We strive to make sure that youve a wonderful experience our Paloalto Networks Paloalto Networks check engine. Well begun, half done. Choose the Paloalto Networks PCNSE7 exam is the wise choice in your life. If you will need any data about the best way to use the Paloalto Networks Paloalto Networks exam, please contact the particular customer assist. Our staff members work around the clock to offer the most effective service pertaining to all the candidates. Youll get timely as well as satisfied answers to you questions.

2021 Apr PCNSE7 sample question

Q1. Which two mechanisms help prevent a spilt brain scenario an Active/Passive High Availability (HA) pair? (Choose two)

A. Configure the management interface as HA3 Backup

B. Configure Ethernet 1/1 as HA1 Backup CConfigure Ethernet 1/1 as HA2 Backup

C. Configure the management interface as HA2 Backup

D. Configure the management interface as HA1 Backup

E. Configure ethernet1/1 as HA3 Backup 

Answer: B,E


Q2. A network security engineer has been asked to analyze Wildfire activity. However, the Wildfire Submissions item is not visible form the Monitor tab.

What could cause this condition?

A. The firewall does not have an active WildFire subscription.

B. The engineer's account does not have permission to view WildFire Submissions.

C. A policy is blocking WildFire Submission traffic.

D. Though WildFire is working, there are currently no WildFire Submissions log entries. 

Answer: A


Q3. A company has a policy that denies all applications it classifies as bad and permits only application it classifies as good. The firewall administrator created the following security policy on the company's firewall.

 

Which interface configuration will accept specific VLAN IDs?

Which two benefits are gained from having both rule 2 and rule 3 presents? (choose two)

A. A report can be created that identifies unclassified traffic on the network.

B. Different security profiles can be applied to traffic matching rules 2 and 3.

C. Rule 2 and 3 apply to traffic on different ports.

D. Separate Log Forwarding profiles can be applied to rules 2 and 3. 

Answer: A,B


Q4. Which two mechanisms help prevent a spilt brain scenario an Active/Passive High Availability (HA) pair? (Choose two)

A. Configure the management interface as HA3 Backup

B. Configure Ethernet 1/1 as HA1 Backup CConfigure Ethernet 1/1 as HA2 Backup

C. Configure the management interface as HA2 Backup

D. Configure the management interface as HA1 Backup

E. Configure ethernet1/1 as HA3 Backup 

Answer: B,E


Q5. Click the Exhibit button below,

 

 

A firewall has three PBF rules and a default route with a next hop of 172.20.10.1 that is configured in the default VR. A user named Will has a PC with a 192.168.10.10 IP address. He makes an HTTPS connection to 172.16.10.20.

Which is the next hop IP address for the HTTPS traffic from Will's PC?

A. 172.20.30.1

B. 172.20.40.1

C. 172.20.20.1

D. 172.20.10.1

Answer: B


Updated PCNSE7 practice:

Q6. A network security engineer is asked to perform a Return Merchandise Authorization (RMA) on a firewall Which part of files needs to be imported back into the replacement firewall that is using Panorama?

A. Device state and license files

B. Configuration and serial number files

C. Configuration and statistics files

D. Configuration and Large Scale VPN (LSVPN) setups file

Answer: B


Q7. A firewall administrator has completed most of the steps required to provision a standalone Palo Alto Networks Next-Generation Firewall. As a final step, the administrator wants to test one of the security policies.

Which CLI command syntax will display the rule that matches the test?

A. test security -policy- match source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number

B. show security rule source <ip_address> destination <IP_address> destination port <port number> protocol

<protocol number>

C. test security rule source <ip_address> destination <IP_address> destination port <port number> protocol

<protocol number>

D. show security-policy-match source <ip_address> destination <IP_address> destination port <port number> protocol <protocol number>

test security-policy-match source

Answer: A

Explanation:

test security-policy-match source <source IP> destination <destination IP> protocol <protocol number>

https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Test-Which-Security- Policy-Applies-to-a-Traffic-Flow/ta-p/53693


Q8. Site-A and Site-B have a site-to-site VPN set up between them. OSPF is configured to dynamically create the routes between the sites. The OSPF configuration in Site-A is configured properly, but the route for the tunner  is not being established. The Site-B interfaces in the graphic are using a broadcast Link Type. The administrator has determined that the OSPF configuration in Site-B is using the wrong Link Type for one of its interfaces.

 

Which Link Type setting will correct the error?

A. Set tunnel. 1 to p2p

B. Set tunnel. 1 to p2mp

C. Set Ethernet 1/1 to p2mp

D. Set Ethernet 1/1 to p2p 

Answer: A


Q9. Company.com has an in-house application that the Palo Alto Networks device doesn't identify correctly. A Threat Management Team member has mentioned that this in-house application is very sensitive and all traffic being identified needs to be inspected by the Content-ID engine.

Which method should company.com use to immediately address this traffic on a Palo Alto Networks device?

A. Create a custom Application without signatures, then create an Application Override policy that includes the source, Destination, Destination Port/Protocol and Custom Application of the traffic.

B. Wait until an official Application signature is provided from Palo Alto Networks.

C. Modify the session timer settings on the closest referanced application to meet the needs of the in-house application

D. Create a Custom Application with signatures matching unique identifiers of the in-house application traffic 

Answer: A


Q10. A company has a policy that denies all applications it classifies as bad and permits only application it classifies as good. The firewall administrator created the following security policy on the company's firewall.

 

Which interface configuration will accept specific VLAN IDs?

Which two benefits are gained from having both rule 2 and rule 3 presents? (choose two)

A. A report can be created that identifies unclassified traffic on the network.

B. Different security profiles can be applied to traffic matching rules 2 and 3.

C. Rule 2 and 3 apply to traffic on different ports.

D. Separate Log Forwarding profiles can be applied to rules 2 and 3. 

Answer: A,B