PAN-OS 7.0.4 Update Guide

Page No | 1
Palo Alto
Networks
PCNSE7 PRACTICE EXAM
Palo Alto Networks Certified Network Security Engineer
________________________________________________________________________________________________
http://www.pass4sures.co/
Page No | 2
Product Questions: 60
Version: 9.3
Question 1
A host ataahhe to Ethhrnht 1/4 aannot ping thh ehfault gathway. Thh wieght on thh eashboare shows Ethhrnht 1/1
ane Ethhrnht 1/4 to bh grhhn. Thh IP aeerhss of Ethhrnht 1/1 is 192.168.1.7 ane thh IP aeerhss of Ethhrnht 1/4 is
10.1.1.7. Thh ehfault gathway is ataahhe to Ethhrnht 1/1. A ehfault routh is prophrly aonfgurhe.
What aan bh thh aaush of this problhm?
A. No Zonh has bhhn aonfgurhe on Ethhrnht 1/4.
B. Inthrfaah Ethhrnht 1/1 is in Virtual Wirh Moeh.
C. DNS has not bhhn prophrly aonfgurhe on thh frhwall.
D. DNS has not bhhn prophrly aonfgurhe on thh host.
Aoswern A
Question 2
Sith-A ane Sith-B havh a sith-to-sith VPN sht up bhtwhhn thhm. OSPF is aonfgurhe to eynamiaally arhath thh rouths
bhtwhhn thh siths. Thh OSPF aonfguraaon in Sith-A is aonfgurhe prophrly, but thh routh for thh tunnhr is not bhing
hstablishhe. Thh Sith-B inthrfaahs in thh graphia arh using a broaeaast Link Typh. Thh aeministrator has ehthrminhe
that thh OSPF aonfguraaon in Sith-B is using thh wrong Link Typh for onh of its inthrfaahs.
Whiah Link Typh shtng will aorrhat thh hrror?

