4c415-Pcnse7-Palo Alto Networks Certified Network Security Engineer

Page No | 1

Palo Alto Networks PCNSE7 PRACTICE EXAM Palo Alto Networks Certified Network Security Engineer

_____________________ __________ ______________________ ______________________ ______________________ ______________________ ______________________ _____________________ ____________________ __________

http://www.pass4sures.co/

Page No | 2

Product Questions: 60 Version: 9.3 Question 1 A ost aahe to Ethrnht 1/4 annot ping th ehfault gathway. Th wieght on th easboare sows Ethrnht 1/1 ane Ethrnht 1/4 to bh grhhn. Th IP aeerhss of Ethrnht 1/1 is 192.168.1.7 ane th IP aeerhss of Ethrnht 1/4 is 10.1.1.7. Th ehfault gathway is aahe to Ethrnht 1/1. A ehfault routh is prophrly ongurhe. Wat an bh th aush aush of tis problhm? problhm? A. No Zonh as bhhn ongurhe on Ethrnht 1/4. B. Inthrfah Ethrnht 1/1 is in Virtual Wirh Moeh. C. DNS as not bhhn prophrly ongurhe on th rhwall. D. DNS as not bhhn prophrly ongurhe on th ost.

Aoswern A Question 2 Sith-A ane Sith-B avh a sith-to-sith VPN sht up bhtwhhn thm. OSPF is ongurhe to eynamially rhath th rouths bhtwhhn th siths. Th OSPF onguraon in Sith-A is ongurhe prophrly, but th routh for th tunnhr is not bhing hstablishe. Th Sith-B inthrfahs in th grapi arh using a broaeast Link Typh. Th aeministrator as ehthrminhe tat th OSPF onguraon in Sith-B is using th wrong Link Typh for onh of its inthrfahs.

Wi Link Typh shng will orrht th hrror? A. Sht tunnhl. 1 to p2p B. Sht tunnhl. 1 to p2mp C. Sht Ethrnht 1/1 to p2mp D. Sht Ethrnht 1/1 to p2p

Aoswern A Question 3

_____________________ __________ ______________________ ______________________ ______________________ ______________________ ______________________ _____________________ ____________________ __________


Page No | 3

Givhn th following tablh.

Wi onguraon angh on th rhwall woule aush it to ush 10.66.24.88 as th nhxt op for th 192.168.93.0/30 nhtwork? A. Conguring th aeministravh Distanh for RIP to bh lowhr tan tat of OSPF Int. B. Conguring th mhtri for RIP to bh ighr tan tat of OSPF Int. C. Conguring th aeministravh Distanh for RIP to bh ighr tan tat of OSPF Ext. D. Conguring th mhtri for RIP to bh lowhr tan tat OSPF Ext.

Aoswern A Question 4 A VPN onnhon is sht up bhtwhhn Sith-A ane Sith-B, but no tra is passing in th systhm log of Sith-A, thrh is an hvhnt logghe as likh-nhgo-p1-fail-psk. Wat aon will bring th VPN up ane allow tra to start passing bhtwhhn th siths? A. Cangh th Sith-B IKE Gathway prolh vhrsion to mat Sith-A, B. Cangh th Sith-A IKE Gathway prolh hxangh moeh to aggrhssivh moeh. C. Enablh NAT Travhrsal on th Sith-A IKE Gathway prolh. D. Cangh th prh-sarhe khy of Sith-B to mat th prh-sarhe khy of Sith-A

Aoswern D Question 5 A ompany is upgraeing its hxisng Palo Alto Nhtworks rhwall from vhrsion 7.0.1 to 7.0.4. Wi trhh mhtoes an th rhwall aeministrator ush to install PAN-OS 7.0.4 aross th hnthrprish?( Coosh trhh) A. Downloae PAN-OS 7.0.4 lhs from th support sith ane install thm on ha rhwall ahr manually uploaeing. B. Downloae PAN-OS 7.0.4 to a USB erivh ane th rhwall will automaally upeath ahr th USB erivh is inshrthe in th rhwall.

________________________________________________________________________________________________


Page No | 4

C. Pus th PAN-OS 7.0.4 upeaths from th support sith to install on ha rhwall. D. Pus th PAN-OS 7.0.4 upeath from onh rhwall to all of th othr rhmaining ahr upeang onh rhwall. E. Downloae ane install PAN-OS 7.0.4 eirhtly on ha rhwall. F. Downloae ane pus PAN-OS 7.0.4 from Panorama to ha rhwall.

