firewalls.
  • D. HA1 should be connected to HA1. Either directly or with an intermediate Layer 2 device.

Answer: AD

NEW QUESTION 14
An administrator needs to determine why users on the trust zone cannot reach certain websites. The only information available is shown on the following image. Which configuration change should the administrator make?
A)
PCNSE7 dumps exhibit
B)
PCNSE7 dumps exhibit
C)
PCNSE7 dumps exhibit
D)
PCNSE7 dumps exhibit
E)
PCNSE7 dumps exhibit

  • A. Option A
  • B. Option B
  • C. Option C
  • D. Option D
  • E. Option E

Answer: B

NEW QUESTION 15
Which two mechanisms help prevent a spilt brain scenario an Active/Passive High Availability (HA) pair? (Choose two)

  • A. Configure the management interface as HA3 Backup
  • B. Configure Ethernet 1/1 as HA1 Backup CConfigure Ethernet 1/1 as HA2 Backup
  • C. Configure the management interface as HA2 Backup
  • D. Configure the management interface as HA1 Backup
  • E. Configure ethernet1/1 as HA3 Backup

Answer: BE

NEW QUESTION 16
A host attached to Ethernet 1/4 cannot ping the default gateway. The widget on the dashboard shows Ethernet 1/1 and Ethernet 1/4 to be green. The IP address of Ethernet 1/1 is 192.168.1.7 and the IP address of Ethernet 1/4 is 10.1.1.7. The default gateway is attached to Ethernet 1/1. A default route is properly configured.
What can be the cause of this problem?

  • A. No Zone has been configured on Ethernet 1/4.
  • B. Interface Ethernet 1/1 is in Virtual Wire Mode.
  • C. DNS has not been properly configured on the firewall.
  • D. DNS has not been properly configured on the host.

Answer: A

Recommend!! Get the Full PCNSE7 dumps in VCE and PDF From Surepassexam, Welcome to Download: https://www.surepassexam.com/PCNSE7-exam-dumps.html (New 176 Q&As Version)