Get 100% Real Exam Questions, Accurate & Verified Answers By IT Experts
Fast Updates & Instant Download!
105 Questions & Answers
Last Update: Dec 09, 2024
$69.99
Download Free PCNSE7 Exam Questions
Exam | PCNSE7 - Palo Alto Networks Certified Network Security Engineer on PAN-OS 7 |
Size: | 1.42 MB |
Posted Date: | Wednesday, September 7, 2016 |
# of downloads: | 1904 |
Free Download: | |
Download Free PCNSE7 Exam Questions |
Purchase Individually
Top Palo Alto Networks Certification Exams
Site Search:
Only Registered Members Can Download VCE Files or View Training Courses
Please fill out your email address below in order to Download VCE files or view Training Courses. Registration is Free and Easy - you simply need to provide an email address.
Log into your ExamCollection Account
Please Log In to download VCE file or view Training Course
Only registered Examcollection.com members can download vce files or view training courses.
SPECIAL OFFER: GET 10% OFF
Pass your Exam with ExamCollection's PREMIUM files!
SPECIAL OFFER: GET 10% OFF
Use Discount Code:
MIN10OFF
A confirmation link was sent to your e-mail.
Please check your mailbox for a message from support@examcollection.com and follow the directions.
Download Free Demo of VCE Exam Simulator
Experience Avanset VCE Exam Simulator for yourself.
Simply submit your e-mail address below to get started with our interactive software demo of your free trial.
I am planning to take PCNSE7 is premium file is valid or not valid
The new PCNSE Exam is no longer associated with a product version number. The exam itself will be updated with very major product release (8.0 Current) and you should refer to the study guide and related support materials to get the latest test objectives and product features that you will be tested for.
I am palaning to take PCNSE7. is premimum file is valid?
I am planning to write PCNSE 8 next week
Anybody passed PCNSE 8
Don't waste you time with these dumps they are very out of date and the new PCNSE 8 exam is next level shizz nothing in these dumps will help you unless you have extensive experience on V8.0. Most of these dumps question come from the prep exam or very old PCNSE exams.
There is new release of PCNSE exam.so i guess we have to focus on that one
Dump is partially valid.Took the exam today.Managed to pass it.This dump+Gini-Pick new questions..only covers around 20-25 questions of the current exam.total question is 60.Still need to find other sources/material to clear the exam.
Pls can anyone conform about exam collection premium dump ? is it valid .
Can anybody confirm that the dumps are still valid. Thanks in advance
Someone has the current issues of this exam?
Is this dump still valid?
Q14 - Update
The answer A isn't correct as proposed. The answer B seems to be correct, which is default in the Pierre51q. The ProxyIDs are essential to form a phase 1 shared keys. Please look at the source below. If i am wrong, please correct me.
https://live.paloaltonetworks.com/t5/Featured-Articles/DotW-Help-with-IPSec-Proxy-IDs-with-overlapping-IPs/ta-p/69123
is this dump valid????
Could anyone please share the resource/link for Lab practice? Thanks
The questions are correct but most of the answers are not. Do your work and look them up. You might learn something. :)
is this still valid
Dumps are valid including Gini-Pic Q's.The only thing you need to do is fin the correct answers on your own as most of them are incorrect.
Anyone recently take the test? Can anyone confirm this is still valid?
Hi All,
Any one gave exam in this week? and any one has new dumps??
Hey,
The dump is still valid ?
Thanks
How can a Palo Alto Networks Firewall be configured to send syslog message in a format compatible with non-standard syslog servers?
A. Enable support for non-standard syslog messages under device management
B. Check the custom-format check box in the syslog server profile
C. Select a non-standard syslog server profile
D. Create a custom log format under the syslog server profile
The answer is D
To Dragula:
A network security engineer needs to configure a virtual router using IPv6 addresses.
Which two routing options support these addresses? (Choose 2)
A. BGP
B. OSPFv3
C RIP
D Static Route
B and D supports IPv6
Hi India,Where are questions posted ?
Questions posted and dump together valid đź’Ż. But just have a eye on answer
i google nick 60q. i could not find it. pcnse7 will change dump soon. anyone gave exam please share experience new questions. please.
The real answer are located on Niko 60q file. The problem is that noone here know how to download this dump file. SO no change to pass the exam without this file
@ciscguy yes
and questions posted by Dragula
Gini-Pick are in exam
@ahmed
is that dump with pics still valid?
There is a dump contains a photos of 60 questions that one is valid I don't know about one exist here.
@aditya, can you recall the new questions?
Dumps are not valid, i recently appeared in exam and got failed.
Guys, Appreciate if anyone can help me to check it the dumps are still valid?
Thanks
anyone passed recently?
Did anyone passed the exam recently, and any new questions apart from below updated, please some one help me with latest update,
Did anyone passed the exam recently, did that Gini-Pick and Dragula questions are still valid, from where to get Niko 60q file, Kindly let me know, desperately wanted to take this exam. I gace exam March first week and failed.
When using the predefined default antivirus profile, the policy will inspect for viruses on the decoders.
Match each decoder with its default action.
Answers options maybe used more than once or not at all.
1. IMAP
2. 2. HTTP
3. 3. FTP,SMB
4. 4. POP3,SMTP
Alert
Reset-Both
In an enterprise deployment, a network security engineer wants to assign rights to a group of administrators without creating local administrator accounts on the firewall.
Which authentication method must be used?
A. LDAP
B. Kerberos
C. Certificate-based authentication
D. Radius with vendors-specific attributes
I choose D, please correct me if I am wrong
A company hosts a publicly accessible web server behind a Palo Alto Networks next-generation firewall with the following configuration information:
• Users outside the company are in the “Untrust-L3” zone.
• The web server physically resides in the “Trust-L3” zone.
• Web server public IP address: 23.54.6.10
• Web server private IP address: 192.168.1.10
Which two items must the NAT policy contain to allow users in the Untrust-l3 zone to access the web server? (Choose two.)
A. Destination IP of 23.54.6.10
B. Untrust-L3 for both Source and Destination Zone
C. Destination IP of 192.168.1.10
D. Untrust-L3 for Source Zone and Trust-L3 for Destination Zone
Not about this one, please assist
How can a Palo Alto Networks Firewall be configured to send syslog message in a format compatible with non-standard syslog servers?
A. Enable support for non-standard syslog messages under device management
B. Check the custom-format check box in the syslog server profile
C. Select a non-standard syslog server profile
D. Create a custom log format under the syslog server profile
Not about this one, please assist
Hi UptownCCIE,
may I have Nico 60q ?
I can't get it in the forum
Thanking you
regards
Passed yesterday, many thanks Dragula.
I used Niko 60q file plus Dragula's questions
@ Dragula
Have you attempted this exam before ? and if yes how many questions from this dump ?
Any one writin and pass this exam? Please give an update please...