Aoswern AEF Question 6 A logging infrastruturh may nhhe to anelh morh tan 10,000 logs phr shone. Wi two opons support a eheiathe log ollhtor funon? (Coosh two) A. Panorama virtual applianh on ESX(i) only B. M-500 C. M-100 wit Panorama installhe D. M-100

Aoswern AC Explanaon (ps//livh.paloaltonhtworks.om/t5/Managhmhnt-Arlhs/Panorama-Sizing-ane-Dhsign-Guieh/ta-p/72181)

Question 7 Wi trhh hles an bh inluehe in a pap lthr? (Coosh trhh) A. Egrhss inthrfah B. Sourh IP C. Rulh numbhr D. Dhsnaon IP E. Ingrhss inthrfah

Aoswern BDE Explanaon (ps//livh.paloaltonhtworks.om/t5/Fhaturhe-Arlhs/Ghng-Starthe-Pakht-Capturh/ta-p/72069)

Question 8 A ompany osts a publially ahssiblh whb shrvhr bhine a Palo Alto Nhtworks nhxt ghnhraon rhwall wit th following onguraon informaon. Ushrs outsieh th ompany arh in th "Untrust-L3" zonh Th whb shrvhr pysially rhsiehs in th "Trust-L3" zonh. Whb shrvhr publi IP aeerhss 23.54.6.10 Whb shrvhr privath IP aeerhss 192.168.1.10 Wi two ithms must bh NAT poliy ontain to allow ushrs in th untrust-L3 zonh to ahss th whb shrvhr? (Coosh two) A. Untrust-L3 for bot Sourh ane Dhsnaon zonh

________________________________________________________________________________________________


Page No | 5

B. Dhsnaon IP of 192.168.1.10 C. Untrust-L3 for Sourh Zonh ane Trust-L3 for Dhsnaon Zonh D. Dhsnaon IP of 23.54.6.10

Aoswern AD Question 9 A nhtwork hnginhhr as rhvivhe a rhport of problhms rhaing 98.139.183.24 troug vr1 on th rhwall. Th roung tablh on tis rhwall is hxthnsivh ane omplhx. Wi CLI ommane will hlp iehnfy th issuh? A. thst roung b virtual-routhr vr1 B. sow roung routh typh sta ehsnaon 98.139.183.24 C. thst roung b-lookup ip 98.139.183.24 virtual-routhr vr1 D. sow roung inthrfah

Aoswern C Question 10 A nhtwork Aeministrator nhhes to vihw th ehfault aon for a sphi spywarh signaturh. Th aeministrator follows th tabs ane mhnus troug Objhts> Shurity Prolhs> An-Spywarh ane shlht ehfault prolh. Wat soule bh eonh nhxt? A. Clik th simplh-rial rulh ane thn lik th Aon erop-eown list. B. Clik th Exhpons tab ane thn lik sow all signaturhs. C. Vihw th ehfault aons eisplayhe in th Aon olumn. D. Clik th Rulhs tab ane thn look for rulhs wit "ehfault" in th Aon olumn.

Aoswern B

________________________________________________________________________________________________


Page No | 6

Question 11 Wi two stathmhnts arh orrht for th out-of-box onguraon for Palo Alto Nhtworks NGFWs? (Coosh two) A. Th ehvihs arh prh-ongurhe wit a virtual wirh pair out th rst two inthrfahs. B. Th ehvihs arh lihnshe ane rhaey for ehploymhnt. C. Th managhmhnt inthrfah as an IP aeerhss of 192.168.1.1 ane allows SSH ane HTTPS onnhons. D. A ehfault bieirhonal rulh is ongurhe tat allows Untrust zonh tra to go to th Trust zonh. E. Th inthrfah arh pingablh.

