PCNSE V7

An engineer troubleshooting a VPN issue needs to manually initiate a VPN tunnel from the CLI. Which CLI command can the engineer use?A . test vpn flow B. test vpn Ike―sa C. test vpn tunnel D. test vpn gatewayView AnswerAnswer: C

A bootstrap USB flash drive has been prepared using a Windows workstation to load the initial configuration of a Palo Alto Networks firewall that was previously being used in a lab. The USB flash drive was formatted using file system FAT32 and the initial configuration is stored in a file...

What happens when an A/P firewall cluster synchronizes IPsec tunnel security associations (SAs)?A . Phase 1 and Phase 2 SAs are synchronized over HA3 links. B. Phase 1 SAs are synchronized over HA1 links. C. Phase 2 SAs are synchronized over HA2 links. D. Phase 1 and Phase 2 SAs...

An engineer must configure the Decryption Broker feature Which Decryption Broker security chain supports bi-directional traffic flow?A . Layer 2 security chain B. Layer 3 security chain C. Transparent Bridge security chain D. Transparent Proxy security chainView AnswerAnswer: B Explanation: Together, the primary and secondary interfaces form a pair of...

DRAG DROP An engineer is troubleshooting traffic routing through the virtual router. The firewall uses multiple routing protocols, and the engineer is trying to determine routing priority Match the default Administrative Distances for each routing protocol. View AnswerAnswer: Explanation: ✑ Static ―Range is 10-240; default is 10. ✑ OSPF Internal...

Which configuration task is best for reducing load on the management plane?A . Disable logging on the default deny rule B. Enable session logging at start C. Disable pre-defined reports D. Set the URL filtering action to send alertsView AnswerAnswer: A

When planning to configure SSL Froward Proxy on a PA 5260, a user asks how SSL decryption can be implemented using phased approach in alignment with Palo Alto Networks best practices What should you recommend?A . Enable SSL decryption for known malicious source IP addresses B. Enable SSL decryption for...

An administrator has configured a pair of firewalls using high availability in Active/Passive mode. Path Monitoring has been enabled with a Failure Condition of "any." A path group is configured with Failure Condition of "all" and contains a destination IP of 8.8.8.8 and 4.2.2.2 with a Ping Interval of 500ms...

An engineer configures SSL decryption in order to have more visibility to the internal users' traffic when it is regressing the firewall. Which three types of interfaces support SSL Forward Proxy? (Choose three.)A . High availability (HA) B. Layer 2 C. Virtual Wire D. Tap E. Layer 3View AnswerAnswer: B,C,E

A network security administrator wants to enable Packet-Based Attack Protection in a Zone Protection profile. What are two valid ways to enable Packet-Based Attack Protection? (Choose two.)A . ICMP Drop B. TCP Drop C. TCP Port Scan Block D. SYN Random Early DropView AnswerAnswer: A,D