Page No | 1
Palo Alto Networks PCNSE7 PRACTICE EXAM Palo Alto Networks Certified Network Security Engineer
_____________________ __________ ______________________ ______________________ ______________________ ______________________ ______________________ _____________________ ____________________ __________
http://www.pass4sures.co/
Page No | 2
Product Questions: 60 Version: 9.3 Question 1 A ost aahe to Ethrnht 1/4 annot ping th ehfault gathway. Th wieght on th easboare sows Ethrnht 1/1 ane Ethrnht 1/4 to bh grhhn. Th IP aeerhss of Ethrnht 1/1 is 192.168.1.7 ane th IP aeerhss of Ethrnht 1/4 is 10.1.1.7. Th ehfault gathway is aahe to Ethrnht 1/1. A ehfault routh is prophrly ongurhe. Wat an bh th aush aush of tis problhm? problhm? A. No Zonh as bhhn ongurhe on Ethrnht 1/4. B. Inthrfah Ethrnht 1/1 is in Virtual Wirh Moeh. C. DNS as not bhhn prophrly ongurhe on th rhwall. D. DNS as not bhhn prophrly ongurhe on th ost.
Aoswern A Question 2 Sith-A ane Sith-B avh a sith-to-sith VPN sht up bhtwhhn thm. OSPF is ongurhe to eynamially rhath th rouths bhtwhhn th siths. Th OSPF onguraon in Sith-A is ongurhe prophrly, but th routh for th tunnhr is not bhing hstablishe. Th Sith-B inthrfahs in th grapi arh using a broaeast Link Typh. Th aeministrator as ehthrminhe tat th OSPF onguraon in Sith-B is using th wrong Link Typh for onh of its inthrfahs.
Wi Link Typh shng will orrht th hrror? A. Sht tunnhl. 1 to p2p B. Sht tunnhl. 1 to p2mp C. Sht Ethrnht 1/1 to p2mp D. Sht Ethrnht 1/1 to p2p
Aoswern A Question 3
_____________________ __________ ______________________ ______________________ ______________________ ______________________ ______________________ _____________________ ____________________ __________
http://www.pass4sures.co/
Page No | 3
Givhn th following tablh.
Wi onguraon angh on th rhwall woule aush it to ush 10.66.24.88 as th nhxt op for th 192.168.93.0/30 nhtwork? A. Conguring th aeministravh Distanh for RIP to bh lowhr tan tat of OSPF Int. B. Conguring th mhtri for RIP to bh ighr tan tat of OSPF Int. C. Conguring th aeministravh Distanh for RIP to bh ighr tan tat of OSPF Ext. D. Conguring th mhtri for RIP to bh lowhr tan tat OSPF Ext.
Aoswern A Question 4 A VPN onnhon is sht up bhtwhhn Sith-A ane Sith-B, but no tra is passing in th systhm log of Sith-A, thrh is an hvhnt logghe as likh-nhgo-p1-fail-psk. Wat aon will bring th VPN up ane allow tra to start passing bhtwhhn th siths? A. Cangh th Sith-B IKE Gathway prolh vhrsion to mat Sith-A, B. Cangh th Sith-A IKE Gathway prolh hxangh moeh to aggrhssivh moeh. C. Enablh NAT Travhrsal on th Sith-A IKE Gathway prolh. D. Cangh th prh-sarhe khy of Sith-B to mat th prh-sarhe khy of Sith-A
Aoswern D Question 5 A ompany is upgraeing its hxisng Palo Alto Nhtworks rhwall from vhrsion 7.0.1 to 7.0.4. Wi trhh mhtoes an th rhwall aeministrator ush to install PAN-OS 7.0.4 aross th hnthrprish?( Coosh trhh) A. Downloae PAN-OS 7.0.4 lhs from th support sith ane install thm on ha rhwall ahr manually uploaeing. B. Downloae PAN-OS 7.0.4 to a USB erivh ane th rhwall will automaally upeath ahr th USB erivh is inshrthe in th rhwall.
________________________________________________________________________________________________
http://www.pass4sures.co/
Page No | 4
C. Pus th PAN-OS 7.0.4 upeaths from th support sith to install on ha rhwall. D. Pus th PAN-OS 7.0.4 upeath from onh rhwall to all of th othr rhmaining ahr upeang onh rhwall. E. Downloae ane install PAN-OS 7.0.4 eirhtly on ha rhwall. F. Downloae ane pus PAN-OS 7.0.4 from Panorama to ha rhwall.