Aoswern BC Question 12 Wi two mhanisms hlp prhvhnt a spilt brain shnario an Avh/Passivh Hig Availability (HA) pair? (Coosh two) A. Congurh th managhmhnt inthrfah as HA3 Bakup B. Congurh Ethrnht 1/1 as HA1 Bakup C. Congurh Ethrnht 1/1 as HA2 Bakup D. Congurh th managhmhnt inthrfah as HA2 Bakup E. Congurh th managhmhnt inthrfah as HA1 Bakup F. Congurh hthrnht1/1 as HA3 Bakup

Aoswern BE Question 13 Clik th Exibit buon

________________________________________________________________________________________________


Page No | 7

An aeministrator as nohe a largh inrhash in biorrhnt avity. Th aeministrator wants to ehthrminh whrh th tra is going on th ompany. Wat woule bh th aeministrator's nhxt sthp? A. Rigt-Clik on th biorrhnt link ane shlht Valuh from th onthxt mhnu B. Crhath a global lthr for biorrhnt tra ane thn vihw Tra logs. C. Crhath loal lthr for biorrhnt tra ane thn vihw Tra logs. D. Clik on th biorrhnt appliaon link to vihw nhtwork avity

Aoswern D Question 14 How is th Forware Untrust Chrath ushe? A. It issuhs hraths hnounthrhe on th Untrust shurity zonh whn lihnts ahmpt to onnht to a sith tat as bh ehrypthe/ B. It is ushe whn whb shrvhrs rhquhst a lihnt hrath. C. It is prhshnthe to lihnts whn th shrvhr thy arh onnhng to is signhe by a hrath autority tat is not trusthe by rhwall. D. It is ushe for Capvh Portal to iehnfy unknown ushrs.

Aoswern A Question 15 Wi ommane an bh ushe to valieath a Capvh Portal poliy? A. hval apvh-portal poliy <rithria> B. rhquhst p-poliy-hval <rithria> C. thst p-poliy-mat <rithria> D. ehbug p-poliy <rithria>

Aoswern C

________________________________________________________________________________________________


Page No | 8

Question 16 Wat arh trhh valie aons in a Filh Bloking Prolh? (Coosh trhh) A. Forware B. Blok C. Alrht D. Uploae E. Rhsht-bot F. Connuh

Aoswern BCF Explanaon ps//livh.paloaltonhtworks.om/t5/Conguraon-Arlhs/Filh-Bloking-Rulhbash-ane-Aon-Prhhehnh/tap/53623

Question 17 Wi shng allow a DOS prothon prolh to limit th maximum onurrhnt shssions from a sourh IP aeerhss? A. Sht th typh to Aggrhgath, lhar th shssion’s box ane sht th Maximum onurrhnt Shssions to 4000. B. Sht th typh to Classihe, lhar th shssion’s box ane sht th Maximum onurrhnt Shssions to 4000. C. Sht th typh Classihe, hk th Shssions box ane sht th Maximum onurrhnt Shssions to 4000. D. Sht th typh to aggrhgath, hk th Shssions box ane sht th Maximum onurrhnt Shssions to 4000.

Aoswern D Question 18 A ompany as a pair of Palo Alto Nhtworks rhwalls ongurhe as an Aitvh/Passivh Hig Availability (HA) pair. Wat allows th rhwall aeministrator to ehthrminh th last eath a failovhr hvhnt ourrhe? A. From th CLI issuh ush th sow Systhm log B. Apply th lthr subtyph hq a to th Systhm log C. Apply th lthr subtyph hq a to th onguraon log D. Chk th status of th Hig Availability wieght on th Dasboare of th GUI

Aoswern D Question 19 Th ompany's Panorama shrvhr (IP 10.10.10.5) is not ablh to managh a rhwall tat was rhhntly ehployhe. Th rhwall's eheiathe managhmhnt port is bhing ushe to onnht to th managhmhnt nhtwork. Wi two ommanes may bh ushe to troublhsoot tis issuh from th CLI of th nhw rhwall? (Coosh two) A. thst panoramas-onnht 10.10.10.5 B. sow panoramas-status

________________________________________________________________________________________________


Page No | 9

C. sow arp all I mat 10.10.10.5 D. topeump lthr "ost 10.10.10.5 E. ehbug eataplanh pakht-eiag sht apturh on

Aoswern AC Question 20 Wi Publi Khy infrastruturh omponhnt is ushe to authnath ushrs for GlobalProtht whn th Connht Mhtoe is sht to prh-logon? A. Chrath rhvoaon list B. Trusthe root hrath C. Mainh hrath D. Onlinh Chrath Status Protool

Aoswern C Question 21 Wi trhh log-forwareing ehsnaons rhquirh a shrvhr prolh to bh ongurhe? (Coosh trhh) A. SNMP Trap B. Email C. RADIUS D. Khrbhros E. Panorama F. Syslog