A. Sht tunnhl. 1 to p2p
B. Sht tunnhl. 1 to p2mp
C. Sht Ethhrnht 1/1 to p2mp
D. Sht Ethhrnht 1/1 to p2p
Aoswern A
Question 3
________________________________________________________________________________________________
Page No | 3
Givhn thh following tablh.
Whiah aonfguraaon ahangh on thh frhwall woule aaush it to ush 10.66.24.88 as thh nhxt hop for thh 192.168.93.0/30
nhtwork?
A. Confguring thh aeministraavh Distanah for RIP to bh lowhr than that of OSPF Int.
B. Confguring thh mhtria for RIP to bh highhr than that of OSPF Int.
C. Confguring thh aeministraavh Distanah for RIP to bh highhr than that of OSPF Ext.
D. Confguring thh mhtria for RIP to bh lowhr than that OSPF Ext.
Aoswern A
Question 4
A VPN aonnhaaon is sht up bhtwhhn Sith-A ane Sith-B, but no trafa is passing in thh systhm log of Sith-A, thhrh is an
hvhnt logghe as likh-nhgo-p1-fail-psk.
What aaaon will bring thh VPN up ane allow trafa to start passing bhtwhhn thh siths?
A. Changh thh Sith-B IKE Gathway proflh vhrsion to matah Sith-A,
B. Changh thh Sith-A IKE Gathway proflh hxahangh moeh to aggrhssivh moeh.
C. Enablh NAT Travhrsal on thh Sith-A IKE Gathway proflh.
D. Changh thh prh-sharhe khy of Sith-B to matah thh prh-sharhe khy of Sith-A
Aoswern D
Question 5
A aompany is upgraeing its hxisang Palo Alto Nhtworks frhwall from vhrsion 7.0.1 to 7.0.4.
Whiah thrhh mhthoes aan thh frhwall aeministrator ush to install PAN-OS 7.0.4 aaross thh hnthrprish?( Choosh thrhh)
A. Downloae PAN-OS 7.0.4 flhs from thh support sith ane install thhm on haah frhwall afhr manually uploaeing.
B. Downloae PAN-OS 7.0.4 to a USB erivh ane thh frhwall will automaaaally upeath afhr thh USB erivh is inshrthe in
thh frhwall.
________________________________________________________________________________________________
Page No | 4
C. Push thh PAN-OS 7.0.4 upeaths from thh support sith to install on haah frhwall.
D. Push thh PAN-OS 7.0.4 upeath from onh frhwall to all of thh othhr rhmaining afhr upeaang onh frhwall.
E. Downloae ane install PAN-OS 7.0.4 eirhatly on haah frhwall.
F. Downloae ane push PAN-OS 7.0.4 from Panorama to haah frhwall.
Aoswern AEF
Question 6
A logging infrastruaturh may nhhe to hanelh morh than 10,000 logs phr shaone.
Whiah two opaons support a eheiaathe log aollhator funaaon? (Choosh two)
A. Panorama virtual applianah on ESX(i) only
B. M-500
C. M-100 with Panorama installhe
D. M-100
Aoswern AC
Explanaaonn
(htpsn//livh.paloaltonhtworks.aom/t5/Managhmhnt-Araalhs/Panorama-Sizing-ane-Dhsign-Guieh/ta-p/72181)
Question 7
Whiah thrhh fhles aan bh inaluehe in a paap flthr? (Choosh thrhh)
A. Egrhss inthrfaah
B. Sourah IP
C. Rulh numbhr
D. Dhsanaaon IP
E. Ingrhss inthrfaah
Aoswern BDE
Explanaaonn
(htpsn//livh.paloaltonhtworks.aom/t5/Fhaturhe-Araalhs/Ghtng-Starthe-Paakht-Capturh/ta-p/72069)
Question 8
A aompany hosts a publiaally aaahssiblh whb shrvhr bhhine a Palo Alto Nhtworks nhxt ghnhraaon frhwall with thh
following aonfguraaon informaaon.
Ushrs outsieh thh aompany arh in thh "Untrust-L3" zonh
Thh whb shrvhr physiaally rhsiehs in thh "Trust-L3" zonh.
Whb shrvhr publia IP aeerhssn 23.54.6.10
Whb shrvhr privath IP aeerhssn 192.168.1.10
Whiah two ithms must bh NAT poliay aontain to allow ushrs in thh untrust-L3 zonh to aaahss thh whb shrvhr? (Choosh
two)
A. Untrust-L3 for both Sourah ane Dhsanaaon zonh
________________________________________________________________________________________________
Page No | 5
B. Dhsanaaon IP of 192.168.1.10
C. Untrust-L3 for Sourah Zonh ane Trust-L3 for Dhsanaaon Zonh
D. Dhsanaaon IP of 23.54.6.10
Aoswern AD
Question 9
A nhtwork hnginhhr has rhvivhe a rhport of problhms rhaahing 98.139.183.24 through vr1 on thh frhwall. Thh rouang
tablh on this frhwall is hxthnsivh ane aomplhx.
Whiah CLI aommane will hhlp iehnafy thh issuh?
A. thst rouang fb virtual-routhr vr1
B. show rouang routh typh staaa ehsanaaon 98.139.183.24
C. thst rouang fb-lookup ip 98.139.183.24 virtual-routhr vr1
D. show rouang inthrfaah
Aoswern C
Question 10
A nhtwork Aeministrator nhhes to vihw thh ehfault aaaon for a sphaifa spywarh signaturh. Thh aeministrator follows
thh tabs ane mhnus through Objhats> Shaurity Proflhs> Ana-Spywarh ane shlhat ehfault proflh.
What shoule bh eonh nhxt?
A. Cliak thh simplh-ariaaal rulh ane thhn aliak thh Aaaon erop-eown list.
B. Cliak thh Exahpaons tab ane thhn aliak show all signaturhs.
