The document contains a practice test for the Palo Alto Networks PCNSE7 certification. It includes 60 multiple choice questions covering topics like firewall configuration, policies, interfaces, authentication methods, and components that use Palo Alto's threat databases. The questions get progressively more difficult and cover a wide range of Palo Alto firewall and management features.
The document contains a practice test for the Palo Alto Networks PCNSE7 certification. It includes 60 multiple choice questions covering topics like firewall configuration, policies, interfaces, authentication methods, and components that use Palo Alto's threat databases. The questions get progressively more difficult and cover a wide range of Palo Alto firewall and management features.
The document contains a practice test for the Palo Alto Networks PCNSE7 certification. It includes 60 multiple choice questions covering topics like firewall configuration, policies, interfaces, authentication methods, and components that use Palo Alto's threat databases. The questions get progressively more difficult and cover a wide range of Palo Alto firewall and management features.
The document contains a practice test for the Palo Alto Networks PCNSE7 certification. It includes 60 multiple choice questions covering topics like firewall configuration, policies, interfaces, authentication methods, and components that use Palo Alto's threat databases. The questions get progressively more difficult and cover a wide range of Palo Alto firewall and management features.
https://certkill.com Paloalto Networks PCNSE7 : Practice Test Question No : 1
A host attached to Ethernet 1/4 cannot ping the default gateway. The widget on the dashboard shows Ethernet 1/1 and Ethernet 1/4 to be green. The IP address of Ethernet 1/1 is 192.168.1.7 and the IP address of Ethernet 1/4 is 10.1.1.7. The default gateway is attached to Ethernet 1/1. A default route is properly configured.
What can be the cause of this problem?
A. No Zone has been configured on Ethernet 1/4.
B. Interface Ethernet 1/1 is in Virtual Wire Mode. C. DNS has not been properly configured on the firewall. D. DNS has not been properly configured on the host.
Answer: A
Question No : 2
Which two mechanisms help prevent a spilt brain scenario an Active/Passive High Availability (HA) pair? (Choose two)
A. Configure the management interface as HA3 Backup
B. Configure Ethernet 1/1 as HA1 Backup CConfigure Ethernet 1/1 as HA2 Backup C. Configure the management interface as HA2 Backup D. Configure the management interface as HA1 Backup E. Configure ethernet1/1 as HA3 Backup
Answer: B,E
Question No : 3
Company.com has an in-house application that the Palo Alto Networks device doesn't identify correctly. A Threat Management Team member has mentioned that this in-house application is very sensitive and all traffic being identified needs to be inspected by the Content-ID engine.
Which method should company.com use to immediately address this traffic on a Palo Alto Networks device?
2 https://certkill.com Paloalto Networks PCNSE7 : Practice Test A. Create a custom Application without signatures, then create an Application Override policy that includes the source, Destination, Destination Port/Protocol and Custom Application of the traffic. B. Wait until an official Application signature is provided from Palo Alto Networks. C. Modify the session timer settings on the closest referanced application to meet the needs of the in-house application D. Create a Custom Application with signatures matching unique identifiers of the in-house application traffic
Answer: A
Question No : 4
A company has a policy that denies all applications it classifies as bad and permits only application it classifies as good. The firewall administrator created the following security policy on the company's firewall.
Which interface configuration will accept specific VLAN IDs?
Which two benefits are gained from having both rule 2 and rule 3 presents? (choose two)
A. A report can be created that identifies unclassified traffic on the network.
B. Different security profiles can be applied to traffic matching rules 2 and 3. C. Rule 2 and 3 apply to traffic on different ports. D. Separate Log Forwarding profiles can be applied to rules 2 and 3.
Answer: A,B
Question No : 5
A network security engineer has been asked to analyze Wildfire activity. However, the Wildfire Submissions item is not visible form the Monitor tab.
What could cause this condition?
3 https://certkill.com Paloalto Networks PCNSE7 : Practice Test A. The firewall does not have an active WildFire subscription. B. The engineer's account does not have permission to view WildFire Submissions. C. A policy is blocking WildFire Submission traffic. D. Though WildFire is working, there are currently no WildFire Submissions log entries.
Answer: A
Question No : 6
Support for which authentication method was added in PAN-OS 7.0?
A. RADIUS B. LDAP C. Diameter D. TACACS+
Answer: D
Question No : 7
A network security engineer is asked to perform a Return Merchandise Authorization
(RMA) on a firewall
Which part of files needs to be imported back into the replacement firewall that is using Panorama?
A. Device state and license files
B. Configuration and serial number files C. Configuration and statistics files D. Configuration and Large Scale VPN (LSVPN) setups file
Answer: B
Question No : 8
A network administrator uses Panorama to push security polices to managed firewalls at
branch offices. Which policy type should be configured on Panorama if the administrators at the branch office sites to override these products?
4 https://certkill.com Paloalto Networks PCNSE7 : Practice Test A. Pre Rules B. Post Rules C. Explicit Rules D. Implicit Rules
Answer: A
Question No : 9
ION NO: 40
Palo Alto Networks maintains a dynamic database of malicious domains.
Which two Security Platform components use this database to prevent threats? (Choose two)
A. Brute-force signatures B. BrightCloud Url Filtering C. PAN-DB URL Filtering D. DNS-based command-and-control signatures
Answer: C,D
Question No : 10
Which two statements are correct for the out-of-box configuration for Palo Alto Networks NGFWs? (Choose two)
A. The devices are pre-configured with a virtual wire pair out the first two interfaces. B. The devices are licensed and ready for deployment. C. The management interface has an IP address of 192.168.1.1 and allows SSH and HTTPS connections. D. A default bidirectional rule is configured that allows Untrust zone traffic to go to the Trust zone. E. The interface are pingable.
Answer: B,C
Question No : 11 5 https://certkill.com
Fortinet NSE4_FGT-7.0 New and Exclusive Exam Preparation_ Pass Your Fortinet NSE4_FGT-7.0 Exam On Your First Try ( Latest Questions, Detailed Explanation + References)
Fortinet NSE4_FGT-7.0 New and Exclusive Exam Preparation_ Pass Your Fortinet NSE4_FGT-7.0 Exam On Your First Try ( Latest Questions, Detailed Explanation + References)