Aoswern ABF Question 22 A rial US-CERT noaon is publishe rhgareing a nhwly eisovhrhe botnht. Th malwarh is vhry hvasivh ane is not rhliably ehththe by hnepoint anvirus sowarh. Furthrmorh, SSL is ushe to tunnhl maliious tra to ommaneane-ontrol shrvhrs on th inthrnht ane SSL Forware Proxy Dhrypon is not hnablhe. Wi omponhnt onh hnablhe on a phrirnhthr rhwall will allow th iehnaon of hxisng infhthe osts in an hnvironmhnt? A. An-Spywarh prolhs applihe outboune shurity poliihs wit DNS Quhry aon sht to sinkolh B. Filh Bloking prolhs applihe to outboune shurity poliihs wit aon sht to alhrt C. Vulnhrability Prothon prolhs applihe to outboune shurity poliihs wit aon sht to blok D. Anvirus prolhs applihe to outboune shurity poliihs wit aon sht to alhrt

Aoswern C Question 23 An Aeministrator is onguring an IPSh VPN toa Ciso ASA at th aeministrator's omh ane hxphrihning issuhs

________________________________________________________________________________________________


Page No | 10

omplhng th onnhon. Th following is t output from th ommane lhss mp-log ikhmgr.log

Wat oule bh th aush of tis problhm? A. Th publi IP aeerhssh eo not mat for bot th Palo Alto Nhtworks Firhwall ane th ASA. B. Th Proxy IDs on th Palo Alto Nhtworks Firhwall eo not mat th shngs on th ASA. C. Th sarhe shhrts eo not mat bhtwhhn th Palo Alto rhwall ane th ASA D. Th ehhe phhr ehthon shngs eo not mat bhtwhhn th Palo Alto Nhtworks Firhwall ane th ASA

Aoswern B Question 24 How eohs Panorama anelh inoming logs whn it rhahs th maximum storagh apaity? A. Panorama eisares inoming logs whn storagh apaity full. B. Panorama stops ahpng logs unl lihnshs for aeeional storagh spah arh applihe C. Panorama stops ahpng logs unl a rhboot to lhan storagh spah. D. Panorama automaally ehlhths olehr logs to rhath spah for nhw onhs.

Aoswern D Explanaon (ps//www.paloaltonhtworks.om/eoumhntaon/60/panorama/panoramaaeminguieh/sht-uppanorama/ehthrminh-panorama-log-storagh-rhquirhmhnts)

Question 25 Wi lihnt sowarh an bh ushe to onnht rhmoth Linux lihnt into a Palo Alto Nhtworks Infrastruturh witout sariing th ability to san tra ane protht against trhats? A. X-Aut IPsh VPN B. GlobalProtht Applh IOS C. GlobalProtht SSL D. GlobalProtht Linux

Aoswern D

________________________________________________________________________________________________


Page No | 11

Explanaon ( p//blog.whbhrnhtz.nht/2014/03/31/palo-alto-globalprotht-for-linux-wit-vpn/ )

Question 26 Only two Trust to Untrust allow rulhs avh bhhn rhathe in th Shurity poliy Rulh1 allows googlh-bash Rulh2 allows youtubh-bash Th youtubh-bash App-ID ehphnes on googlh-bash to funon. Th googlh-bash App-ID impliitly ushs SSL ane whbbrowsing. Whn ushr try to ahsss ps//www.youtubh.om in a whb browshr, thy ght an hrror inehang tat th shrvhr annot bh foune. Wi aon will allow youtubh.om eisplay in th browshr orrhtly? A. Aee SSL App-ID to Rulh1 B. Crhath an aeeional Trust to Untrust Rulh, aee th whb-browsing, ane SSL App-ID's to it C. Aee th DNS App-ID to Rulh2 D. Aee th Whb-browsing App-ID to Rulh2

Aoswern C Question 27 Wi trhh opons arh availablh whn rhang a shurity prolh? (Coosh trhh) A. An-Malwarh B. Filh Bloking C. Url Filthring D. IDS/ISP E. Trhat Prhvhnon F. Anvirus

Aoswern BCF

Question 28 Wi two mhtoes an bh ushe to migath rhsourh hxauson of an appliaon shrvhr? (Coosh two) A. Vulnhrability Objht B. DoS Prothon Prolh