@ Dragula:
Did you clear the exam. How many questions you got from this dump ? your all answers are correct except Q#5 and i dont know the answer of Q5
? Which two logs on the firewall will contain authentication-related information useful for troubleshooting purpose (Choose two)
A. ms.log
B. traffic.log
C. system.log
D. dp-monitor.log
E. authd.log
I have choose C and E, please advise if I am correct..
? When a malware-infected host attempts to resolve a known command-and-control server, the traffic matches a security policy with DNS sinhole enabled, generating a traffic log.
What will be the destination IP Address in that log entry?
A. The IP Address of sinkhole.paloaltonetworks.com
B. The IP Address of the command-and-control server
C. The IP Address specified in the sinkhole configuration
D. The IP Address of one of the external DNS servers identified in the anti-spyware database
Not sure about this one, please help..
? Which CLI command displays the current management plane memory utilization?
A. > debug management-server show
B. > show running resource-monitor
C. > show system info
D. > show system resources
I choose D, please advise if I am correct or wrong
A network security engineer needs to configure a virtual router using IPv6 addresses.
Which two routing options support these addresses? (Choose 2)
A. BGP
B. OSPFv3
C RIP
D Static Route
I choose B and A (Not sure about this one please advise)
Quote
MultiQuote
Edit
A file sharing application is being permitted and no one knows what this application is used for.
How should this application be blocked?
8]A. Block all unauthorized applications using a security policy
8]B. Block all known internal custom applications
8]C. Create a WildFire Analysis Profile that blocks Layer 4 and Layer 7 attacks
8]D. Create a File blocking profile that blocks Layer 4 and Layer 7 attacks
35]My answer was D, please advise if I am wrong or correct.
Any one has ordered a VHS Giant ASS, here I am boys and girls Lol..
These are my answers, upto my best knowledge
Got the new questions, So Lets Crack the Answers now....
QUESTION NO: 1
A network design calls for a "router on a stick" implementation with a PA-5060 performing inter-VLAN routing All VLAN-tagged traffic will be forwarded to the PA-5060 through a single dot1q trunk interface
Which interface type and configuration setting will support this design?
A. Trunk interface type with specified tag
B. Layer 3 interface type with specified tag
C. Layer 2 interface type with a VLAN assigned
D. Layer 3 subinterface type with specified tag
Answer: D
QUESTION NO: 2
A Network Administrator wants to deploy a Large Scale VPN solution. The Network Administrator has chosen a GlobalProtect Satellite solution. This configuration needs to be deployed to multiple remote offices and the Network Administrator decides to use Panorama to deploy the configurations.
How should this be accomplished?
A. Create a Template with the appropriate IKE Gateway settings
B. Create a Template with the appropriate IPSec tunnel settings
C. Create a Device Group with the appropriate IKE Gateway settings
D. Create a Device Group with the appropriate IPSec tunnel settings
Answer: B
QUESTION NO: 3
Which option is an IPv6 routing protocol?
A. RIPv3
B. OSPFv3
C. OSPv3
D. BGP NG
Answer: B
QUESTION NO: 4
Firewall administrators cannot authenticate to a firewall GUI.
Which two logs on that firewall will contain authentication-related information useful in troubleshooting this issue? (Choose two.)
A. ms log
B. authd log
C. System log
D. Traffic log
E. dp-monitor .log
Answer:
QUESTION NO: 5
Several offices are connected with VPNs using static IPv4 routes. An administrator has been tasked with implementing OSPF to replace static routing.
Which step is required to accomplish this goal?
A. Assign an IP address on each tunnel interface at each site
B. Enable OSPFv3 on each tunnel interface and use Area ID 0.0.0.0
C. Assign OSPF Area ID 0.0.0.0 to all Ethernet and tunnel interfaces
D. Create new VPN zones at each site to terminate each VPN connection
Answer: C
QUESTION NO: 6
When is it necessary to activate a license when provisioning a new Palo Alto Networks firewall?
A. When configuring Certificate Profiles
B. When configuring GlobalProtect portal
C. When configuring User Activity Reports
D. When configuring Antivirus Dynamic Updates
Answer: D
QUESTION NO: 7
What are two prerequisites for configuring a pair of Palo Alto Networks firewalls in an active/passive High Availability (HA) pair? (Choose two.)
A. The firewalls must have the same set of licenses.
B. The management interfaces must to be on the same network.
C. The peer HA1 IP address must be the same on both firewalls.
D. HA1 should be connected to HA1. Either directly or with an intermediate Layer 2 device.
Answer: A
QUESTION NO: 8
Which authentication source requires the installation of Palo Alto Networks software, other than PAN-OS 7x, to obtain a username-to-IP-address mapping?
A. Microsoft Active Directory
B. Microsoft Terminal Services
C. Aerohive Wireless Access Point
D. Palo Alto Networks Captive Portal
Answer: B
QUESTION NO: 9
A network design change requires an existing firewall to start accessing Palo Alto Updates from a data plane interface address instead of the management interface.
Which configuration setting needs to be modified?
A. Service route
B. Default route
C. Management profile
D. Authentication profile
Answer: A
QUESTION NO: 10
Which URL Filtering Security Profile action togs the URL Filtering category to the URL Filtering log?
A. Log
B. Alert
C. Allow
D. Default
Answer: B
QUESTION NO: 11
People are having intermittent quality issues during a live meeting via web application.
A. Use QoS profile to define QoS Classes
B. Use QoS Classes to define QoS Profile
C. Use QoS Profile to define QoS Classes and a QoS Policy
D. Use QoS Classes to define QoS Profile and a QoS Policy
Answer: C
QUESTION NO: 12
Which URL Filtering Security Profile action logs the URL Filtering category to the URL Filtering log?
A. Log
B. Alert
C. Allow
D. Default
Answer: B
QUESTION NO: 13
Several offices are connected with VPNs using static IPV4 routes. An administrator has been tasked with implementing OSPF to replace static routing.
Which step is required to accoumplish this goal?
A. Assign an IP address on each tunnel interface at each site
B. Enable OSPFv3 on each tunnel interface and use Area ID 0.0.0.0
C. Assign OSPF Area ID 0.0.0.0 to all Ethernet and tunnel interfaces
D. Create new VPN zones at each site to terminate each VPN connection
Answer: C
QUESTION NO: 14
A network security engineer has a requirement to allow an external server to access an internal web server. The internal web server must also initiate connections with the external server.
What can be done to simplify the NAT policy?
A. Configure ECMP to handle matching NAT traffic
B. Configure a NAT Policy rule with Dynamic IP and Port
C. Create a new Source NAT Policy rule that matches the existing traffic and enable the Bi-directional option
D. Create a new Destination NAT Policy rule that matches the existing traffic and enable the Bi-directional option
Answer: C
QUESTION NO: 15
Which Panorama feature allows for logs generated by Panorama to be forwarded to an external Security Information and Event Management(SIEM) system?
A. Panorama Log Settings
B. Panorama Log Templates
C. Panorama Device Group Log Forwarding
D. Collector Log Forwarding for Collector Groups
Answer: A
QUESTION NO: 16
Which CLI command displays the current management plan memory utilization?
