Page 1

100% Real Questions & Correct Answers from Lead2pass

Vendor: Palo Alto Networks Exam Code: PCNSE7 Exam Name: Palo Alto Networks Certified Network Security Engineer Question 121—Question 130 Click to Download All PCNSE7 Q&As From Lead2pass QUESTION 121 Which option is an IPv6 routing protocol? A. OSPFv3 B. BGP NG C. OSPFv2 D. RIPv3 Answer: A Explanation: OSPFv3 provides support for the OSPF routing protocol within an IPv6 network. As such, it provides support for IPv6 addresses and prefixes. https://www.paloaltonetworks.com/documentation/60/pan-os/newfeaturesguide/networkingfeatures/ospf- v3-support

QUESTION 122 Which URL Filtering Security Profile action logs the URL Filtering category to the URL Filtering log? A. Allow PCNSE7 Dumps

PCNSE7 Exam Questions

PCNSE7 New Questions

PCNSE7 VCE

PCNSE7 PDF

Get Full Version PCNSE7 Q&As From Lead2pass: https://www.lead2pass.com/pcnse7.html


100% Real Questions & Correct Answers from Lead2pass

B. Log C. Default D. Alert Answer: D Explanation: The website is allowed and a log entry is generated in the URL filtering log. Incorrect Answers: A: Allow: The website is allowed and no log entry is generated. B: There is no URL Filtering Security Profile action named log. C: There is no URL Filtering Security Profile action named default. https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/url-filtering/url-filteringprofile-actions

QUESTION 123 Which authentication source requires the installation of Palo Alto Networks software, other than PAN-OS 7x, to obtain username-to-IP-address mapping? A. Aerohive Wireless Access Point B. Microsoft Terminal Services C. Palo Alto Networks Captive Portal D. Microsoft Active Directory Answer: B Explanation: Configure User Mapping for Terminal Server Users Individual terminal server users appear to have the same IP address and therefore an IP address to username mapping is not sufficient to identify a specific user. To enable identification of specific users on Windows-based terminal servers, the Palo Alto Networks Terminal Services agent (TS agent) allocates a port range to each user. It then notifies every connected firewall about the allocated port range, which allows the firewall to create an IP address-port-user mapping table and enable user- and group-based security policy enforcement. Incorrect Answers: A: If you want to integrate Aerohive with Palo Alto the suggested route is to run a script on a Kiwi Syslog Server which parses the Aerohive log and then updates the Palo Alto with Username/IP address mapping. A working VB script for Kiwi is provided below. Etc. PCNSE7 Dumps

PCNSE7 Exam Questions

PCNSE7 New Questions

PCNSE7 VCE

PCNSE7 PDF

Get Full Version PCNSE7 Q&As From Lead2pass: https://www.lead2pass.com/pcnse7.html


100% Real Questions & Correct Answers from Lead2pass

https://www.paloaltonetworks.com/documentation/60/pan-os/pan-os/user-id/configure-usermapping-for-terminal-server-users

QUESTION 124 Which two actions are required to make Microsoft Active Directory users appear in a firewall traffic log? (Choose two.) A. Run the User-ID Agent using an Active Directory account that has "event log viewer" permissions B. Configure a RADIUS server profile to point to a domain controller C. Enable User-ID on the zone object for the source zone D. Enable User-ID on the zone object for the destination zone E. Run the User-ID Agent using an Active Directory account that has "domain administrator" permissions Answer: AC

QUESTION 125 Firewall administrators cannot authenticate to a firewall GUI. Which two logs on that firewall will contain authentication-related information useful in troubleshooting this issue? (Choose two.) A. dp-monitor.log B. Traffic log C. ms.log D. authd.log E. System log Answer: BE

QUESTION 126 Which three rule types are available when defining polices in Panorama? (Choose three.) A. Clean Up Rules B. Stealth Rules C. Post Rules D. Pre Rules PCNSE7 Dumps

PCNSE7 Exam Questions

PCNSE7 New Questions

PCNSE7 VCE

PCNSE7 PDF

Get Full Version PCNSE7 Q&As From Lead2pass: https://www.lead2pass.com/pcnse7.html


100% Real Questions & Correct Answers from Lead2pass

E. Default Rules Answer: CDE Explanation: https://www.paloaltonetworks.com/documentation/61/panorama/panorama_adminguide/mana ge-firewalls/manage-the-rule-hierarchy

