• Home
• Paloalto Networks
• PCNSE7 : Palo Alto Networks Certified Network Security Engineer

Top Paloalto Networks PCNSE7 tutorials Choices

---

Are you a great IT hunter with no a Paloalto Networks Paloalto Networks certification. Precisely why do require this certification. The actual answer is simple. You should help to make yourself a lot more competitive in the task market. Hunt the satisfied job is a hard function in modern day fierce competitive world. Maintain a Paloalto Networks PCNSE7 certificate will be an advantage over other candidates. Acquiring the Paloalto Networks Paloalto Networks certificate can easily lay a solid foundation in your case career living.

2021 Apr PCNSE7 free exam questions

Q21. How does Panorama handle incoming logs when it reaches the maximum storage capacity?

A. Panorama discards incoming logs when storage capacity full.

B. Panorama stops accepting logs until licenses for additional storage space are applied

C. Panorama stops accepting logs until a reboot to clean storage space.

D. Panorama automatically deletes older logs to create space for new ones. 

Answer: D

Explanation:

(https://www.paloaltonetworks.com/documentation/60/panorama/panorama_adminguide/se t-up-panorama/determine-panorama-log-storage-requirements)

Q22. The GlobalProtect Portal interface and IP address have been configured. Which other value needs to be defined to complete the network settings configuration of GlobalPortect

Portal?

A. Server Certificate

B. Client Certificate

C. Authentication Profile

D. Certificate Profile 

Answer: A

Explanation:

(https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-GlobalProtect/ta-p/58351)

Q23. A network Administrator needs to view the default action for a specific spyware signature. The administrator follows the tabs and menus through Objects> Security Profiles> Anti-Spyware and select default profile. What should be done next?

A. Click the simple-critical rule and then click the Action drop-down list.

B. Click the Exceptions tab and then click show all signatures.

C. View the default actions displayed in the Action column.

D. Click the Rules tab and then look for rules with "default" in the Action column. 

Answer: B

Q24. A logging infrastructure may need to handle more than 10,000 logs per second. Which two options support a dedicated log collector function? (Choose two)

A. Panorama virtual appliance on ESX(i) only B. M-500

C. M-100 with Panorama installed D. M-100

Answer: A,C 

Explanation:

(https://live.paloaltonetworks.com/t5/Management-Articles/Panorama-Sizing-and-Design- Guide/ta-p/72181)

Q25. A client is deploying a pair of PA-5000 series firewalls using High Availability (HA) in Active/Passive mode. Which statement is true about this deployment?

A. The two devices must share a routable floating IP address

B. The two devices may be different models within the PA-5000 series

C. The HA1 IP address from each peer must be on a different subnet

D. The management port may be used for a backup control connection 

Answer: D

Updated PCNSE7 exam price:

Q26. The web server is configured to listen for HTTP traffic on port 8080. The clients access the web server using the IP address 1.1.1.100 on TCP Port 80. The destination NAT rule is configured to translate both IP address and report to 10.1.1.100 on TCP Port 8080.

 

Which NAT and security rules must be configured on the firewall? (Choose two)

A. A security policy with a source of any from untrust-I3 Zone to a destination of 10.1.1.100 in dmz-I3 zone using web-browsing application

B. A NAT rule with a source of any from untrust-I3 zone to a destination of 10.1.1.100 in dmz-zone using service-http service.

C. A NAT rule with a source of any from untrust-I3 zone to a destination of 1.1.1.100 in untrust-I3 zone using service-http service.

D. A security policy with a source of any from untrust-I3 zone to a destination of 1.1.100 in dmz-I3 zone using web-browsing application.

Answer: B,D

Q27. A logging infrastructure may need to handle more than 10,000 logs per second. Which two options support a dedicated log collector function? (Choose two)

A. Panorama virtual appliance on ESX(i) only B. M-500

C. M-100 with Panorama installed D. M-100

Answer: A,C 

Explanation:

(https://live.paloaltonetworks.com/t5/Management-Articles/Panorama-Sizing-and-Design- Guide/ta-p/72181)

Q28. A host attached to ethernet1/3 cannot access the internet. The default gateway is attached to ethernet1/4. After troubleshooting. It is determined that traffic cannot pass from the ethernet1/3 to ethernet1/4. What can be the cause of the problem?

A. DHCP has been set to Auto.

B. Interface ethernet1/3 is in Layer 2 mode and interface ethernet1/4 is in Layer 3 mode.

C. Interface ethernet1/3 and ethernet1/4 are in Virtual Wire Mode.

D. DNS has not been properly configured on the firewall 

Answer: B

Q29. ION NO: 40

Palo Alto Networks maintains a dynamic database of malicious domains.

Which two Security Platform components use this database to prevent threats? (Choose two)

A. Brute-force signatures

B. BrightCloud Url Filtering

C. PAN-DB URL Filtering

D. DNS-based command-and-control signatures 

Answer: C,D

Q30. A network security engineer is asked to perform a Return Merchandise Authorization (RMA) on a firewall Which part of files needs to be imported back into the replacement firewall that is using Panorama?

A. Device state and license files

B. Configuration and serial number files

C. Configuration and statistics files

D. Configuration and Large Scale VPN (LSVPN) setups file

Answer: B