A. > show system info
B. > show system resources
C. > debug management-server show
D. > show running resource-monitor
Answer:
QUESTION NO: 17
Which three rule types are available when defining policies in Panorama? (Choose three.)
A. Pre Rules
B. Post Rules
C. Default Rules
D. Stealth Rules
E. Clean Up Rules
Answer: A,B,C
@VHS GIANT ASS Please share the answers you have given
@VHS GIANT ASS, can you please share All Gini-Pick's questions, confirmed Answer.
Hi, I passed the exam. I used Gini-Pick's questions and the 51q file.
Basically all new questions are the one from Gini-Pick.
Tx Gini
Got the new questions, So Lets Crack the Answers now....
QUESTION NO: 1
A network design calls for a "router on a stick" implementation with a PA-5060 performing inter-VLAN routing All VLAN-tagged traffic will be forwarded to the PA-5060 through a single dot1q trunk interface
Which interface type and configuration setting will support this design?
A. Trunk interface type with specified tag
B. Layer 3 interface type with specified tag
C. Layer 2 interface type with a VLAN assigned
D. Layer 3 subinterface type with specified tag
Answer:
QUESTION NO: 2
A Network Administrator wants to deploy a Large Scale VPN solution. The Network Administrator has chosen a GlobalProtect Satellite solution. This configuration needs to be deployed to multiple remote offices and the Network Administrator decides to use Panorama to deploy the configurations.
How should this be accomplished?
A. Create a Template with the appropriate IKE Gateway settings
B. Create a Template with the appropriate IPSec tunnel settings
C. Create a Device Group with the appropriate IKE Gateway settings
D. Create a Device Group with the appropriate IPSec tunnel settings
Answer:
QUESTION NO: 3
Which option is an IPv6 routing protocol?
A. RIPv3
B. OSPFv3
C. OSPv3
D. BGP NG
Answer:
QUESTION NO: 4
Firewall administrators cannot authenticate to a firewall GUI.
Which two logs on that firewall will contain authentication-related information useful in troubleshooting this issue? (Choose two.)
A. ms log
B. authd log
C. System log
D. Traffic log
E. dp-monitor .log
Answer:
QUESTION NO: 5
Several offices are connected with VPNs using static IPv4 routes. An administrator has been tasked with implementing OSPF to replace static routing.
Which step is required to accomplish this goal?
A. Assign an IP address on each tunnel interface at each site
B. Enable OSPFv3 on each tunnel interface and use Area ID 0.0.0.0
C. Assign OSPF Area ID 0.0.0.0 to all Ethernet and tunnel interfaces
D. Create new VPN zones at each site to terminate each VPN connection
Answer:
QUESTION NO: 6
When is it necessary to activate a license when provisioning a new Palo Alto Networks firewall?
A. When configuring Certificate Profiles
B. When configuring GlobalProtect portal
C. When configuring User Activity Reports
D. When configuring Antivirus Dynamic Updates
Answer:
QUESTION NO: 7
What are two prerequisites for configuring a pair of Palo Alto Networks firewalls in an active/passive High Availability (HA) pair? (Choose two.)
A. The firewalls must have the same set of licenses.
B. The management interfaces must to be on the same network.
C. The peer HA1 IP address must be the same on both firewalls.
D. HA1 should be connected to HA1. Either directly or with an intermediate Layer 2 device.
Answer:
QUESTION NO: 8
Which authentication source requires the installation of Palo Alto Networks software, other than PAN-OS 7x, to obtain a username-to-IP-address mapping?
A. Microsoft Active Directory
B. Microsoft Terminal Services
C. Aerohive Wireless Access Point
D. Palo Alto Networks Captive Portal
Answer:
QUESTION NO: 9
A network design change requires an existing firewall to start accessing Palo Alto Updates from a data plane interface address instead of the management interface.
Which configuration setting needs to be modified?
A. Service route
B. Default route
C. Management profile
D. Authentication profile
Answer:
QUESTION NO: 10
Which URL Filtering Security Profile action togs the URL Filtering category to the URL Filtering log?
A. Log
B. Alert
C. Allow
D. Default
Answer:
QUESTION NO: 11
People are having intermittent quality issues during a live meeting via web application.
A. Use QoS profile to define QoS Classes
B. Use QoS Classes to define QoS Profile
C. Use QoS Profile to define QoS Classes and a QoS Policy
D. Use QoS Classes to define QoS Profile and a QoS Policy
Answer:
QUESTION NO: 12
Which URL Filtering Security Profile action logs the URL Filtering category to the URL Filtering log?
A. Log
B. Alert
C. Allow
D. Default
Answer:
QUESTION NO: 13
Several offices are connected with VPNs using static IPV4 routes. An administrator has been tasked with implementing OSPF to replace static routing.
Which step is required to accoumplish this goal?
A. Assign an IP address on each tunnel interface at each site
B. Enable OSPFv3 on each tunnel interface and use Area ID 0.0.0.0
C. Assign OSPF Area ID 0.0.0.0 to all Ethernet and tunnel interfaces
D. Create new VPN zones at each site to terminate each VPN connection
Answer:
QUESTION NO: 14
A network security engineer has a requirement to allow an external server to access an internal web server. The internal web server must also initiate connections with the external server.
What can be done to simplify the NAT policy?
A. Configure ECMP to handle matching NAT traffic
B. Configure a NAT Policy rule with Dynamic IP and Port
C. Create a new Source NAT Policy rule that matches the existing traffic and enable the Bi-directional option
D. Create a new Destination NAT Policy rule that matches the existing traffic and enable the Bi-directional option
Answer:
QUESTION NO: 15
Which Panorama feature allows for logs generated by Panorama to be forwarded to an external Security Information and Event Management(SIEM) system?
A. Panorama Log Settings
B. Panorama Log Templates
C. Panorama Device Group Log Forwarding
D. Collector Log Forwarding for Collector Groups
Answer:
Hi pcnse7,
Kindly share few questions apart from this dumps it really helps, I gave exam once and failed.
I have passed at last week.
This dump valid about 60%. Make sure verify answer, many answers in this dump not correct.
There are many new questions, but if you take test PCNSE7 Practice Questions on portal Palaltonetworks, and learning study guide. It good for pass the exam.
Hi All,
Any one given exam this week, what are the missing questions, is this completely changed ? How many questions are still valid from this dumps and what are those missing questions from this dumps, any one kindly put here some random question which are missing from these dumps
Hi All,
Any one gave exam in this week? What agree the extra 30 questions apart from this dumps. Please post here. I took exam last week and failed, because there are 30 new questions out of 60, where 30 came from dumps. Please post missing 30 questions here.
@satheesh
How many questions asked in exam?
Thank you for your feedback on the premium dumps.
Hi Satheesh:
From where you bought the dumps ?
I bought premium file ( NOT from exam collection ) but I FAILED. The premium file contain only 60Q, I got only 40 questions from that file.