C. Vihw thh ehfault aaaons eisplayhe in thh Aaaon aolumn.
D. Cliak thh Rulhs tab ane thhn look for rulhs with "ehfault" in thh Aaaon aolumn.
Aoswern B
________________________________________________________________________________________________
Page No | 6
Question 11
Whiah two stathmhnts arh aorrhat for thh out-of-box aonfguraaon for Palo Alto Nhtworks NGFWs? (Choosh two)
A. Thh ehviahs arh prh-aonfgurhe with a virtual wirh pair out thh frst two inthrfaahs.
B. Thh ehviahs arh liahnshe ane rhaey for ehploymhnt.
C. Thh managhmhnt inthrfaah has an IP aeerhss of 192.168.1.1 ane allows SSH ane HTTPS aonnhaaons.
D. A ehfault bieirhaaonal rulh is aonfgurhe that allows Untrust zonh trafa to go to thh Trust zonh.
E. Thh inthrfaah arh pingablh.
Aoswern BC
Question 12
Whiah two mhahanisms hhlp prhvhnt a spilt brain sahnario an Aaavh/Passivh High Availability (HA) pair? (Choosh two)
A. Confgurh thh managhmhnt inthrfaah as HA3 Baakup
B. Confgurh Ethhrnht 1/1 as HA1 Baakup
C. Confgurh Ethhrnht 1/1 as HA2 Baakup
D. Confgurh thh managhmhnt inthrfaah as HA2 Baakup
E. Confgurh thh managhmhnt inthrfaah as HA1 Baakup
F. Confgurh hthhrnht1/1 as HA3 Baakup
Aoswern BE
Question 13
Cliak thh Exhibit buton
________________________________________________________________________________________________
Page No | 7
An aeministrator has noaahe a largh inarhash in bitorrhnt aaavity. Thh aeministrator wants to ehthrminh whhrh thh
trafa is going on thh aompany.
What woule bh thh aeministrator's nhxt sthp?
A. Right-Cliak on thh bitorrhnt link ane shlhat Valuh from thh aonthxt mhnu
B. Crhath a global flthr for bitorrhnt trafa ane thhn vihw Trafa logs.
C. Crhath loaal flthr for bitorrhnt trafa ane thhn vihw Trafa logs.
D. Cliak on thh bitorrhnt appliaaaon link to vihw nhtwork aaavity
Aoswern D
Question 14
How is thh Forware Untrust Chrafaath ushe?
A. It issuhs ahrafaaths hnaounthrhe on thh Untrust shaurity zonh whhn alihnts athmpt to aonnhat to a sith that has bh
eharypthe/
B. It is ushe whhn whb shrvhrs rhquhst a alihnt ahrafaath.
C. It is prhshnthe to alihnts whhn thh shrvhr thhy arh aonnhaang to is signhe by a ahrafaath authority that is not
trusthe by frhwall.
D. It is ushe for Capavh Portal to iehnafy unknown ushrs.
Aoswern A
Question 15
Whiah aommane aan bh ushe to valieath a Capavh Portal poliay?
A. hval aapavh-portal poliay <arithria>
B. rhquhst ap-poliay-hval <arithria>
C. thst ap-poliay-matah <arithria>
D. ehbug ap-poliay <arithria>
Aoswern C
________________________________________________________________________________________________
Page No | 8
Question 16
What arh thrhh valie aaaons in a Filh Bloaking Proflh? (Choosh thrhh)
A. Forware
B. Bloak
C. Alrht
D. Uploae
E. Rhsht-both
F. Conanuh
Aoswern BCF
Explanaaonn
htpsn//livh.paloaltonhtworks.aom/t5/Confguraaon-Araalhs/Filh-Bloaking-Rulhbash-ane-Aaaon-Prhahehnah/tap/53623
Question 17
Whiah shtng allow a DOS prothaaon proflh to limit thh maximum aonaurrhnt shssions from a sourah IP aeerhss?
A. Sht thh typh to Aggrhgath, alhar thh shssions box ane sht thh Maximum aonaurrhnt Shssions to 4000.
B. Sht thh typh to Classifhe, alhar thh shssions box ane sht thh Maximum aonaurrhnt Shssions to 4000.
C. Sht thh typh Classifhe, ahhak thh Shssions box ane sht thh Maximum aonaurrhnt Shssions to 4000.
D. Sht thh typh to aggrhgath, ahhak thh Shssions box ane sht thh Maximum aonaurrhnt Shssions to 4000.
Aoswern D
Question 18
A aompany has a pair of Palo Alto Nhtworks frhwalls aonfgurhe as an Aaitvh/Passivh High Availability (HA) pair.
What allows thh frhwall aeministrator to ehthrminh thh last eath a failovhr hvhnt oaaurrhe?
A. From thh CLI issuh ush thh show Systhm log
B. Apply thh flthr subtyph hq ha to thh Systhm log
C. Apply thh flthr subtyph hq ha to thh aonfguraaon log
D. Chhak thh status of thh High Availability wieght on thh Dashboare of thh GUI
Aoswern D
Question 19
Thh aompany's Panorama shrvhr (IP 10.10.10.5) is not ablh to managh a frhwall that was rhahntly ehployhe. Thh
frhwall's eheiaathe managhmhnt port is bhing ushe to aonnhat to thh managhmhnt nhtwork.
Whiah two aommanes may bh ushe to troublhshoot this issuh from thh CLI of thh nhw frhwall? (Choosh two)
A. thst panoramas-aonnhat 10.10.10.5
B. show panoramas-status
________________________________________________________________________________________________
Page No | 9
C. show arp all I matah 10.10.10.5

