| Exam Code/Number: | PCNSE7Join the discussion |
| Exam Name: | Palo Alto Networks Certified Network Security Engineer |
| Certification: | Palo Alto Networks |
| Question Number: | 177 |
| Publish Date: | Jun 14, 2026 |
|
Rating
100%
|
|
A network security engineer for a large company has just installed a PA-5060 Firewall to isolate the company's PCI environment from its production network. The company's engineers made configuration changes to the switches on both network segments, and connected them to the new firewall.
Soon after the cutover, however, users began to complain about latency and some servicers stopped communicating. There are no security policies that deny traffic between the two networks segments. You suspect that there is an interface misconfiguration on Ethernet 1/1.
Which two commands should be used to troubleshoot the issue? (Choose two)
Refer to the exhibit.
Which will be the egress interface if the traffic's ingress interface is ethernet 1/7 sourcing from 192.168.111.3 and to the destination 10.46.41.113?
A company hosts a publically accessible web server behind a Palo Alto Networks next generation firewall with the following configuration information.
*
Users outside the company are in the "Untrust-L3" zone
*
The web server physically resides in the "Trust-L3" zone.
*
Web server public IP address: 23.54.6.10
*
Web server private IP address: 192.168.1.10
Which two items must be NAT policy contain to allow users in the untrust-L3 zone to access the web server? (Choose two)
A client is deploying a pair of PA-5000 series firewalls using High Availability (HA) in Active/Passive mode. Which statement is true about this deployment?
