PCNSE7 Exam Questions

A network design change requires an existing firewall to start accessing Palo Alto Updates from a dataplane interface address instead of the management interface. Which configurati...

A network security engineer needs to configure a virtual router using IPv6 addresses. Which two routing options support these addresses? (Choose two.)

A Network Administrator wants to deploy a Large Scale VPN solution. The Network Administrator has chosen a GlobalProtect Satellite solution. This configuration needs to be deployed...

People are having intermittent quality issues during a live meeting via a web application. How can the performance of this application be improved?

When is it necessary to activate a license when provisioning a new Palo Alto Networks firewall?

A file sharing application is being permitted and no one knows what this application is used for. How should this application be blocked?

YouTube videos are consuming too much bandwidth on the network, causing delays in mission- critical traffic. The administrator wants to throttle YouTube traffic. The following inte...

Which field is optional when creating a new Security Police rule?

When using the predefined default antivirus profile, the policy will inspect for viruses on the decoders. Match each decoder with its default action. Answer options may be used mor...

When a malware-infected host attempts to resolve a known command-and-control server, the traffic matches a security policy with DNS sinkhole enabled, generating a traffic log. What...

How can a Palo Alto Networks firewall be configured to send syslog messages in a format compatible with non-standard syslog servers?

What are two prerequisites for configuring a pair of Palo Alto Networks firewalls in an active/passive High Availability (HA) pair? (Choose two.)

Which device Group option is assigned by default in Panorama whenever a new device group is created to manage a Firewall?

When performing the "ping" test shown in this CLI output: What will be the source address in the ICMP packet?

Site-A and Site- have a site-to-site VPN set up between them. OSPF is configured to dynamically create the routes between the sites. The OSPF configuration in Site- is configured p...

A network design calls for a "router on a stick" implementation with a PA-5060 performing inter- VLAN routing. All VLAN-tagged traffic will be forwarded to the PA-5060 through a si...

Which two virtualized environments support Active/Active High Availability (HA) in PAN-OS 7.0? (Choose two.)

Which Panorama feature allows for logs generated by Panorama to be forwarded to an external Security Information and Event Management (SIEM) system?

In an enterprise deployment, a network security engineer wants to assign rights to a group of administrators without creating local administrator accounts on the firewall. Which au...

Which option is an IPv6 routing protocol?

Which URL Filtering Security Profile action logs the URL Filtering category to the URL Filtering log?

Which authentication source requires the installation of Palo Alto Networks software, other than PAN-OS 7x, to obtain username-to-IP-address mapping?

Which two actions are required to make Microsoft Active Directory users appear in a firewall traffic log? (Choose two.)

Firewall administrators cannot authenticate to a firewall GUI. Which two logs on that firewall will contain authentication-related information useful in troubleshooting this issue?...

Which three rule types are available when defining polices in Panorama? (Choose three.)

Several offices are connected with VPNs using static IPv4 routes. An administrator has been tasked with implementing OSPF to replace static routing. Which step is required to accom...

Which CLI command displays the current management plane memory utilization?

A distributed log collection deployment has dedicated Log Collectors. A developer needs a device to send logs to Panorama instead of sending logs to the Collector Group. What shoul...

Site-A and Site-B need to use IKEv2 to establish a VPN connection. Site-A connects directly to the internet using a public IP address. Site-B uses a private IP address behind an IS...

A network security engineer has a requirement to allow an external server to access an internal web server. The internal web server must also initiate connections with the external...

What happens when the traffic log shows an internal host attempting to open a session to a properly configured sinkhole address?

PAS-OS 7.0 introduced an automated correlation engine that analyzes log patterns and generates correlation events visible in the new Application Command Center (ACC). Which license...

Site-A and Site-have a site-to-site VPN set up between them. OSPF is configured to dynamically create the routes between the sites. The OSPF configuration in Site-is configured pro...

A network security engineer for a large company has just installed a PA-5060 Firewall to isolate the company's PCI environment from its production network. The company's network en...

On March 10, 2016, between 11:00 am and 11:30 am, users reported that web-browsing traffic to the IP address 1.1.1.1 failed. Which filter can be applied to the traffic logs to show...

Server Message Block (SMB), a common file-sharing application, is slow when passing through a Palo Alto Networks firewall. The Network Security Administrator created an application...

What are three valid options when creating a new security policy? (Choose three.)

The Network Security Administrator discovers that the company's NAT-aware SIP phone system is not working properly through the Palo Alto Networks firewall, even though SIP traffic...

Which two statements accurately describe how DoS Protection Profiles and Policies mitigate attacks? (Choose two.)

Given these tables: an external DNS provider and resolves to 203.1.200.123 in the Untrust-L3 zone. Users in the Trust-L3 zone use the external FQDN to access SVR1. Which NAT rule w...

What are the three Security Policy Rule Type classifications supported in PAN-OS 7.0? (Choose three.)

What is the default behavior when a Certificate Profile is configured to use both CRL and OCSP?

Ethernet1/1 has been configured with the following subinterfaces: The following security policy rule is applied: The Interface Management Profile permits the following: A customer...

Given the following diagram: A VPN connection has been created to allow traffic from the Trust-L3 zone of Site A to reach the Trust-L3 zone of Site B. Each site is using tunnel.1 i...

For which two functions is the management plane responsible? (Choose two.)

Refer to exhibit. An organization has Palo Alto Networks NGFWs that send logs to remote monitoring and security management platforms. The network team has reported excessive traffi...

Which Captive Portal mode must be configured to support MFA authentication?

Which protection feature is available only in a Zone Protection Profile?

Which User-ID method maps IP addresses to usernames for users connecting through an 802.1x-enabled wireless network device that has no native integration with PAN-OS?software?

How does an administrator schedule an Applications and Threats dynamic update while delaying installation of the update for a certain amount of time?