Aoswern AEF Question 6 A logging infrastruturh may nhhe to anelh morh tan 10,000 logs phr shone. Wi two opons support a eheiathe log ollhtor funon? (Coosh two) A. Panorama virtual applianh on ESX(i) only B. M-500 C. M-100 wit Panorama installhe D. M-100
Aoswern AC Explanaon (ps//livh.paloaltonhtworks.om/t5/Managhmhnt-Arlhs/Panorama-Sizing-ane-Dhsign-Guieh/ta-p/72181)
Question 7 Wi trhh hles an bh inluehe in a pap lthr? (Coosh trhh) A. Egrhss inthrfah B. Sourh IP C. Rulh numbhr D. Dhsnaon IP E. Ingrhss inthrfah
Aoswern BDE Explanaon (ps//livh.paloaltonhtworks.om/t5/Fhaturhe-Arlhs/Ghng-Starthe-Pakht-Capturh/ta-p/72069)
Question 8 A ompany osts a publially ahssiblh whb shrvhr bhine a Palo Alto Nhtworks nhxt ghnhraon rhwall wit th following onguraon informaon. Ushrs outsieh th ompany arh in th "Untrust-L3" zonh Th whb shrvhr pysially rhsiehs in th "Trust-L3" zonh. Whb shrvhr publi IP aeerhss 23.54.6.10 Whb shrvhr privath IP aeerhss 192.168.1.10 Wi two ithms must bh NAT poliy ontain to allow ushrs in th untrust-L3 zonh to ahss th whb shrvhr? (Coosh two) A. Untrust-L3 for bot Sourh ane Dhsnaon zonh
________________________________________________________________________________________________
http://www.pass4sures.co/
Page No | 5
B. Dhsnaon IP of 192.168.1.10 C. Untrust-L3 for Sourh Zonh ane Trust-L3 for Dhsnaon Zonh D. Dhsnaon IP of 23.54.6.10
Aoswern AD Question 9 A nhtwork hnginhhr as rhvivhe a rhport of problhms rhaing 98.139.183.24 troug vr1 on th rhwall. Th roung tablh on tis rhwall is hxthnsivh ane omplhx. Wi CLI ommane will hlp iehnfy th issuh? A. thst roung b virtual-routhr vr1 B. sow roung routh typh sta ehsnaon 98.139.183.24 C. thst roung b-lookup ip 98.139.183.24 virtual-routhr vr1 D. sow roung inthrfah
Aoswern C Question 10 A nhtwork Aeministrator nhhes to vihw th ehfault aon for a sphi spywarh signaturh. Th aeministrator follows th tabs ane mhnus troug Objhts> Shurity Prolhs> An-Spywarh ane shlht ehfault prolh. Wat soule bh eonh nhxt? A. Clik th simplh-rial rulh ane thn lik th Aon erop-eown list. B. Clik th Exhpons tab ane thn lik sow all signaturhs. C. Vihw th ehfault aons eisplayhe in th Aon olumn. D. Clik th Rulhs tab ane thn look for rulhs wit "ehfault" in th Aon olumn.
Aoswern B
________________________________________________________________________________________________
http://www.pass4sures.co/
Page No | 6
Question 11 Wi two stathmhnts arh orrht for th out-of-box onguraon for Palo Alto Nhtworks NGFWs? (Coosh two) A. Th ehvihs arh prh-ongurhe wit a virtual wirh pair out th rst two inthrfahs. B. Th ehvihs arh lihnshe ane rhaey for ehploymhnt. C. Th managhmhnt inthrfah as an IP aeerhss of 192.168.1.1 ane allows SSH ane HTTPS onnhons. D. A ehfault bieirhonal rulh is ongurhe tat allows Untrust zonh tra to go to th Trust zonh. E. Th inthrfah arh pingablh.
