22 06 2017
[NEW PCNSE7 PDF]Free PCNSE7 VCE Offered by Braindump2go[101-110]
2017 June New Updated PCNSE7 Exam Dumps with PDF and VCE Free Shared in www.Braindump2go.com Today!
100% Real Exam Questions! 100% Exam Pass Guaranteed!
1.|2017 New PCNSE7 PDF and PCNSE7 VCE 131Q&As Download:
http://www.braindump2go.com/pcnse7.html
2.|2017 New PCNSE7 Questions and Answers PDF Download:
https://drive.google.com/drive/folders/0B75b5xYLjSSNZUpkbFJ5WVdSaVk?usp=sharing
QUESTION 101
When is it necessary to activate a license when provisioning a new Palo Alto Networks firewall?
A. When configuring Certificate Profiles
B. When configuring GlobalProtect portal
C. When configuring User Activity Reports
D. When configuring Antivirus Dynamic Updates
Answer: D
QUESTION 102
A network design change requires an existing firewall to start accessing Palo Alto Updates from a dataplane interface address instead of the management interface.
Which configuration setting needs to be modified?
A. Authentication profile
B. Default route
C. Service route
D. Management profile
Answer: C
Explanation:
The firewall uses the management (MGT) interface by default to access external services, such as DNS servers, external authentication servers, Palo Alto Networks services such as software, URL updates, licenses and AutoFocus. An alternative to using the MGT interface is to configure a data port (a regular interface) to access these services. The path from the interface to the service on a server is known as a service route. The service packets exit the firewall on the port assigned for the external service and the server sends its response to the configured source interface and source IP address.
You can configure service routes globally for the firewall or Customize Service Routes for a Virtual System on a firewall enabled for multiple virtual systems so that you have the flexibility to use interfaces associated with a virtual system.
https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/networking/service-routes
QUESTION 103
A network security engineer needs to configure a virtual router using IPv6 addresses.
Which two routing options support these addresses? (Choose two.)
A. Static Route
B. BGP
C. OSPFv3
D. RIP
Answer: AC
Explanation:
C: OSPFv3 provides support for the OSPF routing protocol within an IPv6 network. As such, it provides support for IPv6 addresses and prefixes.
A: How to Set Default Route for IPv6 Traffic
Steps
1. Go to Network > Virtual Router
2. Add a Virtual Router and go to Static Routes > IPv6.
3. Add a Static Route:
E. Set destination (example, IPV4 0.0.0.0/0) as ::0/
F. Select the Interface
G. Set the Next Hop IP address
https://www.paloaltonetworks.com/documentation/60/pan-os/newfeaturesguide/networking-features/ospf-v3-support
https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Set-Default-Route-for-IPv6-Traffic/ta-p/52731
QUESTION 104
A Network Administrator wants to deploy a Large Scale VPN solution. The Network Administrator has chosen a GlobalProtect Satellite solution. This configuration needs to be deployed to multiple remote offices and the Network Administrator decides to use Panorama to deploy the configurations.
How should this be accomplished?
A. Create a Template with the appropriate lKE Gateway settings.
B. Create a Device Group with the appropriate lPSec tunnel settings.
C. Create a Device Group with the appropriate IKE Gateway settings.
D. Create a Template with the appropriate lPSec tunnel settings.
Answer: D
Explanation:
Note: The administrator of the satellite must enter the credentials when the satellite connects to the portal.
This is done on the satellite by navigating to Network > IPSec Tunnels and choosing “gateway info” and then clicking on “Enter Credentials”.
QUESTION 105
People are having intermittent quality issues during a live meeting via a web application.
How can the performance of this application be improved?
A. Use QoS Profile to define QoS Classes and a QoS Policy
B. Use QoS Classes to define QoS Profile
C. Use QoS Classes to define QoS Profile and QoS Policy
D. Use QoS Profile to define QoS Classes
Answer: A
QUESTION 106
When is it necessary to activate a license when provisioning a new Palo Alto Networks firewall?