Exam written date : Feb 1st 2017
I am going to appear exam in this month. Can someone please guide should i go with this dumps ?
no luck here as well :(
Sharing my experience. Dont take exam based on this dumps. Its only 40pc valid.
Please share the exam Dump link to download
Just took the exam 2/17/2017 it's really annoying to post multiple confusing things here when all were doing is trying to help find that right answer, I had over 20 questions that were new on Panoroma, NAT, routing, policies and procedures, logs and states there was a Ping question on 8.8.8.8 and how will it come back to you, i really wish I had all the questions they ask, but look out most of these dumps are now officially obsolete... Also Raja confused everyone. All these questions are PSE -Fundamental questions not PCNSE7 question.
are confirmed last night when I check it was from the fundamental exams , why are people here posting abcds etc that doesn't help either come on people ... Any way the real winner of this exam post the MOST up to date VCE to get all of us some help will be good. keep the threads short instead long threads .
any update about new questions?
what about the right answers: 1.Pre 2.Local 3.post 4.default
for panorama policy?
Any update regarding the Questions?
Any new Questions and what about 1.Pre 2.Local 3.post 4.default
which one is right?
Hello Umar,
Congratulations!!
What sort of new question you got in the exam? Can you post here please.
Passed. This is my 2nd attempt and both exams has different question. Only part of the questions from this dump appeared in exam. All the best.
Any update please?
I would say 40-45 of the questions from test was from dump. So roughly 15-20 new questions.
The dump itself has 15 questions that are wrong.
To Follow up on omar Elqoshiery
it is:
1.Pre 2.Local 3.post 4.default
Good luck
Please confirm the answer for the following questions. Thank you in advance.
20,21,26,31,33,34,36,51
I passed. There was 23 new questions 37 from the dump.New questions were mostly related to network security basics.
75% is valid. I appeared on Feb 1st 2017. But I failed... May be the answers of this dump are wrong.
Please check the answers one by one and appear for the exam.
How are you guys accessing these files? Do you have any free software
i passed yesterday from Egypt ,
dump is 85 % valid , take care from the dump answers , below is my answers
also there is about 10 new questions :
which routing protcol added new releated to ipv6
1-ospfv3 2-rip v3 -3-bgb ge
which policies in the panorama
1-pre 2- post 3-default 4-clear
talking about how panorama send to siem
2 qusetions asking about destination nat
1-b
2-a,c
3-b,e
4-d
5-c
6-c
7-bcf
8-c
9-a
10-b,d
11-c
12-a,b,f
13-a
14-a
15-d
16-a
17-c
18-b,c,f
19-b,d
20-c
21-a
22-b,e
23-c,d
24-a
25-c,d
26-a
27-a
28-d
29-c
30-d
31-b
32-b
33-based on gif but will be first bbf
34-a,d,e not sure
35-a,b,e
36-b,c,e
37-a
38-a
39-d
40-b
41-b
42-a
43-b
44-a,d
45-d
46-c
47-b,c
48-a,c,e
49-d
50-d
51-b,c not sure
Passed the exam today
A lot of new questions
95% of mr.A's answers are correct
Recheck and read a lot of stuff
Don't rely alone on the dumps
Use common sense to answer the questions
Good luck !!
Hi, I took the exam yesterday and passed it. There are 16 new questions, I flagged it coz I'm not sure if my answers are correct. I thought I would fail the exam, but luckily I passed it. Goodluck everyone.
Raja confused everyone. All these questions are PSE -Fundamental questions not PCNSE7 question.
These dumps are still valid. Go for it. But don't rely on dump's answers. Most of them are wrong. I am already failed with these answers. If you got the right answers then please post.
RAJA and MEHDI Do you know those questions are from the foundation exams? and not the PCNSE7
Hi, are these questions still valid? Have they made any changes to the exam for 2017?
Raja, please let us know 20 questions which you posted here, were there in exams or not.
Hello RAJA,
Below you will find my answers for the different questions :
Question 1
What is the URL for the full list of applications recognized by Palo Alto Networks?
http://www.Applipedia.com
http://www.MyApplipedia.com
http://applipedia.paloaltonetworks.com
http://applications.paloaltonetworks.com
Response:
http://applipedia.paloaltonetworks.com
Question 2
What does App-ID inspect to identify an application?
Source IP
Source Port
TTL
Data Payload
Hash
Encryption Key
Response:
Data Payload
Question 3
If malware is detected on the internet perimeter, what other places in the network might be affected?
Cloud
Endpoints
Branch Offices
All of the above
Data Center
Response:
All of the above
Question 4
What are the major families of file types now supported by Wildfire in PAN-OS 7.0?
All executable files and all files with a MIME type
All executable files, PDF files, Microsft Office files and Adobe Flash applets
PE files, Microsoft Office, PDF, Java applets, APK, and Flash
All executable files, PDF files and Microsft Office files
Response
PE files, Microsoft Office, PDF, Java applets, APK, and Flash
Question 5
Which of the following are critical features of a Next Generation Firewall that provide Breach prevention? Choose two.
Alarm generation of known threats traversing the device
Application Visibility and URL Categorization
Endpoint and server scanning for known malware
Processing all traffic across all ports & protocols, in both directions
Centralized or distributed log collectors
Response:
Application Visibility and URL Categorization
Processing all traffic across all ports & protocols, in both directions
Question 6
True or False: One of the advantages of Single Pass Parallel Processing (SP3) is that traffic can be scanned as it crosses the firewall with minimum amount of buffering, which in turn can allow advanced features like virus/malware scanning without effecting firewall performance
True False
Response
False
Question 7
Which hardware platform should I consider if the customer needs at least 1 Gbps of Threat Prevention throughput and the ability to handle at least 250K sessions?
Any PA-5000 or PA-7000 series firewall
Only the PA-3060 firewall and higher
Any PA-3000, PA-5000, or PA-7000 series firewall
Only the PA-3050 firewall and higher
Response
Any PA-3000, PA-5000, or PA-7000 series firewall
Question 8
True or False: DSRI degrades the performance of a firewall?
True False
Response
False
Question 9
How quickly are Wildfire updates about previously unknown files now being delivered from the cloud to customers with a WildFire subscription (as of version 6.1)?
15 minutes
30 minutes
1 day
5 minutes
60 minutes
Response:
15 minutes
Question 10
Which of the following are valid Subscriptions for the Next Generation Platform? [Select All that apply]
URL Filtering
Support
User ID
Content ID
SSL Decryption
Threat Prevention
App ID
Response:
URL Filtering
Support
Threat Prevention
Question 11
Which hardware firewall platforms include both built-in front-to-back airflow and redundant power supplies?
All PA-5000 and PA-7000 series firewall platforms
All Palo Alto Networks hardware firewall platforms
The PA-3060 firewall platform
The PA-7000 series firewall platforms
Response:
The PA-3060 firewall platform
Question 12
Select all the platform components that Wildfire automatically updates after finding malicious activity in previously unknown files, URLs and APKs?