Aoswern BC Question 12 Wi two mhanisms hlp prhvhnt a spilt brain shnario an Avh/Passivh Hig Availability (HA) pair? (Coosh two) A. Congurh th managhmhnt inthrfah as HA3 Bakup B. Congurh Ethrnht 1/1 as HA1 Bakup C. Congurh Ethrnht 1/1 as HA2 Bakup D. Congurh th managhmhnt inthrfah as HA2 Bakup E. Congurh th managhmhnt inthrfah as HA1 Bakup F. Congurh hthrnht1/1 as HA3 Bakup
Aoswern BE Question 13 Clik th Exibit buon
________________________________________________________________________________________________
http://www.pass4sures.co/
Page No | 7
An aeministrator as nohe a largh inrhash in biorrhnt avity. Th aeministrator wants to ehthrminh whrh th tra is going on th ompany. Wat woule bh th aeministrator's nhxt sthp? A. Rigt-Clik on th biorrhnt link ane shlht Valuh from th onthxt mhnu B. Crhath a global lthr for biorrhnt tra ane thn vihw Tra logs. C. Crhath loal lthr for biorrhnt tra ane thn vihw Tra logs. D. Clik on th biorrhnt appliaon link to vihw nhtwork avity
Aoswern D Question 14 How is th Forware Untrust Chrath ushe? A. It issuhs hraths hnounthrhe on th Untrust shurity zonh whn lihnts ahmpt to onnht to a sith tat as bh ehrypthe/ B. It is ushe whn whb shrvhrs rhquhst a lihnt hrath. C. It is prhshnthe to lihnts whn th shrvhr thy arh onnhng to is signhe by a hrath autority tat is not trusthe by rhwall. D. It is ushe for Capvh Portal to iehnfy unknown ushrs.
Aoswern A Question 15 Wi ommane an bh ushe to valieath a Capvh Portal poliy? A. hval apvh-portal poliy <rithria> B. rhquhst p-poliy-hval <rithria> C. thst p-poliy-mat <rithria> D. ehbug p-poliy <rithria>
Aoswern C
________________________________________________________________________________________________
http://www.pass4sures.co/
Page No | 8
Question 16 Wat arh trhh valie aons in a Filh Bloking Prolh? (Coosh trhh) A. Forware B. Blok C. Alrht D. Uploae E. Rhsht-bot F. Connuh
Aoswern BCF Explanaon ps//livh.paloaltonhtworks.om/t5/Conguraon-Arlhs/Filh-Bloking-Rulhbash-ane-Aon-Prhhehnh/tap/53623
Question 17 Wi shng allow a DOS prothon prolh to limit th maximum onurrhnt shssions from a sourh IP aeerhss? A. Sht th typh to Aggrhgath, lhar th shssion’s box ane sht th Maximum onurrhnt Shssions to 4000. B. Sht th typh to Classihe, lhar th shssion’s box ane sht th Maximum onurrhnt Shssions to 4000. C. Sht th typh Classihe, hk th Shssions box ane sht th Maximum onurrhnt Shssions to 4000. D. Sht th typh to aggrhgath, hk th Shssions box ane sht th Maximum onurrhnt Shssions to 4000.
Aoswern D Question 18 A ompany as a pair of Palo Alto Nhtworks rhwalls ongurhe as an Aitvh/Passivh Hig Availability (HA) pair. Wat allows th rhwall aeministrator to ehthrminh th last eath a failovhr hvhnt ourrhe? A. From th CLI issuh ush th sow Systhm log B. Apply th lthr subtyph hq a to th Systhm log C. Apply th lthr subtyph hq a to th onguraon log D. Chk th status of th Hig Availability wieght on th Dasboare of th GUI
Aoswern D Question 19 Th ompany's Panorama shrvhr (IP 10.10.10.5) is not ablh to managh a rhwall tat was rhhntly ehployhe. Th rhwall's eheiathe managhmhnt port is bhing ushe to onnht to th managhmhnt nhtwork. Wi two ommanes may bh ushe to troublhsoot tis issuh from th CLI of th nhw rhwall? (Coosh two) A. thst panoramas-onnht 10.10.10.5 B. sow panoramas-status
________________________________________________________________________________________________
http://www.pass4sures.co/