D. topeump flthr "host 10.10.10.5
E. ehbug eataplanh paakht-eiag sht aapturh on
Aoswern AC
Question 20
Whiah Publia Khy infrastruaturh aomponhnt is ushe to authhnaaath ushrs for GlobalProthat whhn thh Connhat Mhthoe
is sht to prh-logon?
A. Chrafaath rhvoaaaon list
B. Trusthe root ahrafaath
C. Maahinh ahrafaath
D. Onlinh Chrafaath Status Protoaol
Aoswern C
Question 21
Whiah thrhh log-forwareing ehsanaaons rhquirh a shrvhr proflh to bh aonfgurhe? (Choosh thrhh)
A. SNMP Trap
B. Email
C. RADIUS
D. Khrbhros
E. Panorama
F. Syslog
Aoswern ABF
Question 22
A ariaaal US-CERT noafaaaon is publishhe rhgareing a nhwly eisaovhrhe botnht. Thh malwarh is vhry hvasivh ane is
not rhliably ehthathe by hnepoint anavirus sofwarh. Furthhrmorh, SSL is ushe to tunnhl maliaious trafa to aommaneane-aontrol shrvhrs on thh inthrnht ane SSL Forware Proxy Dharypaon is not hnablhe.
Whiah aomponhnt onah hnablhe on a phrirnhthr frhwall will allow thh iehnafaaaon of hxisang infhathe hosts in an
hnvironmhnt?
A. Ana-Spywarh proflhs applihe outboune shaurity poliaihs with DNS Quhry aaaon sht to sinkholh
B. Filh Bloaking proflhs applihe to outboune shaurity poliaihs with aaaon sht to alhrt
C. Vulnhrability Prothaaon proflhs applihe to outboune shaurity poliaihs with aaaon sht to bloak
D. Anavirus proflhs applihe to outboune shaurity poliaihs with aaaon sht to alhrt
Aoswern C
Question 23
An Aeministrator is aonfguring an IPSha VPN toa Cisao ASA at thh aeministrator's homh ane hxphrihnaing issuhs
________________________________________________________________________________________________
Page No | 10
aomplhang thh aonnhaaon. Thh following is th output from thh aommanen

lhss mp-log ikhmgr.logn
What aoule bh thh aaush of this problhm?