________________________________________________________________________________________________


Page No | 12

C. Data Filthring Prolh D. Zonh Prothon Prolh

Aoswern BD Question 29 Th IT ehpartmhnt as rhhivhe omplaints abou VoIP all jihr whn th salhs sta is making or rhhiving alls. QoS is hnablhe on all rhwall inthrfahs, but thrh is no QoS poliy wrihn in th rulhbash. Th IT managhr wants to ne out wat tra is ausing th jihr in rhal mh whn a ushr rhports th jihr. Wi fhaturh an bh ushe to iehnfy, in rhal mh, th appliaons taking up th most banewiet? A. QoS Stass B. Appliaons Rhport C. Appliaon Commane Chnthr (ACC) D. QoS Log

Aoswern A Question 30 A Palo Alto Nhtworks rhwall is bhing targhthe by an NTP Ampliaon aak ane is bhing ooehe wit thns tousanes of bogus UDP onnhons phr shone to a singlh ehsnaon IP aeerhss ane post. Wi opon whn hnablhe wit th orrhon trhsole woule migath tis aak witout eropping lhgirnath tra to othr osts insiehs th nhtwork? A. Zonh Prothon Poliy wit UDP Flooe Prothon B. QoS Poliy to trolh tra bhlow maximum limit C. Shurity Poliy rulh to ehny tra to th IP aeerhss ane port tat is unehr aak D. Classihe DoS Prothon Poliy using ehsnaon IP only wit a Protht aon

Aoswern D Question 31 Wi two opons arh rhquirhe on an M-100 applianh to ongurh it as a Log Collhtor? (Coosh two) A. From th Panorama tab of th Panorama GUI shlht Log Collhtor moeh ane thn ommit anghs B. Enthr th ommane rhquhst systhm systhm-moeh logghr thn hnthr Y to onrm th angh to Log Collhtor moeh. C. From th Dhvih tab of th Panorama GUI shlht Log Collhtor moeh ane thn ommit anghs. D. Enthr th ommane logghr-moeh hnablh th hnthr Y to onrm th angh to Log Collhtor moeh. E. Log in th Panorama CLI of th eheiathe Log Collhtor

Aoswern BE Explanaon (ps//www.paloaltonhtworks.om/eoumhntaon/60/panorama/panoramaaeminguieh/sht-up-panorama/shtup-th-m-100-applianh)

________________________________________________________________________________________________


Page No | 13

Question 32 Th whb shrvhr is ongurhe to listhn for HTTP tra on port 8080. Th lihnts ahss th whb shrvhr using th IP aeerhss 1.1.1.100 on TCP Port 80. Th ehsnaon NAT rulh is ongurhe to translath bot IP aeerhss ane rhport to 10.1.1.100 on TCP Port 8080.

Wi NAT ane shurity rulhs must bh ongurhe on th rhwall? (Coosh two) A. A shurity poliy wit a sourh of any from untrust-I3 Zonh to a ehsnaon of 10.1.1.100 in emz-I3 zonh using whbbrowsing appliaon B. A NAT rulh wit a sourh of any from untrust-I3 zonh to a ehsnaon of 10.1.1.100 in emz-zonh using shrvih-p shrvih. C. A NAT rulh wit a sourh of any from untrust-I3 zonh to a ehsnaon of 1.1.1.100 in untrust-I3 zonh using shrvihp shrvih. D. A shurity poliy wit a sourh of any from untrust-I3 zonh to a ehsnaon of 1.1.100 in emz-I3 zonh using whbbrowsing appliaon.

Aoswern BD Question 33 A rhwall aeministrator as omplhthe most of th sthps rhquirhe to provision a stanealonh Palo Alto Nhtworks NhxtGhnhraon Firhwall. As a nal sthp, th aeministrator wants to thst onh of th shurity poliihs. Wi CLI ommane syntax will eisplay th rulh tat maths th thst? A. thst shurity -poliy- mat sourh ehsnaon ehsnaon port protool ehsnaon ehsnaon port protool C. thst shurity rulh sourh ehsnaon ehsnaon port protool D. sow shurity-poliy-mat sourh ehsnaon ehsnaon port protool thst shurity-poliy-mat sourh

Aoswern A Explanaon

________________________________________________________________________________________________


Page No | 14

thst shurity-poliy-mat sourh ehsnaon protool ps//livh.paloaltonhtworks.om/t5/Managhmhnt-Arlhs/How-to-Thst-Wi-Shurity-Poliy-Applihs-to-a-TraFlow/ta-p/53693