Page No | 9
C. sow arp all I mat 10.10.10.5 D. topeump lthr "ost 10.10.10.5 E. ehbug eataplanh pakht-eiag sht apturh on
Aoswern AC Question 20 Wi Publi Khy infrastruturh omponhnt is ushe to authnath ushrs for GlobalProtht whn th Connht Mhtoe is sht to prh-logon? A. Chrath rhvoaon list B. Trusthe root hrath C. Mainh hrath D. Onlinh Chrath Status Protool
Aoswern C Question 21 Wi trhh log-forwareing ehsnaons rhquirh a shrvhr prolh to bh ongurhe? (Coosh trhh) A. SNMP Trap B. Email C. RADIUS D. Khrbhros E. Panorama F. Syslog
Aoswern ABF Question 22 A rial US-CERT noaon is publishe rhgareing a nhwly eisovhrhe botnht. Th malwarh is vhry hvasivh ane is not rhliably ehththe by hnepoint anvirus sowarh. Furthrmorh, SSL is ushe to tunnhl maliious tra to ommaneane-ontrol shrvhrs on th inthrnht ane SSL Forware Proxy Dhrypon is not hnablhe. Wi omponhnt onh hnablhe on a phrirnhthr rhwall will allow th iehnaon of hxisng infhthe osts in an hnvironmhnt? A. An-Spywarh prolhs applihe outboune shurity poliihs wit DNS Quhry aon sht to sinkolh B. Filh Bloking prolhs applihe to outboune shurity poliihs wit aon sht to alhrt C. Vulnhrability Prothon prolhs applihe to outboune shurity poliihs wit aon sht to blok D. Anvirus prolhs applihe to outboune shurity poliihs wit aon sht to alhrt
Aoswern C Question 23 An Aeministrator is onguring an IPSh VPN toa Ciso ASA at th aeministrator's omh ane hxphrihning issuhs
________________________________________________________________________________________________
http://www.pass4sures.co/
Page No | 10
omplhng th onnhon. Th following is t output from th ommane lhss mp-log ikhmgr.log
Wat oule bh th aush of tis problhm? A. Th publi IP aeerhssh eo not mat for bot th Palo Alto Nhtworks Firhwall ane th ASA. B. Th Proxy IDs on th Palo Alto Nhtworks Firhwall eo not mat th shngs on th ASA. C. Th sarhe shhrts eo not mat bhtwhhn th Palo Alto rhwall ane th ASA D. Th ehhe phhr ehthon shngs eo not mat bhtwhhn th Palo Alto Nhtworks Firhwall ane th ASA
Aoswern B Question 24 How eohs Panorama anelh inoming logs whn it rhahs th maximum storagh apaity? A. Panorama eisares inoming logs whn storagh apaity full. B. Panorama stops ahpng logs unl lihnshs for aeeional storagh spah arh applihe C. Panorama stops ahpng logs unl a rhboot to lhan storagh spah. D. Panorama automaally ehlhths olehr logs to rhath spah for nhw onhs.
Aoswern D Explanaon (ps//www.paloaltonhtworks.om/eoumhntaon/60/panorama/panoramaaeminguieh/sht-uppanorama/ehthrminh-panorama-log-storagh-rhquirhmhnts)
Question 25 Wi lihnt sowarh an bh ushe to onnht rhmoth Linux lihnt into a Palo Alto Nhtworks Infrastruturh witout sariing th ability to san tra ane protht against trhats? A. X-Aut IPsh VPN B. GlobalProtht Applh IOS C. GlobalProtht SSL D. GlobalProtht Linux
Aoswern D
________________________________________________________________________________________________
http://www.pass4sures.co/
Page No | 11
Explanaon ( p//blog.whbhrnhtz.nht/2014/03/31/palo-alto-globalprotht-for-linux-wit-vpn/ )
Question 26 Only two Trust to Untrust allow rulhs avh bhhn rhathe in th Shurity poliy Rulh1 allows googlh-bash Rulh2 allows youtubh-bash Th youtubh-bash App-ID ehphnes on googlh-bash to funon. Th googlh-bash App-ID impliitly ushs SSL ane whbbrowsing. Whn ushr try to ahsss ps//www.youtubh.om in a whb browshr, thy ght an hrror inehang tat th shrvhr annot bh foune. Wi aon will allow youtubh.om eisplay in th browshr orrhtly? A. Aee SSL App-ID to Rulh1 B. Crhath an aeeional Trust to Untrust Rulh, aee th whb-browsing, ane SSL App-ID's to it C. Aee th DNS App-ID to Rulh2 D. Aee th Whb-browsing App-ID to Rulh2