Decrypt (Port-Mirroring)
Mobile (Global Protect)
Anti-Virus (Threat)
Content/Web Filtering (Pan-DB)
Anti-Malware signatures (WildFire)
Management (Panorama)
Anti Command & Control signatures (Threat)
Response:
Anti-Virus (Threat)
Content/Web Filtering (Pan-DB)
Anti-Malware signatures (WildFire)
Anti Command & Control signatures (Threat)
Question 13
What are five benefits of Palo Alto Networks NGFWs (Next Generation Firewalls)? (Select the five correct answers.)
Convenient configuration Wizard
Comprehensive security platform designed to scale functionality over time
Predictable throughput
Easy-to-use GUI which is the same on all models
Seemless integration with the Threat Intelligence Cloud
Identical security subscriptions on all models
Response:
Comprehensive security platform designed to scale functionality over time
Predictable throughput
Easy-to-use GUI which is the same on all models
Seemless integration with the Threat Intelligence Cloud
Identical security subscriptions on all models
Question 14
What are the three key components of a successful Three Tab Demo? (Select the three correct answers.)
Providing visibility into recently occurring threats and showing how to block those threats
Showing how Palo Alto Networks' firewalls provide visibility into applications and control of those applications
Presenting the information in the Network and Device tabs
After setting match criteria in the Object tab showing how that data is presented in the logs
Showing which users are running which applications and provide a method for controlling application access on a by user
Response:
- Providing visibility into recently occurring threats and showing how to block those threats
- Showing how Palo Alto Networks' firewalls provide visibility into applications and control of those applications
-Showing which users are running which applications and provide a method for controlling application access on a by user
Question 15
What are the main benefits of WildFire? (Select the three correct answers.)
WildFire gathers information from possible threats detected by both NGFWs and Endpoints.
It's a sandboxing environment that can detect malware by observing the behavior of unknown files.
By using Palo Alto Networks' proprietary cloud-based architecture, quarantine holds on suspicious files are typically reduced to less than 30 seconds.
By collecting and distributing malware signatures from every major anti-virus vendor, WildFire can provide comprehensive protection.
Signatures for identified malware are quickly distributed globally to all Palo Alto Networks' customers' firewalls.
Response:
It's a sandboxing environment that can detect malware by observing the behavior of unknown files.
WildFire gathers information from possible threats detected by both NGFWs and Endpoints.
Signatures for identified malware are quickly distributed globally to all Palo Alto Networks' customers' firewalls
Question 16
The automated Correlation Engine uses correlation objects to analyze the logs for patterns. When a match occurs:
The Correlation Engine blocks the connection
The Correlation Engine generates a correlation event
The Correlation Engine displays a warning message to the end user
The Correlation Engine dumps the alarm log
Response :
The Correlation Engine generates a correlation event
Question 17
Which one of these is not a factor impacting sizing decisions?
Decryption
Sessions
Redundancy
Number of applications
Performance
Number of rules
Response:
Number of applications
Question 18
TRUE or FALSE: Many customers purchase Palo Alto Networks NGFWs (Next Generation Firewalls) just to gain previously unavailable levels of visibility into their traffic flows.
TRUE
FALSE
Response:
True
Question 19
A spike in dangerous traffic is observed. Which of the following PanOS tabs would an administrator utilize to identify culpable users.
ACC
Monitor
Objects
Network
Policies
Device
Response:
ACC
Monitor
Question 20
True or False: PAN-DB is a service that aligns URLs with category types and is fed to the WildFire threat cloud.
True False
Response:
True
PLEASE SEND ME LATEST FILE, because i failed today exam
hi all,
i am from india, i failed the exam on 6 JANUARY 2017, because i found 30 new questions
SO CAN any one tell me INDIA QUESTION PAPER IS DIFFERENT OR NOT
Question 1
What is the URL for the full list of applications recognized by Palo Alto Networks?
http://www.Applipedia.com
http://www.MyApplipedia.com
http://applipedia.paloaltonetworks.com
http://applications.paloaltonetworks.com
Question 2
What does App-ID inspect to identify an application?
Source IP
Source Port
TTL
Data Payload
Hash
Encryption Key
Question 3
If malware is detected on the internet perimeter, what other places in the network might be affected?
Cloud
Endpoints
Branch Offices
All of the above
Data Center
Question 4
What are the major families of file types now supported by Wildfire in PAN-OS 7.0?
All executable files and all files with a MIME type
All executable files, PDF files, Microsft Office files and Adobe Flash applets
PE files, Microsoft Office, PDF, Java applets, APK, and Flash
All executable files, PDF files and Microsft Office files
Question 5
Which of the following are critical features of a Next Generation Firewall that provide Breach prevention? Choose two.
Alarm generation of known threats traversing the device
Application Visibility and URL Categorization
Endpoint and server scanning for known malware
Processing all traffic across all ports & protocols, in both directions
Centralized or distributed log collectors
Question 6
True or False: One of the advantages of Single Pass Parallel Processing (SP3) is that traffic can be scanned as it crosses the firewall with minimum amount of buffering, which in turn can allow advanced features like virus/malware scanning without effecting firewall performance
True False
Question 7
Which hardware platform should I consider if the customer needs at least 1 Gbps of Threat Prevention throughput and the ability to handle at least 250K sessions?
Any PA-5000 or PA-7000 series firewall
Only the PA-3060 firewall and higher
Any PA-3000, PA-5000, or PA-7000 series firewall
Only the PA-3050 firewall and higher
Question 8
True or False: DSRI degrades the performance of a firewall?
True False
Question 9
How quickly are Wildfire updates about previously unknown files now being delivered from the cloud to customers with a WildFire subscription (as of version 6.1)?
15 minutes
30 minutes
1 day
5 minutes
60 minutes
Question 10
Which of the following are valid Subscriptions for the Next Generation Platform? [Select All that apply]
URL Filtering
Support
User ID
Content ID
SSL Decryption
Threat Prevention
App ID
Question 11
Which hardware firewall platforms include both built-in front-to-back airflow and redundant power supplies?
All PA-5000 and PA-7000 series firewall platforms
All Palo Alto Networks hardware firewall platforms
The PA-3060 firewall platform
The PA-7000 series firewall platforms
Question 12
Select all the platform components that Wildfire automatically updates after finding malicious activity in previously unknown files, URLs and APKs?
Decrypt (Port-Mirroring)
Mobile (Global Protect)
Anti-Virus (Threat)
Content/Web Filtering (Pan-DB)
Anti-Malware signatures (WildFire)
Management (Panorama)
Anti Command & Control signatures (Threat)
Question 13
What are five benefits of Palo Alto Networks NGFWs (Next Generation Firewalls)? (Select the five correct answers.)
Convenient configuration Wizard
Comprehensive security platform designed to scale functionality over time
Predictable throughput
Easy-to-use GUI which is the same on all models
Seemless integration with the Threat Intelligence Cloud
Identical security subscriptions on all models
Question 14
What are the three key components of a successful Three Tab Demo? (Select the three correct answers.)
