Testking?¡¥s Paloalto Networks Paloalto Networks exam practice demos contain the key words from the real examination. Questions and answers are generally designed from the Paloalto Networks IT experts around the earth. They have got rich expertise in the compiling the actual Paloalto Networks PCNSE7 exam practice materials. Weve full confidence that people promise you 100% passing guarantee. Simply because our Paloalto Networks Paloalto Networks exam demos are generally comprised of the prior and most recent necessary contents reflected in the real exam. Our own experts are generally dedicated to search one of the most technical and comprehensive materials for the Paloalto Networks certification exam. The particular Paloalto Networks PCNSE7 prep package has attracted numerous people with its substantial standard of good quality and accuracy.

2021 Mar PCNSE7 exam question

Q1. A company hosts a publically accessible web server behind a Palo Alto Networks next generation firewall with the following configuration information.

? Users outside the company are in the "Untrust-L3" zone

? The web server physically resides in the "Trust-L3" zone.

? Web server public IP address: 23.54.6.10

? Web server private IP address: 192.168.1.10

Which two items must be NAT policy contain to allow users in the untrust-L3 zone to access the web server? (Choose two)

A. Untrust-L3 for both Source and Destination zone

B. Destination IP of 192.168.1.10

C. Untrust-L3 for Source Zone and Trust-L3 for Destination Zone

D. Destination IP of 23.54.6.10 

Answer: A,D


Q2. Which two methods can be used to mitigate resource exhaustion of an application server? (Choose two)

A. Vulnerability Object

B. DoS Protection Profile

C. Data Filtering Profile

D. Zone Protection Profile 

Answer: B,D


Q3. A host attached to Ethernet 1/4 cannot ping the default gateway. The widget on the dashboard shows Ethernet 1/1 and Ethernet 1/4 to be green. The IP address of Ethernet 1/1 is 192.168.1.7 and the IP address of Ethernet 1/4 is 10.1.1.7. The default gateway is attached to Ethernet 1/1. A default route is properly configured.

What can be the cause of this problem?

A. No Zone has been configured on Ethernet 1/4.

B. Interface Ethernet 1/1 is in Virtual Wire Mode.

C. DNS has not been properly configured on the firewall.

D. DNS has not been properly configured on the host. 

Answer: A


Q4. How does Panorama handle incoming logs when it reaches the maximum storage capacity?

A. Panorama discards incoming logs when storage capacity full.

B. Panorama stops accepting logs until licenses for additional storage space are applied

C. Panorama stops accepting logs until a reboot to clean storage space.

D. Panorama automatically deletes older logs to create space for new ones. 

Answer: D

Explanation:

(https://www.paloaltonetworks.com/documentation/60/panorama/panorama_adminguide/se t-up-panorama/determine-panorama-log-storage-requirements)


Q5. Which Security Policy Rule configuration option disables antivirus and anti-spyware scanning of server-to- client flows only?

A. Disable Server Response Inspection

B. Apply an Application Override

C. Disable HIP Profile

D. Add server IP Security Policy exception 

Answer: A


Latest PCNSE7 training:

Q6. A logging infrastructure may need to handle more than 10,000 logs per second. Which two options support a dedicated log collector function? (Choose two)

A. Panorama virtual appliance on ESX(i) only B. M-500

C. M-100 with Panorama installed D. M-100

Answer: A,C 

Explanation:

(https://live.paloaltonetworks.com/t5/Management-Articles/Panorama-Sizing-and-Design- Guide/ta-p/72181)


Q7. A network security engineer is asked to perform a Return Merchandise Authorization (RMA) on a firewall Which part of files needs to be imported back into the replacement firewall that is using Panorama?

A. Device state and license files

B. Configuration and serial number files

C. Configuration and statistics files

D. Configuration and Large Scale VPN (LSVPN) setups file

Answer: B


Q8. A network Administrator needs to view the default action for a specific spyware signature. The administrator follows the tabs and menus through Objects> Security Profiles> Anti-Spyware and select default profile. What should be done next?

A. Click the simple-critical rule and then click the Action drop-down list.

B. Click the Exceptions tab and then click show all signatures.

C. View the default actions displayed in the Action column.

D. Click the Rules tab and then look for rules with "default" in the Action column. 

Answer: B


Q9. The web server is configured to listen for HTTP traffic on port 8080. The clients access the web server using the IP address 1.1.1.100 on TCP Port 80. The destination NAT rule is configured to translate both IP address and report to 10.1.1.100 on TCP Port 8080.

 

Which NAT and security rules must be configured on the firewall? (Choose two)

A. A security policy with a source of any from untrust-I3 Zone to a destination of 10.1.1.100 in dmz-I3 zone using web-browsing application

B. A NAT rule with a source of any from untrust-I3 zone to a destination of 10.1.1.100 in dmz-zone using service-http service.

C. A NAT rule with a source of any from untrust-I3 zone to a destination of 1.1.1.100 in untrust-I3 zone using service-http service.

D. A security policy with a source of any from untrust-I3 zone to a destination of 1.1.100 in dmz-I3 zone using web-browsing application.

Answer: B,D


Q10. A network administrator uses Panorama to push security polices to managed firewalls at branch offices. Which policy type should be configured on Panorama if the administrators at the branch office sites to override these products?

A. Pre Rules

B. Post Rules

C. Explicit Rules

D. Implicit Rules 

Answer: A