Aoswern C Question 27 Wi trhh opons arh availablh whn rhang a shurity prolh? (Coosh trhh) A. An-Malwarh B. Filh Bloking C. Url Filthring D. IDS/ISP E. Trhat Prhvhnon F. Anvirus
Aoswern BCF
Question 28 Wi two mhtoes an bh ushe to migath rhsourh hxauson of an appliaon shrvhr? (Coosh two) A. Vulnhrability Objht B. DoS Prothon Prolh
________________________________________________________________________________________________
http://www.pass4sures.co/
Page No | 12
C. Data Filthring Prolh D. Zonh Prothon Prolh
Aoswern BD Question 29 Th IT ehpartmhnt as rhhivhe omplaints abou VoIP all jihr whn th salhs sta is making or rhhiving alls. QoS is hnablhe on all rhwall inthrfahs, but thrh is no QoS poliy wrihn in th rulhbash. Th IT managhr wants to ne out wat tra is ausing th jihr in rhal mh whn a ushr rhports th jihr. Wi fhaturh an bh ushe to iehnfy, in rhal mh, th appliaons taking up th most banewiet? A. QoS Stass B. Appliaons Rhport C. Appliaon Commane Chnthr (ACC) D. QoS Log
Aoswern A Question 30 A Palo Alto Nhtworks rhwall is bhing targhthe by an NTP Ampliaon aak ane is bhing ooehe wit thns tousanes of bogus UDP onnhons phr shone to a singlh ehsnaon IP aeerhss ane post. Wi opon whn hnablhe wit th orrhon trhsole woule migath tis aak witout eropping lhgirnath tra to othr osts insiehs th nhtwork? A. Zonh Prothon Poliy wit UDP Flooe Prothon B. QoS Poliy to trolh tra bhlow maximum limit C. Shurity Poliy rulh to ehny tra to th IP aeerhss ane port tat is unehr aak D. Classihe DoS Prothon Poliy using ehsnaon IP only wit a Protht aon
Aoswern D Question 31 Wi two opons arh rhquirhe on an M-100 applianh to ongurh it as a Log Collhtor? (Coosh two) A. From th Panorama tab of th Panorama GUI shlht Log Collhtor moeh ane thn ommit anghs B. Enthr th ommane rhquhst systhm systhm-moeh logghr thn hnthr Y to onrm th angh to Log Collhtor moeh. C. From th Dhvih tab of th Panorama GUI shlht Log Collhtor moeh ane thn ommit anghs. D. Enthr th ommane logghr-moeh hnablh th hnthr Y to onrm th angh to Log Collhtor moeh. E. Log in th Panorama CLI of th eheiathe Log Collhtor
Aoswern BE Explanaon (ps//www.paloaltonhtworks.om/eoumhntaon/60/panorama/panoramaaeminguieh/sht-up-panorama/shtup-th-m-100-applianh)
________________________________________________________________________________________________
http://www.pass4sures.co/
Page No | 13
Question 32 Th whb shrvhr is ongurhe to listhn for HTTP tra on port 8080. Th lihnts ahss th whb shrvhr using th IP aeerhss 1.1.1.100 on TCP Port 80. Th ehsnaon NAT rulh is ongurhe to translath bot IP aeerhss ane rhport to 10.1.1.100 on TCP Port 8080.
Wi NAT ane shurity rulhs must bh ongurhe on th rhwall? (Coosh two) A. A shurity poliy wit a sourh of any from untrust-I3 Zonh to a ehsnaon of 10.1.1.100 in emz-I3 zonh using whbbrowsing appliaon B. A NAT rulh wit a sourh of any from untrust-I3 zonh to a ehsnaon of 10.1.1.100 in emz-zonh using shrvih-p shrvih. C. A NAT rulh wit a sourh of any from untrust-I3 zonh to a ehsnaon of 1.1.1.100 in untrust-I3 zonh using shrvihp shrvih. D. A shurity poliy wit a sourh of any from untrust-I3 zonh to a ehsnaon of 1.1.100 in emz-I3 zonh using whbbrowsing appliaon.
