Exam Code: PCNSE7 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Palo Alto Networks Certified Network Security Engineer
Certification Provider: Paloalto Networks
Free Today! Guaranteed Training- Pass PCNSE7 Exam.

Q11. Which Palo Alto Networks VM-Series firewall is supported for VMware NSX?

A. VM-100

B. VM-200

C. VM-1000-HV

D. VM-300

Answer: C


Q12. Click the Exhibit button below,

 

 

A firewall has three PBF rules and a default route with a next hop of 172.20.10.1 that is configured in the default VR. A user named Will has a PC with a 192.168.10.10 IP address. He makes an HTTPS connection to 172.16.10.20.

Which is the next hop IP address for the HTTPS traffic from Will's PC?

A. 172.20.30.1

B. 172.20.40.1

C. 172.20.20.1

D. 172.20.10.1

Answer: B


Q13. How are IPV6 DNS queries configured to user interface ethernet1/3?

A. Network > Virtual Router > DNS Interface

B. Objects > CustomerObjects > DNS

C. Network > Interface Mgrnt

D. Device > Setup > Services > Service Route Configuration 

Answer: D


Q14. Which Security Policy Rule configuration option disables antivirus and anti-spyware scanning of server-to- client flows only?

A. Disable Server Response Inspection

B. Apply an Application Override

C. Disable HIP Profile

D. Add server IP Security Policy exception 

Answer: A


Q15. A client is deploying a pair of PA-5000 series firewalls using High Availability (HA) in Active/Passive mode. Which statement is true about this deployment?

A. The two devices must share a routable floating IP address

B. The two devices may be different models within the PA-5000 series

C. The HA1 IP address from each peer must be on a different subnet

D. The management port may be used for a backup control connection 

Answer: D


Q16. Given the following table.

 

Which configuration change on the firewall would cause it to use 10.66.24.88 as the next hop for the 192.168.93.0/30 network?

A. Configuring the administrative Distance for RIP to be lower than that of OSPF Int.

B. Configuring the metric for RIP to be higher than that of OSPF Int.

C. Configuring the administrative Distance for RIP to be higher than that of OSPF Ext.

D. Configuring the metric for RIP to be lower than that OSPF Ext. 

Answer: A


Q17. The GlobalProtect Portal interface and IP address have been configured. Which other value needs to be defined to complete the network settings configuration of GlobalPortect

Portal?

A. Server Certificate

B. Client Certificate

C. Authentication Profile

D. Certificate Profile 

Answer: A

Explanation:

(https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-GlobalProtect/ta-p/58351)


Q18. Which interface configuration will accept specific VLAN IDs?

A. Tab Mode

B. Subinterface

C. Access Interface

D. Trunk Interface 

Answer: B


Q19. Support for which authentication method was added in PAN-OS 7.0?

A. RADIUS

B. LDAP

C. Diameter

D. TACACS+

Answer: D


Q20. A network Administrator needs to view the default action for a specific spyware signature. The administrator follows the tabs and menus through Objects> Security Profiles> Anti-Spyware and select default profile. What should be done next?

A. Click the simple-critical rule and then click the Action drop-down list.

B. Click the Exceptions tab and then click show all signatures.

C. View the default actions displayed in the Action column.

D. Click the Rules tab and then look for rules with "default" in the Action column. 

Answer: B