Top 10 free demo PCNSE7 for IT engineers (1 to 10)

PCNSE7 Exam

Top 10 free demo PCNSE7 for IT engineers (1 to 10)

It is impossible to pass Paloalto Networks PCNSE7 exam without any help in the short term. Come to Examcollection soon and find the most advanced, correct and guaranteed Paloalto Networks PCNSE7 practice questions. You will get a surprising result by our Improved Palo Alto Networks Certified Network Security Engineer practice guides.

2021 Mar PCNSE7 test questions

Q1. Click the Exhibit button below,

A firewall has three PBF rules and a default route with a next hop of 172.20.10.1 that is configured in the default VR. A user named Will has a PC with a 192.168.10.10 IP address. He makes an HTTPS connection to 172.16.10.20.

Which is the next hop IP address for the HTTPS traffic from Will's PC?

A. 172.20.30.1

B. 172.20.40.1

C. 172.20.20.1

D. 172.20.10.1

Answer: B

Q2. A firewall administrator has completed most of the steps required to provision a standalone Palo Alto Networks Next-Generation Firewall. As a final step, the administrator wants to test one of the security policies.

Which CLI command syntax will display the rule that matches the test?

A. test security -policy- match source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number

B. show security rule source <ip_address> destination <IP_address> destination port <port number> protocol

C. test security rule source <ip_address> destination <IP_address> destination port <port number> protocol

D. show security-policy-match source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number>

test security-policy-match source

Answer: A

Explanation:

test security-policy-match source <source IP> destination <destination IP> protocol <protocol number>

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Test-Which-Security- Policy-Applies-to-a-Traffic-Flow/ta-p/53693

Q3. What are three valid actions in a File Blocking Profile? (Choose three)

A. Forward

B. Block

C. Alret

D. Upload

E. Reset-both

F. Continue

Answer: B,C,F

Explanation:

https://live.paloaltonetworks.com/t5/Configuration-Articles/File-Blocking- Rulebase-and-Action-Precedence/ta-p/53623

Q4. The web server is configured to listen for HTTP traffic on port 8080. The clients access the web server using the IP address 1.1.1.100 on TCP Port 80. The destination NAT rule is configured to translate both IP address and report to 10.1.1.100 on TCP Port 8080.

Which NAT and security rules must be configured on the firewall? (Choose two)

A. A security policy with a source of any from untrust-I3 Zone to a destination of 10.1.1.100 in dmz-I3 zone using web-browsing application

B. A NAT rule with a source of any from untrust-I3 zone to a destination of 10.1.1.100 in dmz-zone using service-http service.

C. A NAT rule with a source of any from untrust-I3 zone to a destination of 1.1.1.100 in untrust-I3 zone using service-http service.

D. A security policy with a source of any from untrust-I3 zone to a destination of 1.1.100 in dmz-I3 zone using web-browsing application.

Answer: B,D

Q5. Which command can be used to validate a Captive Portal policy?

A. eval captive-portal policy <criteria>

B. request cp-policy-eval <criteria>

C. test cp-policy-match <criteria>

D. debug cp-policy <criteria>

Answer: C

Improve PCNSE7 free practice test:

Q6. Support for which authentication method was added in PAN-OS 7.0?

A. RADIUS

B. LDAP

C. Diameter

D. TACACS+

Answer: D

Q7. ION NO: 40

Palo Alto Networks maintains a dynamic database of malicious domains.

Which two Security Platform components use this database to prevent threats? (Choose two)

A. Brute-force signatures

B. BrightCloud Url Filtering

C. PAN-DB URL Filtering

D. DNS-based command-and-control signatures

Answer: C,D

Q8. A client is deploying a pair of PA-5000 series firewalls using High Availability (HA) in Active/Passive mode. Which statement is true about this deployment?

A. The two devices must share a routable floating IP address

B. The two devices may be different models within the PA-5000 series

C. The HA1 IP address from each peer must be on a different subnet

D. The management port may be used for a backup control connection

Answer: D

Q9. The GlobalProtect Portal interface and IP address have been configured. Which other value needs to be defined to complete the network settings configuration of GlobalPortect

Portal?

A. Server Certificate

B. Client Certificate

C. Authentication Profile

D. Certificate Profile

Answer: A

Explanation:

(https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-GlobalProtect/ta-p/58351)

Q10. Which two mechanisms help prevent a spilt brain scenario an Active/Passive High Availability (HA) pair? (Choose two)

A. Configure the management interface as HA3 Backup

B. Configure Ethernet 1/1 as HA1 Backup CConfigure Ethernet 1/1 as HA2 Backup

C. Configure the management interface as HA2 Backup

D. Configure the management interface as HA1 Backup

E. Configure ethernet1/1 as HA3 Backup

Answer: B,E