Tuesday, February 11, 2020

Palo Alto Networks PCNSE7 Questions Answers

Company.com has an in-house application that the Palo Alto Networks device doesn't identify correctly. A Threat Management Team member has mentioned that this in-house application is very sensitive and all traffic being identified needs to be inspected by the Content-ID engine.
Which method should company.com use to immediately address this traffic on a Palo Alto Networks device?


A. Create a custom Application without signatures, then create an Application Override policy that includes the source, Destination, Destination Port/Protocol and Custom Application of the traffic.
B. Wait until an official Application signature is provided from Palo Alto Networks.
C. Modify the session timer settings on the closest referanced application to meet the needs of the in-house application
D. Create a Custom Application with signatures matching unique identifiers of the in-house application traffic

Answer: D

Tuesday, October 1, 2019

Palo Alto Networks PCNSE7 Questions Answers

The web server is configured to listen for HTTP traffic on port 8080. The clients access the web server using the IP address 1.1.1.100 on TCP Port 80. The destination NAT rule is configured to translate both IP address and report to 10.1.1.100 on TCP Port 8080.


Which NAT and security rules must be configured on the firewall? (Choose two)

A. A security policy with a source of any from untrust-I3 Zone to a destination of 10.1.1.100 in dmz-I3 zone using web-browsing application
B. A NAT rule with a source of any from untrust-I3 zone to a destination of 10.1.1.100 in dmz-zone using service-http service.
C. A NAT rule with a source of any from untrust-I3 zone to a destination of 1.1.1.100 in untrust-I3 zone using service-http service.
D. A security policy with a source of any from untrust-I3 zone to a destination of 1.1.100 in
dmz-I3 zone using web-browsing application.

Answer: B,D

Thursday, December 27, 2018

Palo Alto Networks PCNSE7 Questions Answers

A network design calls for a "router on a stick" implementation with a PA-5060 performing inter-VLAN routing All VLAN-tagged traffic will be forwarded to the PA-5060 through a single dot1q trunk interface Which interface type and configuration setting will support this design?

A. Trunk interface type with specified tag
B. Layer 3 interface type with specified tag
C. Layer 2 interface type with a VLAN assigned
D. Layer 3 subinterface type with specified tag

Answer: D



Which three function are found on the dataplane of a PA-5050? (Choose three)

A. Protocol Decoder
B. Dynamic routing
C. Management
D. Network Processing
E. Signature Match

Answer: B,D,E

Monday, August 6, 2018

Palo Alto Networks PCNSE7 Question Answer

A network security engineer needs to configure a virtual router using IPv6 addresses.
Which two routing options support these addresses? (Choose two)


A. BGP not sure
B. OSPFv3
C. RIP
D. Static Route

Answer: B,D


A VPN connection is set up between Site-A and Site-B, but no traffic is passing in the system log of Site-A, there is an event logged as like-nego-p1-fail-psk.
What action will bring the VPN up and allow traffic to start passing between the sites?


A. Change the Site-B IKE Gateway profile version to match Site-A,
B. Change the Site-A IKE Gateway profile exchange mode to aggressive mode.
C. Enable NAT Traversal on the Site-A IKE Gateway profile.
D. Change the pre-shared key of Site-B to match the pre-shared key of Site-A

Answer: D

Monday, February 26, 2018

Palo Alto Networks PCNSE7 Question Answer

Which three log-forwarding destinations require a server profile to be configured? (Choose three)

A. SNMP Trap
B. Email
C. RADIUS
D. Kerberos
E. Panorama
F. Syslog

Answer: A,B,F


A network administrator uses Panorama to push security polices to managed firewalls at branch offices. Which policy type should be configured on Panorama if the administrators at the branch office sites to override these products?

A. Pre Rules
B. Post Rules
C. Explicit Rules
D. Implicit Rules

Answer: A

Tuesday, December 26, 2017

Palo Alto Networks Avoids Disclosing Diversity Data Despite Shareholder Vote


Palo Alto Networks does not really want to share the demographics of your workplace.

When an investment firm asked the cybersecurity company to reveal its diversity numbers, Palo Alto Networks, which has 11 men and one woman on its management team, refused.

When the investment firm, Trillium Asset Management, put it to a vote of the shareholders, the board of Palo Alto Networks, consisting of 10 men and one woman, officially opposed.

Then, earlier this month, the shareholders of the technology company voted. There were more than 30 million votes in favor of disclosure and just over 29 million votes against. It was a large majority for a shareholder resolution that faced opposition from the company.

But Palo Alto Networks did not see it that way. By counting almost two million abstentions as votes against the proposal, the technology company proclaimed that the resolution failed, with 49 percent in favor.

Palo Alto Networks did not respond to requests for comment. Susan Baker, vice president of shareholder protection for Trillium, described the company's short-sighted approach.

"The shareholders of Palo Alto Networks sent a strong message," he said. "It's time to stop making excuses."

Technology companies face the pressure to reveal the race and gender breakdown of their employees as a way to account for diversity efforts. All companies with 100 or more employees already provide the data to the government each year in what is called an EEO-1 report.

This year, Reveal of The Center for Investigative Reporting surveyed 211 of the leading technology companies in Silicon Valley, asking them to provide their EEO-1 reports. Only 23 released them.

Members of Congress, such as Representative Ro Khanna, whose district covers Palo Alto Networks headquarters, have asked technology companies to share the numbers.

Institutional Shareholder Services, which provides research and advice on shareholder resolutions to large investors, recommended an affirmative vote to Palo Alto Networks diversity proposal.

In an analysis provided to clients, the consulting firm wrote that Palo Alto Networks "does not provide information on any board or management-level oversight of its diversity and inclusion practices." Diversity, according to the analysis, "can have a positive effect on long-term value creation."

"Greater disclosure of the type requested in this proposal could be of value to shareholders without causing undue burden on the company, given the fact that the company already collects EEO-1 data that is requested," he said.

The California State Teachers Retirement System, which had 162,677 shares in Palo Alto Networks as of November 30, voted in favor of the diversity proposal.

The decision of Palo Alto Networks to count abstentions as votes against the resolution is a controversial practice. A 2013 survey found that 52 percent of companies in the Standard and Poor's 500 index accounted for abstentions in that way, while slightly less than 48 percent did not.

Major investors, such as the New York City pension funds and the California public employee retirement system, oppose the practice. The same goes for the California teachers' pension fund.

"We believe that abstentions should NOT be counted when calculating votes," a spokesperson for a teachers' pension fund wrote in an e-mail.

Friday, November 10, 2017

Palo Alto Networks PCNSE7 Question Answer

An Administrator is configuring an IPSec VPN toa Cisco ASA at the administrator's home and experiencing issues completing the connection. The following is th output from the command:
less mp-log ikemgr.log:


What could be the cause of this problem?

A. The public IP addresse do not match for both the Palo Alto Networks Firewall and the ASA.
B. The Proxy IDs on the Palo Alto Networks Firewall do not match the settings on the ASA.
C. The shared secerts do not match between the Palo Alto firewall and the ASA
D. The deed peer detection settings do not match between the Palo Alto Networks Firewall and the ASA

Answer: B