Page 1

100% Real Questions & Correct Answers from Lead2pass

Vendor: Palo Alto Networks Exam Code: PCNSE7 Exam Name: Palo Alto Networks Certified Network Security Engineer Question 131—Question 140 Click to Download All PCNSE7 Q&As From Lead2pass QUESTION 131 A network security engineer has a requirement to allow an external server to access an internal web server. The internal web server must also initiate connections with the external server. What can be done to simplify the NAT policy? A. Configure ECMP to handle matching NAT traffic B. Configure a NAT Policy rule with Dynamic IP and Port C. Create a new Source NAT Policy rule that matches the existing traffic and enable the Bidirectional option D. Create a new Destination NAT Policy rule that marches the existing traffic and enable the Bidirectional option Answer: C Explanation: https://live.paloaltonetworks.com/t5/Learning-Articles/What-does-the-Bi-directional-NATFeature-Provide/ta-p/60593

QUESTION 132 What happens when the traffic log shows an internal host attempting to open a session to a properly configured sinkhole address? PCNSE7 Dumps

PCNSE7 Exam Questions

PCNSE7 New Questions

PCNSE7 VCE

PCNSE7 PDF

Get Full Version PCNSE7 Q&As From Lead2pass: https://www.lead2pass.com/pcnse7.html


100% Real Questions & Correct Answers from Lead2pass

A. The internal host tried to resolve a DNS query by connecting to a rogue DNS server. B. A malicious domain tried to contact an internal DNS server. C. A rogue DNS server used the sinkhole address to direct traffic to a known malicious domain. D. The internal host attempted to use DNS to resolve a known malicious domain into an IP address. Answer: D

QUESTION 133 PAS-OS 7.0 introduced an automated correlation engine that analyzes log patterns and generates correlation events visible in the new Application Command Center (ACC). Which license must the firewall have to obtain new correlation objectives? A. Threat Prevention B. Application Center C. GlobalProtect D. URL Filtering Answer: A Explanation: https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/monitoring/automatedcorrelation-engine-concepts

QUESTION 134 Site-A and Site-have a site-to-site VPN set up between them. OSPF is configured to dynamically create the routes between the sites. The OSPF configuration in Site-is configured properly, but the route for the tunnel is not being established. The Site-interfaces in the graphic are using a broadcast Link Type. The administrator has determined that the OSPF configuration in Site-is using the wrong Link Type for one of its interfaces.

PCNSE7 Dumps

PCNSE7 Exam Questions

PCNSE7 New Questions

PCNSE7 VCE

PCNSE7 PDF

Get Full Version PCNSE7 Q&As From Lead2pass: https://www.lead2pass.com/pcnse7.html


100% Real Questions & Correct Answers from Lead2pass

Which Link Type setting will correct the error? A. Set tunnel.10 to p2p B. Set tunnel.10 to p2mp C. Set ethernet1/21 to p2mp D. Set ethernet1/21 to p2p Answer: D Explanation: https://www.paloaltonetworks.com/documentation/61/pan-os/pan-os/vpns/site-to-site-vpnwith-ospf

QUESTION 135 A network security engineer for a large company has just installed a PA-5060 Firewall to isolate the company's PCI environment from its production network. The company's network engineers made configuration changes to the switches on both network segments, and connected them to the new firewall. Soon after the cutover, however, users began to complain about latency and some servers stopped communicating. There are no security policies that deny traffic between the two network segments. You suspect that there is an interface misconfiguration on ethernet1/1. Which two commands should be used to troubleshoot the issue? (Choose two.) A. show interface management B. show interface ethernet1/1 C. show interface logical D. show interface hardware PCNSE7 Dumps

PCNSE7 Exam Questions

PCNSE7 New Questions

PCNSE7 VCE

PCNSE7 PDF

Get Full Version PCNSE7 Q&As From Lead2pass: https://www.lead2pass.com/pcnse7.html