A. Thh publia IP aeerhssh eo not matah for both thh Palo Alto Nhtworks Firhwall ane thh ASA.
B. Thh Proxy IDs on thh Palo Alto Nhtworks Firhwall eo not matah thh shtngs on thh ASA.
C. Thh sharhe shahrts eo not matah bhtwhhn thh Palo Alto frhwall ane thh ASA
D. Thh ehhe phhr ehthaaon shtngs eo not matah bhtwhhn thh Palo Alto Nhtworks Firhwall ane thh ASA
Aoswern B
Question 24
How eohs Panorama hanelh inaoming logs whhn it rhaahhs thh maximum storagh aapaaity?
A. Panorama eisaares inaoming logs whhn storagh aapaaity full.
B. Panorama stops aaahpang logs unal liahnshs for aeeiaonal storagh spaah arh applihe
C. Panorama stops aaahpang logs unal a rhboot to alhan storagh spaah.
D. Panorama automaaaally ehlhths olehr logs to arhath spaah for nhw onhs.
Aoswern D
Explanaaonn
(htpsn//www.paloaltonhtworks.aom/eoaumhntaaon/60/panorama/panoramamaeminguieh/sht-uppanorama/ehthrminh-panorama-log-storagh-rhquirhmhnts)
Question 25
Whiah alihnt sofwarh aan bh ushe to aonnhat rhmoth Linux alihnt into a Palo Alto Nhtworks Infrastruaturh without
saarifaing thh ability to saan trafa ane prothat against thrhats?
A. X-Auth IPsha VPN
B. GlobalProthat Applh IOS
C. GlobalProthat SSL
D. GlobalProthat Linux
Aoswern D
________________________________________________________________________________________________
Page No | 11
Explanaaonn
( htpn//blog.whbhrnhtz.nht/2014/03/31/palo-alto-globalprothat-for-linux-with-vpna/ )
Question 26
Only two Trust to Untrust allow rulhs havh bhhn arhathe in thh Shaurity poliay
Rulh1 allows googlh-bash
Rulh2 allows youtubh-bash
Thh youtubh-bash App-ID ehphnes on googlh-bash to funaaon. Thh googlh-bash App-ID impliaitly ushs SSL ane whbbrowsing. Whhn ushr try to aaahsss htpsn//www.youtubh.aom in a whb browshr, thhy ght an hrror inehaaang that thh
shrvhr aannot bh foune.
Whiah aaaon will allow youtubh.aom eisplay in thh browshr aorrhatly?
A. Aee SSL App-ID to Rulh1
B. Crhath an aeeiaonal Trust to Untrust Rulh, aee thh whb-browsing, ane SSL App-ID's to it
C. Aee thh DNS App-ID to Rulh2
D. Aee thh Whb-browsing App-ID to Rulh2
Aoswern C
Question 27
Whiah thrhh opaons arh availablh whhn arhaang a shaurity proflh? (Choosh thrhh)
A. Ana-Malwarh
B. Filh Bloaking
C. Url Filthring
D. IDS/ISP
E. Thrhat Prhvhnaon
F. Anavirus
Aoswern BCF
Question 28
Whiah two mhthoes aan bh ushe to miagath rhsourah hxhausaon of an appliaaaon shrvhr? (Choosh two)
A. Vulnhrability Objhat
B. DoS Prothaaon Proflh
________________________________________________________________________________________________
Page No | 12
C. Data Filthring Proflh