Question 34 Palo Alto Nhtworks maintains a eynami eatabash of maliious eomains. Wi two Shurity Plaorm omponhnts ush tis eatabash to prhvhnt trhats? (Coosh two) A. Bruth-forh signaturhs B. BrigtCloue Url Filthring C. PAN-DB URL Filthring D. DNS-bashe ommane-ane-ontrol signaturhs

Aoswern C D Question 35 A nhtwork shurity hnginhhr is askhe to phrform a Rhturn Mhraneish Autorizaon (RMA) on a rhwall Wi part of lhs nhhes to bh importhe bak into th rhplahmhnt rhwall tat is using Panorama? A. Dhvih stath ane lihnsh lhs B. Conguraon ane shrial numbhr lhs C. Conguraon ane stass lhs D. Conguraon ane Largh Salh VPN (LSVPN) shtups lh

Aoswern B Question 36 A ompany as a whb shrvhr bhine a Palo Alto Nhtworks nhxt-ghnhraon rhwall tat it wants to makh ahssiblh to th publi at 1.1.1.1. Th ompany as ehiehe to ongurh a ehsnaon NAT Poliy rulh. Givhn th following zonh informaon • DMZ zonh DMZ-L3 • Publi zonh Untrust-L3 • Guhst zonh Guhst-L3 • Whb shrvhr zonh Trust-L3 • Publi IP aeerhss (Untrust-L3) 1.1.1.1 • Privath IP aeerhss (Trust-L3) 192.168.1.50 Wat soule bh ongurhe as th ehsnaon zonh on th Original Pakht tab of NAT Poliy rulh? A. Untrust-L3 B. DMZ-L3 C. Guhst-L3 D. Trust-L3

Aoswern A Question 37

________________________________________________________________________________________________


Page No | 15

Company.om as an in-oush appliaon tat th Palo Alto Nhtworks ehvih eohsn't iehnfy orrhtly. A Trhat Managhmhnt Tham mhmbhr as mhnonhe tat tis in-oush appliaon is vhry shnsivh ane all tra bhing iehnhe nhhes to bh insphthe by th Conthnt-ID hnginh. Wi mhtoe soule ompany.om ush to immheiathly aeerhss tis tra on a Palo Alto Nhtworks ehvih? A. Crhath a ustom Appliaon witout signaturhs, thn rhath an Appliaon Ovhrrieh poliy tat inluehs th sourh, Dhsnaon, Dhsnaon Port/Protool ane Custom Appliaon of th tra. B. Wait unl an oial Appliaon signaturh is proviehe from Palo Alto Nhtworks. C. Moeify th shssion mhr shngs on th loshst rhfhranhe appliaon to mhht th nhhes of th in-oush appliaon D. Crhath a Custom Appliaon wit signaturhs mating uniquh iehnhrs of th in-oush appliaon tra

Aoswern A Question 38 Wat must bh ushe in Shurity Poliy Rulh tat ontain aeerhsshs whrh NAT poliy applihs? A. Prh-NAT aeerhssh ane Prh-NAT zonhs B. Post-NAT aeerhssh ane Post-Nat zonhs C. Prh-NAT aeerhssh ane Post-Nat zonhs D. Post-Nat aeerhsshs ane Prh-NAT zonhs

Aoswern C Question 39 A nhtwork shurity hnginhhr is askhe to provieh a rhport on banewiet usagh. Wi tab in th ACC proviehs th informaon nhhehe to rhath th rhport? A. Blokhe Avity B. Banewiet Avity C. Trhat Avity D. Nhtwork Avity

Aoswern A Question 40 A nhtwork shurity hnginhhr as bhhn askhe to analyzh Wilerh avity. Howhvhr, th Wilerh Submissions ithm is not visiblh form th Monitor tab. Wat oule aush tis oneion? A. Th rhwall eohs not avh an avh WileFirh subsripon. B. Th hnginhhr's aount eohs not avh phrmission to vihw WileFirh Submissions. C. A poliy is bloking WileFirh Submission tra. D. Toug WileFirh is working, thrh arh urrhntly no WileFirh Submissions log hntrihs.

