PCNSE7 Exam Questions
223 real PCNSE7 exam questions with expert-verified answers and explanations. Page 1 of 5.
- Question #1
A company.com wants to enable Application Override. Given the following screenshot: Which two statements are true if Source and Destination traffic match the Application Override p...
- Question #2
Which three fields can be included in a pcap filter? (Choose three)
- Question #3
What are three possible verdicts that WildFire can provide for an analyzed sample? (Choose three)
- Question #4
A logging infrastructure may need to handle more than 10,000 logs per second. Which two options support a dedicated log collector function? (Choose two)
- Question #5
What are three valid method of user mapping? (Choose three)
- Question #6
A host attached to ethernet1/3 cannot access the internet. The default gateway is attached to ethernet1/4. After troubleshooting. It is determined that traffic cannot pass from the...
- Question #7
The IT department has received complaints abou VoIP call jitter when the sales staff is making or receiving calls. QoS is enabled on all firewall interfaces, but there is no QoS po...
- Question #8
A network security engineer is asked to provide a report on bandwidth usage. Which tab in the ACC provides the information needed to create the report?
- Question #9
Which three options does the WF-500 appliance support for local analysis? (Choose three)
- Question #10
Company.com has an in-house application that the Palo Alto Networks device doesn't identify correctly. A Threat Management Team member has mentioned that this in-house application...
- Question #11
After pushing a security policy from Panorama to a PA-3020 firewall, the firewall administrator notices that traffic logs from the PA-3020 are not appearing in Panorama's traffic l...
- Question #12
A critical US-CERT notification is published regarding a newly discovered botnet. The malware is very evasive and is not reliably detected by endpoint antivirus software. Furthermo...
- Question #13
Which two statements are correct for the out-of-box configuration for Palo Alto Networks NGFWs? (Choose two)
- Question #14
A network security engineer is asked to perform a Return Merchandise Authorization (RMA) on a firewall Which part of files needs to be imported back into the replacement firewall t...
- Question #15
A network engineer has revived a report of problems reaching 98.139.183.24 through vr1 on the firewall. The routing table on this firewall is extensive and complex. Which CLI comma...
- Question #16
Which two mechanisms help prevent a spilt brain scenario an Active/Passive High Availability (HA) pair? (Choose two)
- Question #17
What are three valid actions in a File Blocking Profile? (Choose three)
- Question #18
An Administrator is configuring an IPSec VPN toa Cisco ASA at the administrator's home and experiencing issues completing the connection. The following is th output from the comman...
- Question #19
Which interface configuration will accept specific VLAN IDs?
- Question #20
Palo Alto Networks maintains a dynamic database of malicious domains. Which two Security Platform components use this database to prevent threats? (Choose two)
- Question #21
Which two methods can be used to mitigate resource exhaustion of an application server? (Choose two)
- Question #22
A host attached to Ethernet 1/4 cannot ping the default gateway. The widget on the dashboard shows Ethernet 1/1 and Ethernet 1/4 to be green. The IP address of Ethernet 1/1 is 192....
- Question #23
A VPN connection is set up between Site-A and Site-B, but no traffic is passing in the system log of Site-A, there is an event logged as like-nego-p1-fail-psk. What action will bri...
- Question #24
A firewall administrator is troubleshooting problems with traffic passing through the Palo Alto Networks firewall. Which method shows the global counters associated with the traffi...
- Question #25
A network security engineer has been asked to analyze Wildfire activity. However, the Wildfire Submissions item is not visible form the Monitor tab. What could cause this condition...
- Question #26
Which Palo Alto Networks VM-Series firewall is supported for VMware NSX?
- Question #27
A client is deploying a pair of PA-5000 series firewalls using High Availability (HA) in Active/Passive mode. Which statement is true about this deployment?
- Question #28
What must be used in Security Policy Rule that contain addresses where NAT policy applies?
- Question #29
A company has a policy that denies all applications it classifies as bad and permits only application it classifies as good. The firewall administrator created the following securi...
- Question #30
How are IPV6 DNS queries configured to user interface ethernet1/3?
- Question #31
A Palo Alto Networks firewall is being targeted by an NTP Amplification attack and is being flooded with tens thousands of bogus UDP connections per second to a single destination...
- Question #32
Which Security Policy Rule configuration option disables antivirus and anti-spyware scanning of server-to-client flows only?
- Question #33
Which three options are available when creating a security profile? (Choose three)
- Question #34
Given the following table. Which configuration change on the firewall would cause it to use 10.66.24.88 as the next hop for the 192.168.93.0/30 network?
- Question #35
A company hosts a publically accessible web server behind a Palo Alto Networks next generation firewall with the following configuration information. - Users outside the company ar...
- Question #36
Which two interface types can be used when configuring GlobalProtect Portal?(Choose two)
- Question #37
What can missing SSL packets when performing a packet capture on dataplane interfaces?
- Question #38
A network Administrator needs to view the default action for a specific spyware signature. The administrator follows the tabs and menus through Objects> Security Profiles> Anti- Sp...
- Question #39
How does Panorama handle incoming logs when it reaches the maximum storage capacity?
- Question #40
Which three function are found on the dataplane of a PA-5050? (Choose three)
- Question #41
How is the Forward Untrust Certificate used?
- Question #42
A firewall administrator has completed most of the steps required to provision a standalone Palo Alto Networks Next-Generation Firewall. As a final step, the administrator wants to...
- Question #43
The web server is configured to listen for HTTP traffic on port 8080. The clients access the web server using the IP address 1.1.1.100 on TCP Port 80. The destination NAT rule is c...
- Question #44
A company has a pair of Palo Alto Networks firewalls configured as an Acitve/Passive High Availability (HA) pair. What allows the firewall administrator to determine the last date...
- Question #45
A network administrator uses Panorama to push security polices to managed firewalls at branch offices. Which policy type should be configured on Panorama if the administrators at t...
- Question #46
Which client software can be used to connect remote Linux client into a Palo Alto Networks Infrastructure without sacrificing the ability to scan traffic and protect against threat...
- Question #47
Only two Trust to Untrust allow rules have been created in the Security policy - Rule1 allows google-base - Rule2 allows youtube-base The youtube-base App-ID depends on google-base...
- Question #48
The GlobalProtect Portal interface and IP address have been configured. Which other value needs to be defined to complete the network settings configuration of GlobalPortect Portal...
- Question #49
Which command can be used to validate a Captive Portal policy?
- Question #50
A company is upgrading its existing Palo Alto Networks firewall from version 7.0.1 to 7.0.4. Which three methods can the firewall administrator use to install PAN-OS 7.0.4 across t...