Providing visibility into recently occurring threats and showing how to block those threats
Showing how Palo Alto Networks' firewalls provide visibility into applications and control of those applications
Presenting the information in the Network and Device tabs
After setting match criteria in the Object tab showing how that data is presented in the logs
Showing which users are running which applications and provide a method for controlling application access on a by user
Question 15
What are the main benefits of WildFire? (Select the three correct answers.)
WildFire gathers information from possible threats detected by both NGFWs and Endpoints.
It's a sandboxing environment that can detect malware by observing the behavior of unknown files.
By using Palo Alto Networks' proprietary cloud-based architecture, quarantine holds on suspicious files are typically reduced to less than 30 seconds.
By collecting and distributing malware signatures from every major anti-virus vendor, WildFire can provide comprehensive protection.
Signatures for identified malware are quickly distributed globally to all Palo Alto Networks' customers' firewalls.
Question 16
The automated Correlation Engine uses correlation objects to analyze the logs for patterns. When a match occurs:
The Correlation Engine blocks the connection
The Correlation Engine generates a correlation event
The Correlation Engine displays a warning message to the end user
The Correlation Engine dumps the alarm log
Question 17
Which one of these is not a factor impacting sizing decisions?
Decryption
Sessions
Redundancy
Number of applications
Performance
Number of rules
Question 18
TRUE or FALSE: Many customers purchase Palo Alto Networks NGFWs (Next Generation Firewalls) just to gain previously unavailable levels of visibility into their traffic flows.
TRUE
FALSE
Question 19
A spike in dangerous traffic is observed. Which of the following PanOS tabs would an administrator utilize to identify culpable users.
ACC
Monitor
Objects
Network
Policies
Device
Question 20
True or False: PAN-DB is a service that aligns URLs with category types and is fed to the WildFire threat cloud.
True False
THANKS TO ALL,
I WRITE THE EXAM ON 31 12 2016 AND I PASSED IN THE EXAM, SO THANKS TO ALL OF THEM
@A Melvon
The answer is B
Most of these answers are wrong i took the exam and failed by following A,B,C, D nonsense, if you are going to post answer post the whole thing not A,B,C etc, these answers are 100% wrong
A or b?
A company has a pair of Palo Alto Networks firewalls configured as an Acitve/Passive High Availability (HA) pair.
What allows the firewall administrator to determine the last date a failover event occurred?
A. From the CLI issue use the show System log
B. Apply the filter subtype eq ha to the System log
C. Apply the filter subtype eq ha to the configuration log
D. Check the status of the High Availability widget on the Dashboard of the GUI
@MINT55, I COMPARED BUT I HAVE SOME DOUBT AND
THESE answer are really correct or some changes are there
if there means what changes are there.
SO PLEASE tell me the correct answer for 34 and 36.
1 B - CLICK the exception tab and then click show all sinatures.
2 AC
3 BE
4 D
5 C
6 C
7 BCF
8 C
9 A (people have input why this is not correct ) ??
10 BD
11 C
12 ABF
13 A
14 A
15 D
16 A
17 C
18 BCF
19 BD
20 A
21 D
22 BE
23 CD
24 A
25 CD
26 A
27 A
28 D
29 C
30 D
31 B (I was thinking that the menu would still be there even though no entrys is there, so D is wrong, is should be wrong also since only advanced wildfire REQUIRES a licens)
32 B
33 C
34 BDE or ADE
35 ABE
36 BEF OR ADF
37 A
38 A
39 D
40 B
41 B
42 A
43 B
44 AD (does anyone have a different answer and why ??)
45 D
46 C
47 BC
48 ACE
49 D
50 D
51 CD (Can anyone confirm ? the A is also right) ??
Question 34 has been answered differently in this thread by several users. However, according to the image on this page: https://www.paloaltonetworks.com/products/secure-the-network/next-generation-firewall/pa-5000-series
The correct answer would be: Protocol Decoder (app decoder is in the dataplane), Network Processing and Signature Matching. Dynamic Routing/Management do not take place in the Dataplane.
So many wrong answer on this dump, I have already gave the answers the a few other questions below. Then again Q15 is also wrong, the reference URL included in the dump even mentions the correct answer which should be A, there is NO globalprotect linux client and clientless ssl is not available untill PANOS 8. So the answer should be using a X-Auth IPsec VPN.
Use this dump as a research tool and not as a way to learn the answers by hard and you will sucseed :)
Questions are 100 % valid but most of the answers are wrong.
FAILED
9 The correct one is B.
33 Answer is C, firewall ready the rules from top to Bottom - there is any override the pbf rule 3.
34 - BDE are correct.... A is wrong protocol decoding resides on software Arch not on the Dataplane.
what options can be selected inside pcap?
Ingress, source, and destination... You just use Rule ID for application capture, not inside the PCAP.
The Pierre dump is valid! Use the Premium file more. The examcollection premium file has everything from Pierre and the newer questions. Both of those dumps should get you a pass on this test.
Can anyone pass exam recently? Please let us know correct answers.. I think dumps answers not valid!!
RE: minit55
9 A (people have input why this is not correct ) ??
The fact firewall did not reboot is irrelevant. There are quite few other reasons for failover to happen, ie Data plane crash / restart, monitored path failure jsut to name a few. Only way to be sure is to check the logs. B is definitely correct.
Take exam in 3 weeks... Any suggestions on how to prepare for the exam apart from dumps..??
Text books.. pdfs.. Lab setup.. Anything will help. Thanks a lot.
Still valid in Mexico,i took the exam Dic 2/16
hi Miserable, can you please share the new questions? which date u sat for the exam?
Is there any update from anyone?
Failed the exam last week. There were new questions regarding Qos, Licensing, debugs and Dynamic Protocols.
dumps valid as of 2016 Dec 03.
still good
@minit55, yes i´ve pass the exam 17/Nov
The exam has 60 ques but this link has 40..How do people pass then?
Also I can't open the simulator in demo version. Any help?
Guys pls don't have any doubts and take ur exam. I also had same doubts and waiting for someone to be confirmed. I took risk and am pass now. Pls follow mr a and my answer and pls get passed
Q 28 has to be D, you cannot use custom app-idd WITHOUT a signature.. the signature is the match criteria
Exam is vlaid. No need to worry and please take exam asap. Mr A answers are vlaid except below 2 questions.
16. A
31:B
32:B - post rules
33 :B
34:BDE
@TMCR you went for test today and passed ( 17-11-2016) ????????
@minit55
Thanks for the info. Please let us know your answer after you took the exam..
Exam is valid with Mr.A corrections except for the Question 20. My answer was QOS statistics.
Question 33 my answer was 172.20.20.1.
@User1, a combination. i looked at the failed parts from the test center score report, and i looked at the questions regarding these areas, and i then researched the answers further. Some of the answers a written stupid. App-id one Q28 it seems like it should be answer A but since it says WITHOUT a signature it has to be option D ( it is just very superficial described). Several of the answers of Pierre are correct but you have to combine pierre and Mr.As answers, and i even think some of Mr.As answers are wrong. EX. Q 31. i do not think that the tab would be missing from Monitor except if you have removed it or you do not have permission. Its not like it pops up at the first entry ?? ( my thought but not 100% sure). Q 16 is A. SO i combined my own, Mr.A ( which have alot of good corrections), and Pierres.
