PCNSE7 Exam Questions

An administrator has users accessing network resources through Citrix XenApp 7 x. Which User- ID mapping solution will map multiple users who are using Citrix to connect to the net...

An administrator creates a custom application containing Layer 7 signatures. The latest application and threat dynamic update is downloaded to the same NGFW. The update contains an...

How can a candidate or running configuration be copied to a host external from Panorama?

A company needs to preconfigure firewalls to be sent to remote sites with the least amount of reconfiguration. Once deployed, each firewall must establish secure tunnels back to mu...

A global corporate office has a large-scale network with only one User-ID agent, which creates a bottleneck near the User-ID agent server. Which solution in PAN-OS?software would h...

Which CLI command is used to simulate traffic going through the firewall and determine which Security policy rule, NAT translation, static route, or PBF rule will be triggered by t...

If the firewall is configured for credential phishing prevention using the "Domain Credential Filter" method, which login will be detected as credential theft?

Which Security policy rule will allow an admin to block facebook chat but allow Facebook in general?

Which feature prevents the submission of corporate login information into website forms?

Which three steps will reduce the CPU utilization on the management plane? (Choose three.)

Which two virtualization platforms officially support the deployment of Palo Alto Networks VM- Series firewalls? (Choose two.)

To connect the Palo Alto Networks firewall to AutoFocus, which setting must be enabled?

Which event will happen if an administrator uses an Application Override Policy?

An administrator wants multiple web servers in the DMZ to receive connections initiated from the internet. Traffic destined for 206.15.22.9 port 80/TCP needs to be forwarded to the...

Which three options are supported in HA Lite? (Choose three.)

A session in the Traffic log is reporting the application as "incomplete." What does "incomplete" mean?

An administrator is using Panorama and multiple Palo Alto Networks NGFWs. After upgrading all devices to the latest PAN-OS?software, the administrator enables log forwarding from t...

An administrator pushes a new configuration from Panorama to a pair of firewalls that are configured as an active/passive HA pair. Which NGFW receives the configuration from Panora...

Which three file types can be forwarded to WildFire for analysis as a part of the basic WildFire service? (Choose three.)

Which three firewall states are valid? (Choose three.)

An administrator encountered problems with inbound decryption. Which option should the administrator investigate as part of triage?

Which Palo Alto Networks VM-Series firewall is valid?

An administrator needs to implement an NGFW between their DMZ and Core network. EIGRP Routing between the two environments is required. Which interface type would support this busi...

A network security engineer for a large company has just installed a PA-5060 Firewall to isolate the company's PCI environment from its production network. The company's engineers...

After Migrating from an ASA firewall to a Palo Alto Networks Firewall, the VPN connection between a remote network and the Palo Alto Networks Firewall is not establishing correctly...

and service within the Traffic log?

If a template stack is assigned to a device and the stack includes three templates with overlapping settings, which settings are published to the device when the template stack is...

A web server is hosted in the DMZ, and the server is configured to listen for incoming connections only on TCP port 8080. A Security policy rule allowing access from the Trust zone...

An administrator sees several inbound sessions identified as unknown-tcp in the Traffic logs. The administrator determines that these sessions are form external users accessing the...

During the packet flow process, which two processes are performed in application identification? (Choose two.)

An administrator logs in to the Palo Alto Networks NGFW and reports that the WebUI is missing the Policies tab. Which profile is the cause of the missing Policies tab?

When configuring a GlobalProtect Portal, what is the purpose of specifying an Authentication Profile?

The certificate information displayed in the following image is for which type of certificate?

An administrator has been asked to configure active/passive HA for a pair of Palo Alto Networks NGFWs. The administrator assigns priority 100 to the active firewall. Which priority...

Which option is part of the content inspection process?

Which three types of software will receive a Grayware verdict from WildFire? (Choose Three)

A speed/duplex negotiation mismatch is between the Palo Alto Networks management port and the switch port which it connects. How would an administrator configure the interface to 1...

In a virtual router, which object contains all potential routes?

Refer to the exhibit. An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, wher...

A customer has an application that is being identified as unknown-top for one of their custom PostgreSQL database connections. Which two configuration options can be used to correc...

Server Message Block (SMB), a common file-sharing application, is slow when passing through a Palo Alto Networks firewall. The Network Security Administrator created an application...

An administrator has enabled OSPF on a virtual router on the NGFW. OSPF is not adding new routes to the virtual router. Which two options enable the administrator to troubleshoot t...

Which tool provides an administrator the ability to see trends in traffic over periods of time, such as threats detected in the last 30 days?

The administrator has enabled BGP on a virtual router on the Palo Alto Networks NGFW, but new routes do not seem to be populating the virtual router. Which two options would help t...

A user's traffic traversing a Palo Alto Networks NGFW sometimes can reach How can the firewall be configured automatically disable the PBF rule if the next hop goes down?

Which feature must you configure to prevent users form accidentally submitting their corporate credentials to a phishing website?

A Palo Alto Networks NGFW just submitted a file to WildFire for analysis. Assume a 5- minute window for analysis. The firewall is configured to check for verdicts every 5 minutes....

What are two benefits of nested device groups in Panorama? (Choose two.)

PAN-OS 7.0 introduced an automated correlation engine that analyzes log patterns and generates correlation events visible in the new Application Command Center (ACC). Which license...

An administrator needs to upgrade a Palo Alto Networks NGFW to the most current version of PAN-OS?software. The firewall has internet connectivity through an Ethernet interface, bu...