A. When configuring GlobalProtect portal
B. When configuring User Activity Reports
C. When configuring Certificate Profiles
D. When configuring Antivirus Dynamic Updates
Answer: D
QUESTION 107
A file sharing application is being permitted and no one knows what this application is used for.
How should this application be blocked?
A. Block all unauthorized applications using a security policy.
B. Block all known internal custom applications.
C. Create a File Blocking Profile that blocks Layer 4 and Layer 7 attacks.
D. Create a WildFire Analysis Profile that blocks Layer4 and Layer 7 attacks.
Answer: C
Explanation:
The firewall uses file blocking profiles two ways: to forward files to WildFire for analysis or to block specified file types over specified applications and in the specified session flow direction (inbound/outbound/both).
You can set the profile to alert or block on upload and/or download and you can specify which applications will be subject to the file blocking profile. You can also configure custom block pages that will appear when a user attempts to download the specified file type. This allows the user to take a moment to consider whether or not they want to download a file.
Incorrect Answers:
D: Use a WildFire analysis profile to enable the firewall to forward unknown files or email links for WildFire analysis. Specify files to be forwarded for analysis based on application, file type, and transmission direction (upload or download).
https://www.paloaltonetworks.com/documentation/61/pan-os/pan-os/policy/file-blocking-profiles
QUESTION 108
YouTube videos are consuming too much bandwidth on the network, causing delays in mission-critical traffic. The administrator wants to throttle YouTube traffic.
The following interfaces and zones are in use on the firewall:
– ethernet 1/1, Zone: Untrust (Internet-facing)
– ethernet 1/2, Zone: Trust (client-facing)
A QoS profile has been created, and QoS has been enabled on both interfaces. A QoS rule exists to put the YouTube application into QoS class 6. Interface Ethernet 1/1 has a QoS profile called Outbound, and interface Ethernet 1/21 has a QoS profile called Inbound.
Which setting for Class 6 will throttle YouTube traffic?
A. Outbound profile with Guaranteed Ingress
B. Inbound profile with Maximum Egress
C. Inbound profile with Guaranteed Egress
D. Outbound profile with Maximum Ingress
Answer: B
Explanation:
Identify the egress interface for applications that you identified as needing QoS treatment.
The egress interface for traffic depends on the traffic flow. If you are shaping incoming traffic, the egress interface is the internal-facing interface. If you are shaping outgoing traffic, the egress interface is the external-facing interface.
https://www.paloaltonetworks.com/documentation/61/pan-os/pan-os/quality-of-service/configure-qos
QUESTION 109
Which field is optional when creating a new Security Police rule?
A. Description
B. Destination Zone
C. Action
D. Name
E. Source Zone
Answer: A
Explanation:
The optional fields are: Description, Tag, Source IP Address and Destionation IP Address.
https://www.paloaltonetworks.com/documentation/61/pan-os/pan-os/policy/components-of-a-security-policy-rule#_43864
QUESTION 110
When using the predefined default antivirus profile, the policy will inspect for viruses on the decoders.
Match each decoder with its default action. Answer options may be used more than once or not at all. (select four)
A. IMAP – Alert
B. IMAP – Reset-both
C. HTTP – Alert
D. HTTP – Reset-both
E. FTP, SMB – Alert
F. FTP, SMB – Reset-both
G. POP3, SMTP – Alert
H. POP3, SMTP – Reset-both
Answer: ADFG
Explanation:
The default profile inspects all of the listed protocol decoders for viruses, and generates alerts for SMTP, IMAP, and POP3 protocols while blocking for FTP, HTTP, and SMB protocols.
https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/policy/antivirus-profiles
!!!RECOMMEND!!!
1.|2017 New PCNSE7 PDF and PCNSE7 VCE 131Q&As Download:
http://www.braindump2go.com/pcnse7.html
2.|2017 New PCNSE7 Study Guide Video:
https://youtu.be/or7j9-27yWc
[NEW PCNSE7 PDF]Braindump2go PCNSE7 Questions and Answers Instant Download[91-100] [2017-New-Exams]Valid 70-355 Braindumps VCE Free Download in Braindump2go[1-8]
Comments are currently closed.