QUESTION 127 Several offices are connected with VPNs using static IPv4 routes. An administrator has been tasked with implementing OSPF to replace static routing. Which step is required to accomplish this goal? A. Enable OSPFv3 on each tunnel interface and use Area ID 0.0.0.0 B. Create new VPN zones at each site to terminate each VPN connection. C. Assign an IP address on each tunnel interface at each site. D. Assign OSPF Area 0.0.0.0 to all Ethernet and tunnel interfaces. Answer: D Explanation: OSPF Area Types include the Backbone Area, Area 0, is the core of an OSPF network. The backbone has the reserved area ID of 0.0.0.0. All other areas are connected to it and all traffic between areas must traverse it. All routing between areas is distributed through the backbone area. While all other OSPF areas must connect to the backbone area, this connection doesn't need to be direct and can be made through a virtual link. https://www.paloaltonetworks.com/documentation/60/pan-os/pan-os/networking/configureospf

QUESTION 128 Which CLI command displays the current management plane memory utilization? A. > show system info B. > show system resources C. > show running resource-monitor D. > debug management-server show Answer: B Explanation: PCNSE7 Dumps

PCNSE7 Exam Questions

PCNSE7 New Questions

PCNSE7 VCE

PCNSE7 PDF

Get Full Version PCNSE7 Q&As From Lead2pass: https://www.lead2pass.com/pcnse7.html


100% Real Questions & Correct Answers from Lead2pass

When running show system resources from the PAN-OS CLI, the top process in the output shows 9999% CPU utilization. The following is an example output: > show system resources

https://live.paloaltonetworks.com/t5/Management-Articles/Show-System-ResourceCommandDisplays-CPU-Utilization-of-9999/ta-p/58149

QUESTION 129 A distributed log collection deployment has dedicated Log Collectors. A developer needs a device to send logs to Panorama instead of sending logs to the Collector Group. What should be done first? A. Contact Palo Alto Networks Support team to enter kernel mode commands to allow adjustments B. Revert to a previous configuration C. Remove the device from the Collector Group D. Remove the cable from the management interface. reload the Log Collector and then re-connect that cable Answer: C Explanation: In a distributed log collection deployment, where you have dedicated Log Collectors, if you need a device to send logs to Panorama instead of sending logs to the Collector Group, you must remove the device from the Collector group. https://www.paloaltonetworks.com/documentation/61/panorama/panorama_adminguide/mana PCNSE7 Dumps

PCNSE7 Exam Questions

PCNSE7 New Questions

PCNSE7 VCE

PCNSE7 PDF

Get Full Version PCNSE7 Q&As From Lead2pass: https://www.lead2pass.com/pcnse7.html


100% Real Questions & Correct Answers from Lead2pass

ge-log-collection/remove-a-firewall-from-a-collector-group#_24966

QUESTION 130 Site-A and Site-B need to use IKEv2 to establish a VPN connection. Site-A connects directly to the internet using a public IP address. Site-B uses a private IP address behind an ISP router to connect to the internet. How should NAT Traversal be implemented for the VPN connection to be established between Site-A and Site-B? A. Enable on Site-A only B. Enable on Site-B only with Passive Mode C. Enable on Site-A and Site-B D. Enable on Site-B only Answer: C Explanation: NAT traversal (NAT-T) must be enabled on both gateways if you have NAT occurring on a device that sits between the two gateways. A gateway can see only the public (globally routable) IP address of the NAT device. https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/vpns/site-to-site-vpnconcepts

PCNSE7 Dumps

PCNSE7 Exam Questions

PCNSE7 New Questions

PCNSE7 VCE

PCNSE7 PDF

Get Full Version PCNSE7 Q&As From Lead2pass: https://www.lead2pass.com/pcnse7.html

Lead2pass New PCNSE7 Exam PDF Ensure PCNSE7 Certification Exam Pass 100% (121-130)  

PCNSE7 dumps full version (PDF&VCE): https://www.lead2pass.com/pcnse7.html Large amount of free PCNSE7 exam questions on Google Drive: https...

Lead2pass New PCNSE7 Exam PDF Ensure PCNSE7 Certification Exam Pass 100% (121-130)  

PCNSE7 dumps full version (PDF&VCE): https://www.lead2pass.com/pcnse7.html Large amount of free PCNSE7 exam questions on Google Drive: https...

Advertisement