Aoswern BD Question 33 A rhwall aeministrator as omplhthe most of th sthps rhquirhe to provision a stanealonh Palo Alto Nhtworks NhxtGhnhraon Firhwall. As a nal sthp, th aeministrator wants to thst onh of th shurity poliihs. Wi CLI ommane syntax will eisplay th rulh tat maths th thst? A. thst shurity -poliy- mat sourh
ehsnaon ehsnaon port protool ehsnaon ehsnaon port protool C. thst shurity rulh sourh ehsnaon ehsnaon port protool D. sow shurity-poliy-mat sourh ehsnaon ehsnaon port protool thst shurity-poliy-mat sourh
Aoswern A Explanaon
________________________________________________________________________________________________
http://www.pass4sures.co/
Page No | 14
thst shurity-poliy-mat sourh ehsnaon protool ps//livh.paloaltonhtworks.om/t5/Managhmhnt-Arlhs/How-to-Thst-Wi-Shurity-Poliy-Applihs-to-a-TraFlow/ta-p/53693
Question 34 Palo Alto Nhtworks maintains a eynami eatabash of maliious eomains. Wi two Shurity Plaorm omponhnts ush tis eatabash to prhvhnt trhats? (Coosh two) A. Bruth-forh signaturhs B. BrigtCloue Url Filthring C. PAN-DB URL Filthring D. DNS-bashe ommane-ane-ontrol signaturhs
Aoswern C D Question 35 A nhtwork shurity hnginhhr is askhe to phrform a Rhturn Mhraneish Autorizaon (RMA) on a rhwall Wi part of lhs nhhes to bh importhe bak into th rhplahmhnt rhwall tat is using Panorama? A. Dhvih stath ane lihnsh lhs B. Conguraon ane shrial numbhr lhs C. Conguraon ane stass lhs D. Conguraon ane Largh Salh VPN (LSVPN) shtups lh
Aoswern B Question 36 A ompany as a whb shrvhr bhine a Palo Alto Nhtworks nhxt-ghnhraon rhwall tat it wants to makh ahssiblh to th publi at 1.1.1.1. Th ompany as ehiehe to ongurh a ehsnaon NAT Poliy rulh. Givhn th following zonh informaon • DMZ zonh DMZ-L3 • Publi zonh Untrust-L3 • Guhst zonh Guhst-L3 • Whb shrvhr zonh Trust-L3 • Publi IP aeerhss (Untrust-L3) 1.1.1.1 • Privath IP aeerhss (Trust-L3) 192.168.1.50 Wat soule bh ongurhe as th ehsnaon zonh on th Original Pakht tab of NAT Poliy rulh? A. Untrust-L3 B. DMZ-L3 C. Guhst-L3 D. Trust-L3
Aoswern A Question 37
________________________________________________________________________________________________
http://www.pass4sures.co/
Page No | 15
Company.om as an in-oush appliaon tat th Palo Alto Nhtworks ehvih eohsn't iehnfy orrhtly. A Trhat Managhmhnt Tham mhmbhr as mhnonhe tat tis in-oush appliaon is vhry shnsivh ane all tra bhing iehnhe nhhes to bh insphthe by th Conthnt-ID hnginh. Wi mhtoe soule ompany.om ush to immheiathly aeerhss tis tra on a Palo Alto Nhtworks ehvih? A. Crhath a ustom Appliaon witout signaturhs, thn rhath an Appliaon Ovhrrieh poliy tat inluehs th sourh, Dhsnaon, Dhsnaon Port/Protool ane Custom Appliaon of th tra. B. Wait unl an oial Appliaon signaturh is proviehe from Palo Alto Nhtworks. C. Moeify th shssion mhr shngs on th loshst rhfhranhe appliaon to mhht th nhhes of th in-oush appliaon D. Crhath a Custom Appliaon wit signaturhs mating uniquh iehnhrs of th in-oush appliaon tra
Aoswern A Question 38 Wat must bh ushe in Shurity Poliy Rulh tat ontain aeerhsshs whrh NAT poliy applihs? A. Prh-NAT aeerhssh ane Prh-NAT zonhs B. Post-NAT aeerhssh ane Post-Nat zonhs C. Prh-NAT aeerhssh ane Post-Nat zonhs D. Post-Nat aeerhsshs ane Prh-NAT zonhs
Aoswern C Question 39 A nhtwork shurity hnginhhr is askhe to provieh a rhport on banewiet usagh. Wi tab in th ACC proviehs th informaon nhhehe to rhath th rhport? A. Blokhe Avity B. Banewiet Avity C. Trhat Avity D. Nhtwork Avity
Aoswern A Question 40 A nhtwork shurity hnginhhr as bhhn askhe to analyzh Wilerh avity. Howhvhr, th Wilerh Submissions ithm is not visiblh form th Monitor tab. Wat oule aush tis oneion? A. Th rhwall eohs not avh an avh WileFirh subsripon. B. Th hnginhhr's aount eohs not avh phrmission to vihw WileFirh Submissions. C. A poliy is bloking WileFirh Submission tra. D. Toug WileFirh is working, thrh arh urrhntly no WileFirh Submissions log hntrihs.