Hi Minit55,
Did you used the answers from MR. A or just follow the answer from Pierre?
i agree with John on Q 8
Hi All these will be my answers friday
Please correct me if im wrong, but give me the reason why you think the answer should be different
1 A
2 AC
3 BE
4 D
5 C
6 C
7 BCF
8 C
9 A (people have input why this is not correct ) ??
10 BD
11 C
12 ABF
13 A
14 A
15 D
16 A
17 C
18 BCF
19 BD
20 A
21 D
22 BE
23 CD
24 A
25 CD
26 A
27 A
28 D
29 C
30 D
31 B (I was thinking that the menu would still be there even though no entrys is there, so D is wrong, is should be wrong also since only advanced wildfire REQUIRES a licens)
32 B
33 C
34 BDE
35 ABE
36 BEF
37 A
38 A
39 D
40 B
41 B
42 A
43 B
44 AD (does anyone have a different answer and why ??)
45 D
46 C
47 BC
48 ACE
49 D
50 D
51 CD (Can anyone confirm ? the A is also right) ??
i failed this test twice now. The acyual test is 60 Q.
I will go for last try this friday.
I can maybe provide the full test but it has alot of wrong answers. Most of them i have investigated and i feel sure i will pass this 3 time ^^ it sux.. i have never failed a test before hehe !
Who here knows how to edit VCE files ? ( i wanna change the wrong ansewrs to the right ones)
HI ALL,
Can you tell me how many question are there in the exam and because in the vce file there are total 51 Questions only available. so remaining Questions where. Please tell me soon as possible.
Congratulation,
Please confirm are the above answers from the real exam or from the Testking Pierre?
Thank you very much
Hello Can some one please share These questions
Just passed the exam I followed the answers of MR.A for 95% question. One more question was
Q. what options can be selected inside pcap?
A. Ingress interface.
B. Engress Interface.
C. Source Ip
D. Dest Ip
E. Rule ID.
Ans. C,D and E.
Another question was regarding the natting which was like a server is placed in Trust L3 zone with a public and private ip i don't remember the whole question.
The answers I gave were
A. put untrust L3 zone as source and Trust l3 as destination.
B. Destination IP 10.38.x.x
2 more new questions I don't remember them I apologize. But these answers are just enough to pass
I passed the PCNSE7 Exam. Thanks Mr.A and DimensionData for your efforts. I have used answer given by Mr.A and additonal question given by DimensionData. Dumps are still valid.
Question 14 the correct answer is A, proxy-id's are exchanged in P2 and not in P1. What is misleading is the following PA article which mentions proxy id's regarding this error message (https://live.paloaltonetworks.com/t5/Configuration-Articles/IPSec-Error-IKE-Phase-1-Negotiation-is-Failed-as-Initiator-Main/ta-p/59532). However the following article (https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Troubleshoot-IPSec-VPN-connectivity-issues/ta-p/59187) explains proxy-id's are exchanged in P2, since there is a timeout and not a mismatch error (for instance regarding PSK) this should be due to a mismatch in IP addresses.
Question 8 should be C (https://live.paloaltonetworks.com/t5/Learning-Articles/Differences-between-DoS-Protection-and-Zone-Protection/ta-p/57761)
Classified DoS protection profiles are related to a single source ip.
I have a dumb question to ask that inside the vce the questions shuffled so how people are so sure that answers are in the right order or they prepare from some pdf?
Here are my answers
Sno. Answer
1 B
2 AC
3 BE
4 D
5 C
6 C
7 BCF
8 D
9 B
10 BD
11 C
12 ABF
13 A
14 B
15 D
16 A
17 C
18 BCF
19 BD
20 C
21 D
22 BE
23 CD
24 A
25 CD
26 A
27 A
28 A
29 C
30 D
31 A
32 B
33 Destination gateway of PBF1(B)
34 BDE
35 ABE
36 BEF
37 A
38 A
39 D
40 B
41 B
42 A
43 B
44 BD
45 D
46 C
47 BC
48 ACE
49 D
50 D
51 CD
New Questions as below
Question: 1
A host attached to Ethernet 1/4 cannot ping the default gateway. The widget on the dashboard shows Ethernet 1/1 and Ethernet 1/4 to be green. The IP address of Ethernet 1/1 is 192.168.1.7 and the IP address of Ethernet 1/4 is 10.1.1.7. The default gateway is attached to Ethernet 1/1. A default route is properly configured.
What can be the cause of this problem?
A. No Zone has been configured on Ethernet 1/4.
B. Interface Ethernet 1/1 is in Virtual Wire Mode.
C. DNS has not been properly configured on the firewall.
D. DNS has not been properly configured on the host.
Answer: A
Question: 2
Site-A and Site-B have a site-to-site VPN set up between them. OSPF is configured to dynamically create the routes between the sites. The OSPF configuration in Site-A is configured properly, but the route for the tunner is not being established. The Site-B interfaces in the graphic are using a broadcast Link Type. The administrator has determined that the OSPF configuration in Site-B is using the wrong Link Type for one of its interfaces.
Which Link Type setting will correct the error?
A. Set tunnel. 1 to p2p
B. Set tunnel. 1 to p2mp
C. Set Ethernet 1/1 to p2mp
D. Set Ethernet 1/1 to p2p
Answer: A
Question: 3
Given the following table.
Which configuration change on the firewall would cause it to use 10.66.24.88 as the next hop for the 192.168.93.0/30 network?
A. Configuring the administrative Distance for RIP to be lower than that of OSPF Int.
B. Configuring the metric for RIP to be higher than that of OSPF Int.
C. Configuring the administrative Distance for RIP to be higher than that of OSPF Ext.
D. Configuring the metric for RIP to be lower than that OSPF Ext.
Answer: A
Question: 4
A VPN connection is set up between Site-A and Site-B, but no traffic is passing in the system log of Site-A, there is an event logged as like-nego-p1-fail-psk.
What action will bring the VPN up and allow traffic to start passing between the sites?
A. Change the Site-B IKE Gateway profile version to match Site-A,
B. Change the Site-A IKE Gateway profile exchange mode to aggressive mode.
C. Enable NAT Traversal on the Site-A IKE Gateway profile.
D. Change the pre-shared key of Site-B to match the pre-shared key of Site-A
Answer: D
Question: 5
A company is upgrading its existing Palo Alto Networks firewall from version 7.0.1 to 7.0.4.
Which three methods can the firewall administrator use to install PAN-OS 7.0.4 across the enterprise?( Choose three)
A. Download PAN-OS 7.0.4 files from the support site and install them on each firewall after manually uploading.
B. Download PAN-OS 7.0.4 to a USB drive and the firewall will automatically update after the USB drive is inserted in the firewall.