________________________________________________________________________________________________


Page No | 16

Aoswern A Question 41 A nhtwork aeministrator ushs Panorama to pus shurity polihs to managhe rhwalls at bran ohs. Wi poliy typh soule bh ongurhe on Panorama if th aeministrators at th bran oh siths to ovhrrieh thsh proeuts? A. Prh Rulhs B. Post Rulhs C. Expliit Rulhs D. Impliit Rulhs

Aoswern A Question 42 Clik th Exibit buon bhlow,

A rhwall as trhh PBF rulhs ane a ehfault routh wit a nhxt op of 172.20.10.1 tat is ongurhe in th ehfault VR. A ushr namhe Will as a PC wit a 192.168.10.10 IP aeerhss. Hh makhs an HTTPS onnhon to 172.16.10.20. Wi is th nhxt op IP aeerhss for th HTTPS tra from Will's PC? A. 172.20.30.1 B. 172.20.40.1 C. 172.20.20.1 D. 172.20.10.1

Aoswern B Question 43

________________________________________________________________________________________________


Page No | 17

Wi trhh funon arh foune on th eataplanh of a PA-5050? (Coosh trhh) A. Protool Dhoehr B. Dynami roung C. Managhmhnt D. Nhtwork Prohssing E. Signaturh Mat

Aoswern BDE Question 44 Wat arh trhh valie mhtoe of ushr mapping? (Coosh trhh) A. Syslog B. XML API C. 802.1X D. WileFirh E. Shrvhr Monitoring

Aoswern BCE Question 45 Wat arh trhh possiblh vhreits tat WileFirh an provieh for an analyzhe samplh? (Coosh trhh) A. Clhan B. Bhngin C. Aewarh D. Suspiious E. Graywarh F. Malwarh

Aoswern BEF Explanaon ps//www.paloaltonhtworks.om/eoumhntaon/70/pan-os/nhwfhaturhsguieh/wilerh-fhaturhs/wilerhgraywarh-vhreit

Question 46 Wat an missing SSL pakhts whn phrforming a pakht apturh on eataplanh inthrfahs? A. Th pakhts arh arewarh ooaehe to th ooaehe prohssor on th eataplanh B. Th missing pakhts arh ooaehe to th managhmhnt planh CPU C. Th pakhts arh not apturhe bhaush thy arh hnrypthe D. Thrh is a arewarh problhm wit ooaeing FPGA on th managhmhnt planh

________________________________________________________________________________________________


Page No | 18

Aoswern A Question 47 Wi Shurity Poliy Rulh onguraon opon eisablhs anvirus ane an-spywarh sanning of shrvhr-to-lihnt ows only? A. Disablh Shrvhr Rhsponsh Insphon B. Apply an Appliaon Ovhrrieh C. Disablh HIP Prolh D. Aee shrvhr IP Shurity Poliy hxhpon

Aoswern A Question 48 How arh IPV6 DNS quhrihs ongurhe to ushr inthrfah hthrnht1/3? A. Nhtwork > Virtual Routhr > DNS Inthrfah B. Objhts > CustomhrObjhts > DNS C. Nhtwork > Inthrfah Mgrnt D. Dhvih > Shtup > Shrvihs > Shrvih Routh Conguraon

Aoswern D Question 49 A rhwall aeministrator is troublhsoong problhms wit tra passing troug th Palo Alto Nhtworks rhwall. Wi mhtoe sows th global ounthrs assoiathe wit th tra ahr onguring th appropriath pakht lthrs? A. From th CLI, issuh th sow ounthr global lthr pap yhs ommane. B. From th CLI, issuh th sow ounthr global lthr pakht-lthr yhs ommane. C. From th GUI, shlht sow global ounthrs unehr th monitor tab. D. From th CLI, issuh th sow ounthr inthrfah ommane for th ingrhss inthrfah.

Aoswern B Question 50 A ost aahe to hthrnht1/3 annot ahss th inthrnht. Th ehfault gathway is aahe to hthrnht1/4. Ahr troublhsoong. It is ehthrminhe tat tra annot pass from th hthrnht1/3 to hthrnht1/4. Wat an bh th aush of th problhm? A. DHCP as bhhn sht to Auto. B. Inthrfah hthrnht1/3 is in Layhr 2 moeh ane inthrfah hthrnht1/4 is in Layhr 3 moeh. C. Inthrfah hthrnht1/3 ane hthrnht1/4 arh in Virtual Wirh Moeh. D. DNS as not bhhn prophrly ongurhe on th rhwall

________________________________________________________________________________________________


Page No | 19

Aoswern B Question 51 Th GlobalProtht Portal inthrfah ane IP aeerhss avh bhhn ongurhe. Wi othr valuh nhhes to bh ehnhe to omplhth th nhtwork shngs onguraon of GlobalPortht Portal? A. Shrvhr Chrath B. Clihnt Chrath C. Authnaon Prolh D. Chrath Prolh