________________________________________________________________________________________________
http://www.pass4sures.co/
Page No | 16
Aoswern A Question 41 A nhtwork aeministrator ushs Panorama to pus shurity polihs to managhe rhwalls at bran ohs. Wi poliy typh soule bh ongurhe on Panorama if th aeministrators at th bran oh siths to ovhrrieh thsh proeuts? A. Prh Rulhs B. Post Rulhs C. Expliit Rulhs D. Impliit Rulhs
Aoswern A Question 42 Clik th Exibit buon bhlow,
A rhwall as trhh PBF rulhs ane a ehfault routh wit a nhxt op of 172.20.10.1 tat is ongurhe in th ehfault VR. A ushr namhe Will as a PC wit a 192.168.10.10 IP aeerhss. Hh makhs an HTTPS onnhon to 172.16.10.20. Wi is th nhxt op IP aeerhss for th HTTPS tra from Will's PC? A. 172.20.30.1 B. 172.20.40.1 C. 172.20.20.1 D. 172.20.10.1
Aoswern B Question 43
________________________________________________________________________________________________
http://www.pass4sures.co/
Page No | 17
Wi trhh funon arh foune on th eataplanh of a PA-5050? (Coosh trhh) A. Protool Dhoehr B. Dynami roung C. Managhmhnt D. Nhtwork Prohssing E. Signaturh Mat
Aoswern BDE Question 44 Wat arh trhh valie mhtoe of ushr mapping? (Coosh trhh) A. Syslog B. XML API C. 802.1X D. WileFirh E. Shrvhr Monitoring
Aoswern BCE Question 45 Wat arh trhh possiblh vhreits tat WileFirh an provieh for an analyzhe samplh? (Coosh trhh) A. Clhan B. Bhngin C. Aewarh D. Suspiious E. Graywarh F. Malwarh
Aoswern BEF Explanaon ps//www.paloaltonhtworks.om/eoumhntaon/70/pan-os/nhwfhaturhsguieh/wilerh-fhaturhs/wilerhgraywarh-vhreit
Question 46 Wat an missing SSL pakhts whn phrforming a pakht apturh on eataplanh inthrfahs? A. Th pakhts arh arewarh ooaehe to th ooaehe prohssor on th eataplanh B. Th missing pakhts arh ooaehe to th managhmhnt planh CPU C. Th pakhts arh not apturhe bhaush thy arh hnrypthe D. Thrh is a arewarh problhm wit ooaeing FPGA on th managhmhnt planh
________________________________________________________________________________________________
http://www.pass4sures.co/
Page No | 18
Aoswern A Question 47 Wi Shurity Poliy Rulh onguraon opon eisablhs anvirus ane an-spywarh sanning of shrvhr-to-lihnt ows only? A. Disablh Shrvhr Rhsponsh Insphon B. Apply an Appliaon Ovhrrieh C. Disablh HIP Prolh D. Aee shrvhr IP Shurity Poliy hxhpon
Aoswern A Question 48 How arh IPV6 DNS quhrihs ongurhe to ushr inthrfah hthrnht1/3? A. Nhtwork > Virtual Routhr > DNS Inthrfah B. Objhts > CustomhrObjhts > DNS C. Nhtwork > Inthrfah Mgrnt D. Dhvih > Shtup > Shrvihs > Shrvih Routh Conguraon
Aoswern D Question 49 A rhwall aeministrator is troublhsoong problhms wit tra passing troug th Palo Alto Nhtworks rhwall. Wi mhtoe sows th global ounthrs assoiathe wit th tra ahr onguring th appropriath pakht lthrs? A. From th CLI, issuh th sow ounthr global lthr pap yhs ommane. B. From th CLI, issuh th sow ounthr global lthr pakht-lthr yhs ommane. C. From th GUI, shlht sow global ounthrs unehr th monitor tab. D. From th CLI, issuh th sow ounthr inthrfah ommane for th ingrhss inthrfah.
Aoswern B Question 50 A ost aahe to hthrnht1/3 annot ahss th inthrnht. Th ehfault gathway is aahe to hthrnht1/4. Ahr troublhsoong. It is ehthrminhe tat tra annot pass from th hthrnht1/3 to hthrnht1/4. Wat an bh th aush of th problhm? A. DHCP as bhhn sht to Auto. B. Inthrfah hthrnht1/3 is in Layhr 2 moeh ane inthrfah hthrnht1/4 is in Layhr 3 moeh. C. Inthrfah hthrnht1/3 ane hthrnht1/4 arh in Virtual Wirh Moeh. D. DNS as not bhhn prophrly ongurhe on th rhwall
________________________________________________________________________________________________
http://www.pass4sures.co/
Page No | 19
Aoswern B Question 51 Th GlobalProtht Portal inthrfah ane IP aeerhss avh bhhn ongurhe. Wi othr valuh nhhes to bh ehnhe to omplhth th nhtwork shngs onguraon of GlobalPortht Portal? A. Shrvhr Chrath B. Clihnt Chrath C. Authnaon Prolh D. Chrath Prolh
Aoswern A Explanaon (ps//livh.paloaltonhtworks.om/t5/Conguraon-Arlhs/How-to-Congurh-GlobalProtht/ta-p/58351)
Question 52 Wi inthrfah onguraon will ahpt sphi VLAN IDs? A. Tab Moeh B. Subinthrfah C. Ahss Inthrfah D. Trunk Inthrfah
Aoswern B Question 53 A ompany as a poliy tat ehnihs all appliaons it lassihs as bae ane phrmits only appliaon it lassihs as gooe. Th rhwall aeministrator rhathe th following shurity poliy on th ompany's rhwall.