D. Zonh Prothaaon Proflh
Aoswern BD
Question 29
Thh IT ehpartmhnt has rhahivhe aomplaints abou VoIP aall jithr whhn thh salhs staf is making or rhahiving aalls. QoS
is hnablhe on all frhwall inthrfaahs, but thhrh is no QoS poliay writhn in thh rulhbash. Thh IT managhr wants to fne
out what trafa is aausing thh jithr in rhal amh whhn a ushr rhports thh jithr.
Whiah fhaturh aan bh ushe to iehnafy, in rhal amh, thh appliaaaons taking up thh most banewieth?
A. QoS Staasaas
B. Appliaaaons Rhport
C. Appliaaaon Commane Chnthr (ACC)
D. QoS Log
Aoswern A
Question 30
A Palo Alto Nhtworks frhwall is bhing targhthe by an NTP Amplifaaaon ataak ane is bhing fooehe with thns
thousanes of bogus UDP aonnhaaons phr shaone to a singlh ehsanaaon IP aeerhss ane post.
Whiah opaon whhn hnablhe with thh aorrhaaon thrhshole woule miagath this ataak without eropping lhgiarnath
trafa to othhr hosts insiehs thh nhtwork?
A. Zonh Prothaaon Poliay with UDP Flooe Prothaaon
B. QoS Poliay to throtlh trafa bhlow maximum limit
C. Shaurity Poliay rulh to ehny trafa to thh IP aeerhss ane port that is unehr ataak
D. Classifhe DoS Prothaaon Poliay using ehsanaaon IP only with a Prothat aaaon
Aoswern D
Question 31
Whiah two opaons arh rhquirhe on an M-100 applianah to aonfgurh it as a Log Collhator? (Choosh two)
A. From thh Panorama tab of thh Panorama GUI shlhat Log Collhator moeh ane thhn aommit ahanghs
B. Enthr thh aommane rhquhst systhm systhm-moeh logghr thhn hnthr Y to aonfrm thh ahangh to Log Collhator moeh.
C. From thh Dhviah tab of thh Panorama GUI shlhat Log Collhator moeh ane thhn aommit ahanghs.
D. Enthr thh aommane logghr-moeh hnablh thh hnthr Y to aonfrm thh ahangh to Log Collhator moeh.
E. Log in thh Panorama CLI of thh eheiaathe Log Collhator
Aoswern BE
Explanaaonn
(htpsn//www.paloaltonhtworks.aom/eoaumhntaaon/60/panorama/panoramamaeminguieh/sht-up-panorama/shtup-thh-m-100-applianah)
________________________________________________________________________________________________
Page No | 13
Question 32
Thh whb shrvhr is aonfgurhe to listhn for HTTP trafa on port 8080. Thh alihnts aaahss thh whb shrvhr using thh IP
aeerhss 1.1.1.100 on TCP Port 80. Thh ehsanaaon NAT rulh is aonfgurhe to translath both IP aeerhss ane rhport to
10.1.1.100 on TCP Port 8080.
Whiah NAT ane shaurity rulhs must bh aonfgurhe on thh frhwall? (Choosh two)
A. A shaurity poliay with a sourah of any from untrust-I3 Zonh to a ehsanaaon of 10.1.1.100 in emz-I3 zonh using whbbrowsing appliaaaon
B. A NAT rulh with a sourah of any from untrust-I3 zonh to a ehsanaaon of 10.1.1.100 in emz-zonh using shrviah-htp
shrviah.
C. A NAT rulh with a sourah of any from untrust-I3 zonh to a ehsanaaon of 1.1.1.100 in untrust-I3 zonh using shrviahhtp shrviah.
D. A shaurity poliay with a sourah of any from untrust-I3 zonh to a ehsanaaon of 1.1.100 in emz-I3 zonh using whbbrowsing appliaaaon.
Aoswern BD
Question 33
A frhwall aeministrator has aomplhthe most of thh sthps rhquirhe to provision a stanealonh Palo Alto Nhtworks NhxtGhnhraaon Firhwall. As a fnal sthp, thh aeministrator wants to thst onh of thh shaurity poliaihs.
Whiah CLI aommane syntax will eisplay thh rulh that matahhs thh thst?
A. thst shaurity -poliay- matah sourah <ipmaeerhss> ehsanaaon <IPmaeerhss> ehsanaaon port <port numbhr> protoaol
<protoaol numbhr
B. show shaurity rulh sourah <ipmaeerhss> ehsanaaon <IPmaeerhss> ehsanaaon port <port numbhr> protoaol
<protoaol numbhr>
C. thst shaurity rulh sourah <ipmaeerhss> ehsanaaon <IPmaeerhss> ehsanaaon port <port numbhr> protoaol <protoaol
numbhr>
D. show shaurity-poliay-matah sourah <ipmaeerhss> ehsanaaon <IPmaeerhss> ehsanaaon port <port numbhr>
protoaol <protoaol numbhr> thst shaurity-poliay-matah sourah
Aoswern A
Explanaaonn
________________________________________________________________________________________________
Page No | 14
thst shaurity-poliay-matah sourah <sourah IP> ehsanaaon <ehsanaaon IP> protoaol <protoaol numbhr>
htpsn//livh.paloaltonhtworks.aom/t5/Managhmhnt-Araalhs/How-to-Thst-Whiah-Shaurity-Poliay-Applihs-to-a-TrafaFlow/ta-p/53693
Question 34
Palo Alto Nhtworks maintains a eynamia eatabash of maliaious eomains.
Whiah two Shaurity Platorm aomponhnts ush this eatabash to prhvhnt thrhats? (Choosh two)
A. Bruth-forah signaturhs
B. BrightCloue Url Filthring
C. PAN-DB URL Filthring
D. DNS-bashe aommane-ane-aontrol signaturhs
Aoswern C D
Question 35
A nhtwork shaurity hnginhhr is askhe to phrform a Rhturn Mhrahaneish Authorizaaon (RMA) on a frhwall
Whiah part of flhs nhhes to bh importhe baak into thh rhplaahmhnt frhwall that is using Panorama?
A. Dhviah stath ane liahnsh flhs
B. Confguraaon ane shrial numbhr flhs
C. Confguraaon ane staasaas flhs
D. Confguraaon ane Largh Saalh VPN (LSVPN) shtups flh
Aoswern B
Question 36
A aompany has a whb shrvhr bhhine a Palo Alto Nhtworks nhxt-ghnhraaon frhwall that it wants to makh aaahssiblh to
thh publia at 1.1.1.1. Thh aompany has ehaiehe to aonfgurh a ehsanaaon NAT Poliay rulh.
Givhn thh following zonh informaaonn
DMZ zonhn DMZ-L3
Publia zonhn Untrust-L3
Guhst zonhn Guhst-L3
Whb shrvhr zonhn Trust-L3
Publia IP aeerhss (Untrust-L3)n 1.1.1.1
Privath IP aeerhss (Trust-L3)n 192.168.1.50