C. Push the PAN-OS 7.0.4 updates from the support site to install on each firewall.
D. Push the PAN-OS 7.0.4 update from one firewall to all of the other remaining after updating one firewall.
E. Download and install PAN-OS 7.0.4 directly on each firewall.
F. Download and push PAN-OS 7.0.4 from Panorama to each firewall.
Answer: ADF
Question: 6
A logging infrastructure may need to handle more than 10,000 logs per second.
Which two options support a dedicated log collector function? (Choose two)
A. Panorama virtual appliance on ESX(i) only
B. M-500
C. M-100 with Panorama installed
D. M-100
Answer: B,D
Failed today, exam questions are valid some answers even having reviewed were not. Will someone please put the updated key, who has passed, please
i pass exam yesterday the new q
Question: 1
A host attached to Ethernet 1/4 cannot ping the default gateway. The widget on the dashboard shows Ethernet 1/1 and Ethernet 1/4 to be green. The IP address of Ethernet 1/1 is 192.168.1.7 and the IP address of Ethernet 1/4 is 10.1.1.7. The default gateway is attached to Ethernet 1/1. A default route is properly configured.
What can be the cause of this problem?
A. No Zone has been configured on Ethernet 1/4.
B. Interface Ethernet 1/1 is in Virtual Wire Mode.
C. DNS has not been properly configured on the firewall.
D. DNS has not been properly configured on the host.
Answer: A
Question: 2
Site-A and Site-B have a site-to-site VPN set up between them. OSPF is configured to dynamically create the routes between the sites. The OSPF configuration in Site-A is configured properly, but the route for the tunner is not being established. The Site-B interfaces in the graphic are using a broadcast Link Type. The administrator has determined that the OSPF configuration in Site-B is using the wrong Link Type for one of its interfaces.
Which Link Type setting will correct the error?
A. Set tunnel. 1 to p2p
B. Set tunnel. 1 to p2mp
C. Set Ethernet 1/1 to p2mp
D. Set Ethernet 1/1 to p2p
Answer: A
Question: 3
Given the following table.
Which configuration change on the firewall would cause it to use 10.66.24.88 as the next hop for the 192.168.93.0/30 network?
A. Configuring the administrative Distance for RIP to be lower than that of OSPF Int.
B. Configuring the metric for RIP to be higher than that of OSPF Int.
C. Configuring the administrative Distance for RIP to be higher than that of OSPF Ext.
D. Configuring the metric for RIP to be lower than that OSPF Ext.
Answer: A
Question: 4
A VPN connection is set up between Site-A and Site-B, but no traffic is passing in the system log of Site-A, there is an event logged as like-nego-p1-fail-psk.
What action will bring the VPN up and allow traffic to start passing between the sites?
A. Change the Site-B IKE Gateway profile version to match Site-A,
B. Change the Site-A IKE Gateway profile exchange mode to aggressive mode.
C. Enable NAT Traversal on the Site-A IKE Gateway profile.
D. Change the pre-shared key of Site-B to match the pre-shared key of Site-A
Answer: D
Question: 5
A company is upgrading its existing Palo Alto Networks firewall from version 7.0.1 to 7.0.4.
Which three methods can the firewall administrator use to install PAN-OS 7.0.4 across the enterprise?( Choose three)
A. Download PAN-OS 7.0.4 files from the support site and install them on each firewall after manually uploading.
B. Download PAN-OS 7.0.4 to a USB drive and the firewall will automatically update after the USB drive is inserted in the firewall.
C. Push the PAN-OS 7.0.4 updates from the support site to install on each firewall.
D. Push the PAN-OS 7.0.4 update from one firewall to all of the other remaining after updating one firewall.
E. Download and install PAN-OS 7.0.4 directly on each firewall.
F. Download and push PAN-OS 7.0.4 from Panorama to each firewall.
Answer: ADF
Question: 6
A logging infrastructure may need to handle more than 10,000 logs per second.
Which two options support a dedicated log collector function? (Choose two)
A. Panorama virtual appliance on ESX(i) only
B. M-500
C. M-100 with Panorama installed
D. M-100
Answer: B,D
Anybody take this exam recently. still valid?
passed exam yesterday, questions are valid almost 95% of my answers is the same as Mr. A , some tricky questions , the new questions from 10 to 12 in the exam, you have to study will routing and natting, the routing question of R and AOi come ina different way, it asks how can you change the nexthop of the route which means you have to change metrics of RIP to be lower than the OSPF.
Good luck aand thank you all for help
Mr A, what about the last 9 questions ? Any help there or anyone else, or someone who passed with correct answers. Would help validate ours. Much appreciated. Did not do well on the first round
Are this dump still valid or not I will take PCNSE 7 exam next Wednesday.
Thanks in advance
I appeared in the exam yesterday and followed the same answers as by Mr. A but failed I dont know what was the issue.
@ Benny
What abou other 10 questions
passed pcnse7.
this dump is valid and answers of Mr.A was mine too
To 007
You said you passed the exam on the weekend and all 60 questions came but 'BeCareful' from Canada took the test, got the same questions but did not pass.
007, do you remember if you wrote the same answers for the same questions and if so, can u give the answers you provided to the 60 questions since you passed and BeCareful didn't.. ?
@ 007
How did you prepared remaining 9 questions?
Yes. Its was PCNSE7 Exam 60 Q&A.
Answer's are incorrect.
Just took the test, used all answeres provided, and failed.
Questions are all valid, answers are incorrect.
007 - Are you sure this was for the PCNSE7 exam or was it PCNSE6? Some of these same questions were on the PCNSE6 exam.
I am assuming the 60 questions you are referring too came from the premium vce file as Mr. A only commented on 51 questions. Is that true also?
Passed the exam on weekend all 60 question came.
Thanks all.
Hi Mr. A
please let us know other 9 questions + answers as well.
Thank you,
@ Mr. A
Please confirm what about remaining 9 questions?
@rohan there are 60q in exam.
hi Mr. A
but how many questions 60 or 51 ?
if 60 then what about 9 question ?
I passed this exam last week.
These questions are valid.
Below are the answers I gave.
1: B
2: AC
3: BE
4: D
5: C
6: C
7: BCF
8: C
9: B
10: BD
11: C
12: ABF
13: A
14: A (I can debate on this ;-) )
15: D
16: D (I know this is wrong since there is no client software for Linux) X-Auth is a configuration option on the firewall.
17: C (we definitely need DNS App-ID)
18: BCF
19: BD
20: A
21: D
22: BE
23: CD
24: A
25: CD (BrightCloud is not maintained by Palo but Webroot)
26: A
27: A
28: D
29: C
30: D
31: D (not sure, but I answered this)
32: B
33: C
34: ADE (was confused between A & B, went with A)
35: ABE
36: BEF
37: A
38: A
39: D
40: B
41: B
42: A
43: B
44: AD
45: D
46: C
47: BC
48: ACE
49: D
50: D
51: CD
It appears that there are many incorrect answers in this file as well.
Add Comments