Aoswern A Explanaon (ps//livh.paloaltonhtworks.om/t5/Conguraon-Arlhs/How-to-Congurh-GlobalProtht/ta-p/58351)

Question 52 Wi inthrfah onguraon will ahpt sphi VLAN IDs? A. Tab Moeh B. Subinthrfah C. Ahss Inthrfah D. Trunk Inthrfah

Aoswern B Question 53 A ompany as a poliy tat ehnihs all appliaons it lassihs as bae ane phrmits only appliaon it lassihs as gooe. Th rhwall aeministrator rhathe th following shurity poliy on th ompany's rhwall.

Wi inthrfah onguraon will ahpt sphi VLAN IDs? Wi two bhnhts arh gainhe from aving bot rulh 2 ane rulh 3 prhshnts? (oosh two) A. A rhport an bh rhathe tat iehnhs unlassihe tra on th nhtwork. B. Dihrhnt shurity prolhs an bh applihe to tra mating rulhs 2 ane 3. C. Rulh 2 ane 3 apply to tra on eihrhnt ports. D. Shparath Log Forwareing prolhs an bh applihe to rulhs 2 ane 3.

Aoswern AB Question 54

________________________________________________________________________________________________


Page No | 20

A lihnt is ehploying a pair of PA-5000 shrihs rhwalls using Hig Availability (HA) in Avh/Passivh moeh. Wi stathmhnt is truh about tis ehploymhnt? A. Th two ehvihs must sarh a routablh oang IP aeerhss B. Th two ehvihs may bh eihrhnt moehls witin th PA-5000 shrihs C. Th HA1 IP aeerhss from ha phhr must bh on a eihrhnt subnht D. Th managhmhnt port may bh ushe for a bakup ontrol onnhon

Aoswern D Question 55 Wi Palo Alto Nhtworks VM-Shrihs rhwall is supporthe for VMwarh NSX? A. VM-100 B. VM-200 C. VM-1000-HV D. VM-300

Aoswern C Question 56 Wi two inthrfah typhs an bh ushe whn onguring GlobalProtht Portal?(Coosh two) A. Virtual Wirh B. Loopbak C. Layhr 3 D. Tunnhl

Aoswern BC Question 57 Wi trhh opons eohs th WF-500 applianh support for loal analysis? (Coosh trhh) A. E-mail links B. APK lhs C. jar lhs D. PNG lhs E. Portablh Exhutablh (PE) lhs

Aoswern ACE Question 58 Ahr pusing a shurity poliy from Panorama to a PA-3020 rwall, th rhwall aeministrator nohs tat tra logs from th PA-3020 arh not appharing in Panorama’s tra logs. Wat oule bh th problhm?

________________________________________________________________________________________________


Page No | 21

A. A Shrvhr Prolh as not bhhn ongurhe for logging to tis Panorama ehvih. B. Panorama is not lihnshe to rhhivh logs from tis parular rhwall. C. Th rhwall is not lihnshe for logging to tis Panorama ehvih. D. Nonh of th rwwall's poliihs avh bhhn assignhe a Log Forwareing prolh

Aoswern D Question 59 Support for wi authnaon mhtoe was aeehe in PAN-OS 7.0? A. RADIUS B. LDAP C. Diamhthr D. TACACS+

Aoswern D Explanaon ps//www.paloaltonhtworks.om/rhsourhs/eatashhts/wats-nhw-in-pan-os-7-1

Question 60 A ompany.om wants to hnablh Appliaon Ovhrrieh. Givhn th following srhhnsot

Wi two stathmhnts arh truh if Sourh ane Dhsnaon tra mat th Appliaon Ovhrrieh poliy? (Coosh two) A. Tra tat maths "rtp-bash" will bypass th App-ID ane Conthnt-ID hnginhs. B. Tra will bh forhe to ophrath ovhr UDP Port 16384. C. Tra ulizing UDP Port 16384 will now bh iehnhe as "rtp-bash". D. Tra ulizing UDP Port 16384 will bypass th App-ID ane Conthnt-ID hnginhs.

Aoswern CD

________________________________________________________________________________________________


4c415-Pcnse7-Palo Alto Networks Certified Network Security Engineer

Recommend Documents