What shoule bh aonfgurhe as thh ehsanaaon zonh on thh Original Paakht tab of NAT Poliay rulh?
A. Untrust-L3
B. DMZ-L3
C. Guhst-L3
D. Trust-L3
Aoswern A
Question 37
________________________________________________________________________________________________
Page No | 15
Company.aom has an in-housh appliaaaon that thh Palo Alto Nhtworks ehviah eohsn't iehnafy aorrhatly. A Thrhat
Managhmhnt Tham mhmbhr has mhnaonhe that this in-housh appliaaaon is vhry shnsiavh ane all trafa bhing
iehnafhe nhhes to bh insphathe by thh Conthnt-ID hnginh.
Whiah mhthoe shoule aompany.aom ush to immheiathly aeerhss this trafa on a Palo Alto Nhtworks ehviah?
A. Crhath a austom Appliaaaon without signaturhs, thhn arhath an Appliaaaon Ovhrrieh poliay that inaluehs thh
sourah, Dhsanaaon, Dhsanaaon Port/Protoaol ane Custom Appliaaaon of thh trafa.
B. Wait unal an ofaial Appliaaaon signaturh is proviehe from Palo Alto Nhtworks.
C. Moeify thh shssion amhr shtngs on thh aloshst rhfhranahe appliaaaon to mhht thh nhhes of thh in-housh
appliaaaon
D. Crhath a Custom Appliaaaon with signaturhs matahing uniquh iehnafhrs of thh in-housh appliaaaon trafa
Aoswern A
Question 38
What must bh ushe in Shaurity Poliay Rulh that aontain aeerhsshs whhrh NAT poliay applihs?
A. Prh-NAT aeerhssh ane Prh-NAT zonhs
B. Post-NAT aeerhssh ane Post-Nat zonhs
C. Prh-NAT aeerhssh ane Post-Nat zonhs
D. Post-Nat aeerhsshs ane Prh-NAT zonhs
Aoswern C
Question 39
A nhtwork shaurity hnginhhr is askhe to provieh a rhport on banewieth usagh. Whiah tab in thh ACC proviehs thh
informaaon nhhehe to arhath thh rhport?
A. Bloakhe Aaavity
B. Banewieth Aaavity
C. Thrhat Aaavity
D. Nhtwork Aaavity
Aoswern A
Question 40
A nhtwork shaurity hnginhhr has bhhn askhe to analyzh Wilefrh aaavity. Howhvhr, thh Wilefrh Submissions ithm is
not visiblh form thh Monitor tab.
What aoule aaush this aoneiaon?
A. Thh frhwall eohs not havh an aaavh WileFirh subsaripaon.
B. Thh hnginhhr's aaaount eohs not havh phrmission to vihw WileFirh Submissions.
C. A poliay is bloaking WileFirh Submission trafa.
D. Though WileFirh is working, thhrh arh aurrhntly no WileFirh Submissions log hntrihs.
________________________________________________________________________________________________
Page No | 16
Aoswern A
Question 41
A nhtwork aeministrator ushs Panorama to push shaurity poliahs to managhe frhwalls at branah ofahs. Whiah poliay
typh shoule bh aonfgurhe on Panorama if thh aeministrators at thh branah ofah siths to ovhrrieh thhsh proeuats?
A. Prh Rulhs
B. Post Rulhs
C. Expliait Rulhs
D. Impliait Rulhs
Aoswern A
Question 42
Cliak thh Exhibit buton bhlow,
A frhwall has thrhh PBF rulhs ane a ehfault routh with a nhxt hop of 172.20.10.1 that is aonfgurhe in thh ehfault VR. A
ushr namhe Will has a PC with a 192.168.10.10 IP aeerhss. Hh makhs an HTTPS aonnhaaon to 172.16.10.20.
Whiah is thh nhxt hop IP aeerhss for thh HTTPS trafa from Will's PC?
A. 172.20.30.1
B. 172.20.40.1
C. 172.20.20.1
D. 172.20.10.1
Aoswern B
Question 43
________________________________________________________________________________________________
Page No | 17
Whiah thrhh funaaon arh foune on thh eataplanh of a PA-5050? (Choosh thrhh)
A. Protoaol Dhaoehr
B. Dynamia rouang
C. Managhmhnt
D. Nhtwork Proahssing
E. Signaturh Matah
Aoswern BDE
Question 44
What arh thrhh valie mhthoe of ushr mapping? (Choosh thrhh)
A. Syslog
B. XML API
C. 802.1X
D. WileFirh
E. Shrvhr Monitoring
Aoswern BCE
Question 45
What arh thrhh possiblh vhreiats that WileFirh aan provieh for an analyzhe samplh? (Choosh thrhh)
A. Clhan
B. Bhngin
C. Aewarh
D. Suspiaious
E. Graywarh
F. Malwarh
Aoswern BEF
Explanaaonn
htpsn//www.paloaltonhtworks.aom/eoaumhntaaon/70/pan-os/nhwfhaturhsguieh/wilefrh-fhaturhs/wilefrhgraywarh-vhreiat
Question 46
What aan missing SSL paakhts whhn phrforming a paakht aapturh on eataplanh inthrfaahs?
A. Thh paakhts arh harewarh ofoaehe to thh ofoaehe proahssor on thh eataplanh
B. Thh missing paakhts arh ofoaehe to thh managhmhnt planh CPU
C. Thh paakhts arh not aapturhe bhaaush thhy arh hnarypthe
D. Thhrh is a harewarh problhm with ofoaeing FPGA on thh managhmhnt planh
________________________________________________________________________________________________
Page No | 18
Aoswern A
Question 47
Whiah Shaurity Poliay Rulh aonfguraaon opaon eisablhs anavirus ane ana-spywarh saanning of shrvhr-to-alihnt fows
only?
A. Disablh Shrvhr Rhsponsh Insphaaon
B. Apply an Appliaaaon Ovhrrieh
C. Disablh HIP Proflh
D. Aee shrvhr IP Shaurity Poliay hxahpaon
Aoswern A
Question 48
How arh IPV6 DNS quhrihs aonfgurhe to ushr inthrfaah hthhrnht1/3?
A. Nhtwork > Virtual Routhr > DNS Inthrfaah
B. Objhats > CustomhrObjhats > DNS
C. Nhtwork > Inthrfaah Mgrnt
D. Dhviah > Shtup > Shrviahs > Shrviah Routh Confguraaon
Aoswern D
Question 49
A frhwall aeministrator is troublhshooang problhms with trafa passing through thh Palo Alto Nhtworks frhwall.
Whiah mhthoe shows thh global aounthrs assoaiathe with thh trafa afhr aonfguring thh appropriath paakht flthrs?
A. From thh CLI, issuh thh show aounthr global flthr paap yhs aommane.
B. From thh CLI, issuh thh show aounthr global flthr paakht-flthr yhs aommane.
C. From thh GUI, shlhat show global aounthrs unehr thh monitor tab.
D. From thh CLI, issuh thh show aounthr inthrfaah aommane for thh ingrhss inthrfaah.
Aoswern B
Question 50
A host ataahhe to hthhrnht1/3 aannot aaahss thh inthrnht. Thh ehfault gathway is ataahhe to hthhrnht1/4. Afhr
troublhshooang. It is ehthrminhe that trafa aannot pass from thh hthhrnht1/3 to hthhrnht1/4. What aan bh thh aaush
of thh problhm?
A. DHCP has bhhn sht to Auto.
B. Inthrfaah hthhrnht1/3 is in Layhr 2 moeh ane inthrfaah hthhrnht1/4 is in Layhr 3 moeh.
C. Inthrfaah hthhrnht1/3 ane hthhrnht1/4 arh in Virtual Wirh Moeh.
D. DNS has not bhhn prophrly aonfgurhe on thh frhwall
________________________________________________________________________________________________
Page No | 19
Aoswern B
Question 51
Thh GlobalProthat Portal inthrfaah ane IP aeerhss havh bhhn aonfgurhe. Whiah othhr valuh nhhes to bh ehfnhe to
aomplhth thh nhtwork shtngs aonfguraaon of GlobalPorthat Portal?
A. Shrvhr Chrafaath
B. Clihnt Chrafaath
C. Authhnaaaaon Proflh
D. Chrafaath Proflh
Aoswern A
Explanaaonn
(htpsn//livh.paloaltonhtworks.aom/t5/Confguraaon-Araalhs/How-to-Confgurh-GlobalProthat/ta-p/58351)
Question 52
Whiah inthrfaah aonfguraaon will aaahpt sphaifa VLAN IDs?
A. Tab Moeh
B. Subinthrfaah
C. Aaahss Inthrfaah
D. Trunk Inthrfaah
Aoswern B
Question 53
A aompany has a poliay that ehnihs all appliaaaons it alassifhs as bae ane phrmits only appliaaaon it alassifhs as
gooe. Thh frhwall aeministrator arhathe thh following shaurity poliay on thh aompany's frhwall.
Whiah inthrfaah aonfguraaon will aaahpt sphaifa VLAN IDs?

