2017 February NEW PCNSE7 Exam Dumps (PDF & VCE) 101Q&As Updated Today!
1.|NEW PCNSE7 Exam Dumps (PDF & VCE) 101Q&As Download:
http://www.braindump2go.com/pcnse7.html
2.|NEW PCNSE7 Exam Questions & Answers Download:
https://1drv.ms/f/s!AvI7wzKf6QBjgiORhA56QELmWMyo
QUESTION 85
Firewall administrators cannot authenticate to a firewall GUI.
Which two logs on that firewall will contain authentication-related information useful in troubleshooting this issue? (Choose two.)
A. ms log
B. authd log
C. System log
D. Traffic log
E. dp-monitor log
Answer: CD
QUESTION 86
Which option is an IPv6 routing protocol?
A. RIPv3
B. OSPFv3
C. OSPv3
D. BGP NG
Answer: B
QUESTION 87
A network security engineer has a requirement to allow an external server to access an internal web server.
The internal web server must also initiate connections with the external server.
What can be done to simplify the NAT policy?
A. Configure ECMP to handle matching NAT traffic
B. Configure a NAT Policy rule with Dynamic IP and Port
C. Create a new Source NAT Policy rule that matches the existing traffic and enable the Bi- directional option
D. Create a new Destination NAT Policy rule that matches the existing traffic and enable the Bi-directional option
Answer: C
Explanation:
https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/networking/nat-configuration-examples
QUESTION 88
A network design change requires an existing firewall to start accessing Palo Alto Updates from a data plane interface address instead of the management interface.
Which configuration setting needs to be modified?
A. Service route
B. Default route
C. Management profile
D. Authentication profile
Answer: A
QUESTION 89
A Network Administrator wants to deploy a Large Scale VPN solution.
The Network Administrator has chosen a GlobalProtect Satellite solution.
This configuration needs to be deployed to multiple remote offices and the Network Administrator decides to use Panorama to deploy the configurations.
How should this be accomplished?
A. Create a Template with the appropriate IKE Gateway settings
B. Create a Template with the appropriate IPSec tunnel settings
C. Create a Device Group with the appropriate IKE Gateway settings
D. Create a Device Group with the appropriate IPSec tunnel settings
Answer: B
QUESTION 90
Which CLI command displays the current management plan memory utilization?
A. > show system info
B. > show system resources
C. > debug management-server show
D. > show running resource-monitor
Answer: B
Explanation:
https://live.paloaltonetworks.com/t5/Management-Articles/Show-System-Resource-Command-Displays-CPU-Utilization-of-9999/ta-p/58149
QUESTION 91
Which URL Filtering Security Profile action logs the URL Filtering category to the URL Filtering log?
A. Log
B. Alert
C. Allow
D. Default
Answer: B
Explanation:
https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/url-filtering/url-filtering-profile-actions
QUESTION 92
What are two prerequisites for configuring a pair of Palo Alto Networks firewalls in an active/passive High Availability (HA) pair? (Choose two.)
A. The firewalls must have the same set of licenses.
B. The management interfaces must to be on the same network.
C. The peer HA1 IP address must be the same on both firewalls.
D. HA1 should be connected to HA1. Either directly or with an intermediate Layer 2 device.
Answer: AC
QUESTION 93
Which three rule types are available when defining policies in Panorama? (Choose three.)
A. Pre Rules
B. Post Rules
C. Default Rules
D. Stealth Rules
E. Clean Up Rules
Answer: ABC
Explanation:
https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/panorama-web-interface/defining-policies-on-panorama
QUESTION 94
A network design calls for a “router on a stick” implementation with a PA-5060 performing inter-VLAN routing All VLAN-tagged traffic will be forwarded to the PA-5060 through a single dot1q trunk interface
Which interface type and configuration setting will support this design?
A. Trunk interface type with specified tag
B. Layer 3 interface type with specified tag
C. Layer 2 interface type with a VLAN assigned
D. Layer 3 subinterface type with specified tag
Answer: D
QUESTION 95
Which Panorama feature allows for logs generated by Panorama to be forwarded to an external Security Information and Event Management(SIEM) system?
A. Panorama Log Settings
B. Panorama Log Templates
C. Panorama Device Group Log Forwarding
D. Collector Log Forwarding for Collector Groups
Answer: A
Explanation:
https://www.paloaltonetworks.com/documentation/61/panorama/panorama_adminguide/manage-log-collection/enable-log-forwarding-from-panorama-to-external-destinations
QUESTION 96
Which URL Filtering Security Profile action togs the URL Filtering category to the URL Filtering log?
A. Log
B. Alert
C. Allow
D. Default
Answer: D
QUESTION 97
Several offices are connected with VPNs using static IPV4 routes.
An administrator has been tasked with implementing OSPF to replace static routing.
Which step is required to accoumplish this goal?
A. Assign an IP address on each tunnel interface at each site
B. Enable OSPFv3 on each tunnel interface and use Area ID 0.0.0.0
C. Assign OSPF Area ID 0.0.0.0 to all Ethernet and tunnel interfaces
D. Create new VPN zones at each site to terminate each VPN connection
Answer: C
QUESTION 98
Which authentication source requires the installation of Palo Alto Networks software, other than PAN-OS 7x, to obtain a username-to-IP-address mapping?
A. Microsoft Active Directory
B. Microsoft Terminal Services
C. Aerohive Wireless Access Point
D. Palo Alto Networks Captive Portal
Answer: B
QUESTION 99
Several offices are connected with VPNs using static IPv4 routes. An administrator has been tasked with implementing OSPF to replace static routing.
Which step is required to accomplish this goal?
A. Assign an IP address on each tunnel interface at each site
B. Enable OSPFv3 on each tunnel interface and use Area ID 0.0.0.0
C. Assign OSPF Area ID 0.0.0.0 to all Ethernet and tunnel interfaces
D. Create new VPN zones at each site to terminate each VPN connection
Answer: C
QUESTION 100
People are having intermittent quality issues during a live meeting via web application.
A. Use QoS profile to define QoS Classes
B. Use QoS Classes to define QoS Profile
C. Use QoS Profile to define QoS Classes and a QoS Policy
D. Use QoS Classes to define QoS Profile and a QoS Policy
Answer: C
QUESTION 101
When is it necessary to activate a license when provisioning a new Palo Alto Networks firewall?
A. When configuring Certificate Profiles
B. When configuring GlobalProtect portal
C. When configuring User Activity Reports
D. When configuring Antivirus Dynamic Updates
Answer: D
!!!RECOMMEND!!!
1.|NEW PCNSE7 Exam Dumps (PDF & VCE) 101Q&As Download:
http://www.braindump2go.com/pcnse7.html
2.|NEW PCNSE7 Sudy Guide Video:
https://youtu.be/IOX5uorwmA0