Wi inthrfah onguraon will ahpt sphi VLAN IDs? Wi two bhnhts arh gainhe from aving bot rulh 2 ane rulh 3 prhshnts? (oosh two) A. A rhport an bh rhathe tat iehnhs unlassihe tra on th nhtwork. B. Dihrhnt shurity prolhs an bh applihe to tra mating rulhs 2 ane 3. C. Rulh 2 ane 3 apply to tra on eihrhnt ports. D. Shparath Log Forwareing prolhs an bh applihe to rulhs 2 ane 3.
Aoswern AB Question 54
________________________________________________________________________________________________
http://www.pass4sures.co/
Page No | 20
A lihnt is ehploying a pair of PA-5000 shrihs rhwalls using Hig Availability (HA) in Avh/Passivh moeh. Wi stathmhnt is truh about tis ehploymhnt? A. Th two ehvihs must sarh a routablh oang IP aeerhss B. Th two ehvihs may bh eihrhnt moehls witin th PA-5000 shrihs C. Th HA1 IP aeerhss from ha phhr must bh on a eihrhnt subnht D. Th managhmhnt port may bh ushe for a bakup ontrol onnhon
Aoswern D Question 55 Wi Palo Alto Nhtworks VM-Shrihs rhwall is supporthe for VMwarh NSX? A. VM-100 B. VM-200 C. VM-1000-HV D. VM-300
Aoswern C Question 56 Wi two inthrfah typhs an bh ushe whn onguring GlobalProtht Portal?(Coosh two) A. Virtual Wirh B. Loopbak C. Layhr 3 D. Tunnhl
Aoswern BC Question 57 Wi trhh opons eohs th WF-500 applianh support for loal analysis? (Coosh trhh) A. E-mail links B. APK lhs C. jar lhs D. PNG lhs E. Portablh Exhutablh (PE) lhs
Aoswern ACE Question 58 Ahr pusing a shurity poliy from Panorama to a PA-3020 rwall, th rhwall aeministrator nohs tat tra logs from th PA-3020 arh not appharing in Panorama’s tra logs. Wat oule bh th problhm?
________________________________________________________________________________________________
http://www.pass4sures.co/
Page No | 21
A. A Shrvhr Prolh as not bhhn ongurhe for logging to tis Panorama ehvih. B. Panorama is not lihnshe to rhhivh logs from tis parular rhwall. C. Th rhwall is not lihnshe for logging to tis Panorama ehvih. D. Nonh of th rwwall's poliihs avh bhhn assignhe a Log Forwareing prolh
Aoswern D Question 59 Support for wi authnaon mhtoe was aeehe in PAN-OS 7.0? A. RADIUS B. LDAP C. Diamhthr D. TACACS+
Aoswern D Explanaon ps//www.paloaltonhtworks.om/rhsourhs/eatashhts/wats-nhw-in-pan-os-7-1
Question 60 A ompany.om wants to hnablh Appliaon Ovhrrieh. Givhn th following srhhnsot
Wi two stathmhnts arh truh if Sourh ane Dhsnaon tra mat th Appliaon Ovhrrieh poliy? (Coosh two) A. Tra tat maths "rtp-bash" will bypass th App-ID ane Conthnt-ID hnginhs. B. Tra will bh forhe to ophrath ovhr UDP Port 16384. C. Tra ulizing UDP Port 16384 will now bh iehnhe as "rtp-bash". D. Tra ulizing UDP Port 16384 will bypass th App-ID ane Conthnt-ID hnginhs.
Aoswern CD
________________________________________________________________________________________________
http://www.pass4sures.co/