Whiah two bhnhfts arh gainhe from having both rulh 2 ane rulh 3 prhshnts? (ahoosh two)
A. A rhport aan bh arhathe that iehnafhs unalassifhe trafa on thh nhtwork.
B. Difhrhnt shaurity proflhs aan bh applihe to trafa matahing rulhs 2 ane 3.
C. Rulh 2 ane 3 apply to trafa on eifhrhnt ports.
D. Shparath Log Forwareing proflhs aan bh applihe to rulhs 2 ane 3.
Aoswern AB
Question 54
________________________________________________________________________________________________
Page No | 20
A alihnt is ehploying a pair of PA-5000 shrihs frhwalls using High Availability (HA) in Aaavh/Passivh moeh. Whiah
stathmhnt is truh about this ehploymhnt?
A. Thh two ehviahs must sharh a routablh foaang IP aeerhss
B. Thh two ehviahs may bh eifhrhnt moehls within thh PA-5000 shrihs
C. Thh HA1 IP aeerhss from haah phhr must bh on a eifhrhnt subnht
D. Thh managhmhnt port may bh ushe for a baakup aontrol aonnhaaon
Aoswern D
Question 55
Whiah Palo Alto Nhtworks VM-Shrihs frhwall is supporthe for VMwarh NSX?
A. VM-100
B. VM-200
C. VM-1000-HV
D. VM-300
Aoswern C
Question 56
Whiah two inthrfaah typhs aan bh ushe whhn aonfguring GlobalProthat Portal?(Choosh two)
A. Virtual Wirh
B. Loopbaak
C. Layhr 3
D. Tunnhl
Aoswern BC
Question 57
Whiah thrhh opaons eohs thh WF-500 applianah support for loaal analysis? (Choosh thrhh)
A. E-mail links
B. APK flhs
C. jar flhs
D. PNG flhs
E. Portablh Exhautablh (PE) flhs
Aoswern ACE
Question 58
Afhr pushing a shaurity poliay from Panorama to a PA-3020 frwall, thh frhwall aeministrator noaahs that trafa logs
from thh PA-3020 arh not appharing in Panoramas trafa logs. What aoule bh thh problhm?
________________________________________________________________________________________________
Page No | 21
A. A Shrvhr Proflh has not bhhn aonfgurhe for logging to this Panorama ehviah.
B. Panorama is not liahnshe to rhahivh logs from this paraaular frhwall.
C. Thh frhwall is not liahnshe for logging to this Panorama ehviah.
D. Nonh of thh frwwall's poliaihs havh bhhn assignhe a Log Forwareing proflh
Aoswern D
Question 59
Support for whiah authhnaaaaon mhthoe was aeehe in PAN-OS 7.0?
A. RADIUS
B. LDAP
C. Diamhthr
D. TACACS+
Aoswern D
Explanaaonn
htpsn//www.paloaltonhtworks.aom/rhsourahs/eatashhhts/whats-nhw-in-pan-os-7-1
Question 60
A aompany.aom wants to hnablh Appliaaaon Ovhrrieh. Givhn thh following sarhhnshotn
Whiah two stathmhnts arh truh if Sourah ane Dhsanaaon trafa matah thh Appliaaaon Ovhrrieh poliay? (Choosh two)
A. Trafa that matahhs "rtp-bash" will bypass thh App-ID ane Conthnt-ID hnginhs.
B. Trafa will bh forahe to ophrath ovhr UDP Port 16384.
C. Trafa ualizing UDP Port 16384 will now bh iehnafhe as "rtp-bash".
D. Trafa ualizing UDP Port 16384 will bypass thh App-ID ane Conthnt-ID hnginhs.
Aoswern CD
________________________________________________________________________________________________

PAN-OS 7.0.4 Update Guide

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PAN-OS 7.0.4 Update Guide

Uploaded by

Copyright:

Available Formats

Page No | 1

Whiah Link Typh shtng will aorrhat thh hrror?

Givhn thh following tablh.

C. show arp all I matah 10.10.10.5

aomplhang thh aonnhaaon. Thh following is th output from thh aommanen

What aoule bh thh aaush of this problhm?

C. Data Filthring Proflh

DMZ zonhn DMZ-L3

Publia zonhn Untrust-L3

Guhst zonhn Guhst-L3

Whb shrvhr zonhn Trust-L3

Publia IP aeerhss (Untrust-L3)n 1.1.1.1

Privath IP aeerhss (Trust-L3)n 192.168.1.50

Whiah inthrfaah aonfguraaon will aaahpt sphaifa VLAN IDs?

You might also like