100% Real Questions & Correct Answers from Lead2pass

Answer: BC

QUESTION 136 On March 10, 2016, between 11:00 am and 11:30 am, users reported that web-browsing traffic to the IP address 1.1.1.1 failed. Which filter can be applied to the traffic logs to show how many users were affected during this time frame? A. ( time_generated leq `2016/03/10 11:30:00') and ( app is web-browsing ) B. ( time_generated geq `2016/03/10 11:00:00') and ( time_generated leq `2016/03/10 11:30:00') and ( addr.dst in 1.1.1.1) C. ( time_generated leq `2016/03/10 11:00:00') and ( time_generated geq `2016/03/10 11:30:00') and ( app eq web-browsing ) D. ( time_generated geq `2016/03/10 11:00:00') and ( time_generated leq `2016/03/10 11:30:00') and ( app neq web-browsing ) Answer: B

QUESTION 137 Server Message Block (SMB), a common file-sharing application, is slow when passing through a Palo Alto Networks firewall. The Network Security Administrator created an application override policy, assigning all SMB traffic to a custom application, to resolve the slowness issue. Why does this configuration resolve the issue? A. Security policy assignment is being done more efficiently. B. Zone Protection is no longer being applied. C. Layer 7 processing has been disabled for SMB traffic. D. Layer 4 processing has been disabled for the SMB traffic. Answer: C

QUESTION 138 What are three valid options when creating a new security policy? (Choose three.)

PCNSE7 Dumps

PCNSE7 Exam Questions

PCNSE7 New Questions

PCNSE7 VCE

PCNSE7 PDF

Get Full Version PCNSE7 Q&As From Lead2pass: https://www.lead2pass.com/pcnse7.html


100% Real Questions & Correct Answers from Lead2pass

A. Reset All B. Reset client C. Block D. Deny All E. Alert F. Deny G. Allow Answer: BFG Explanation:

QUESTION 139 The Network Security Administrator discovers that the company's NAT-aware SIP phone system is not working properly through the Palo Alto Networks firewall, even though SIP traffic is being allowed by policy. Which configuration change can resolve this issue? A. Disable ALG within the security policy that permits SIP traffic B. Create an application override policy to assign all traffic to and from SIP phones to the sip application C. Create a security policy that allows any traffic to and from SIP phones. D. Disable ALG within the SIP application Answer: D Explanation:

PCNSE7 Dumps

PCNSE7 Exam Questions

PCNSE7 New Questions

PCNSE7 VCE

PCNSE7 PDF

Get Full Version PCNSE7 Q&As From Lead2pass: https://www.lead2pass.com/pcnse7.html


100% Real Questions & Correct Answers from Lead2pass

QUESTION 140 Which two statements accurately describe how DoS Protection Profiles and Policies mitigate attacks? (Choose two.) A. They mitigate against volumetric attacks by leveraging known vulnerabilities, brute force methods, amplification, spoofing, and other vulnerabilities. B. They mitigate against attacks on a zone basis by providing reconnaissance protection against TCP/ UDP port scans and host sweeps. C. They mitigate against attacks by providing resource protection by limiting the number of sessions that can be used. D. They mitigate against attacks by utilizing "random early drop". Answer: CD Explanation: DOS In addition to flood protection, we also offer resources protection. This type of protection enforces a quota for your hosts. It restricts the maximum number of sessions allowed for a particular source IP address, destination IP address or IP source-destination pair. ZONE PROTECTION PCNSE7 Dumps

PCNSE7 Exam Questions

PCNSE7 New Questions

PCNSE7 VCE

PCNSE7 PDF

Get Full Version PCNSE7 Q&As From Lead2pass: https://www.lead2pass.com/pcnse7.html


100% Real Questions & Correct Answers from Lead2pass

Zone protection policies allow the use of flood protection and have the ability to protect against port scanning\sweeps and packet based attacks. A few examples are IP spoofing, fragments, overlapping segments, reject tcp-non-syn.

PCNSE7 Dumps

PCNSE7 Exam Questions

PCNSE7 New Questions

PCNSE7 VCE

PCNSE7 PDF

Get Full Version PCNSE7 Q&As From Lead2pass: https://www.lead2pass.com/pcnse7.html

Lead2pass New PCNSE7 Exam PDF (131-140)  

PCNSE7 dumps full version (PDF&VCE): https://www.lead2pass.com/pcnse7.html Large amount of free PCNSE7 exam questions on Google Drive: https...

Lead2pass New PCNSE7 Exam PDF (131-140)  

PCNSE7 dumps full version (PDF&VCE): https://www.lead2pass.com/pcnse7.html Large amount of free PCNSE7 exam questions on Google Drive: https...

Advertisement