Act now and download your Paloalto Networks PCNSE6 test today! Do not waste time for the worthless Paloalto Networks PCNSE6 tutorials. Download Most up-to-date Paloalto Networks Palo Alto Networks Certified Network Security Engineer 6.0 exam with real questions and answers and begin to learn Paloalto Networks PCNSE6 with a classic professional.
2021 Oct PCNSE6 exam question
Q51. Enabling "Highlight Unsused Rules" in the Security policy window will:
A. Hightlight all rules that did not immmediately match traffic.
B. Hightlight all rules that did not match traffic since the rule was created or since last reboot of the firewall
C. Allows the administrator to troubleshoot rules when a validation error occurs at the time of commit.
D. Allow the administrator to temporarily disable rules that do not match traffic, for testing purposes
Answer: B
Q52. When employing the Brightcloud URL filtering database on the Palo Alto Networks firewalls, the order of checking within a profile is:
A. Block List, Allow List, Custom Categories, Cache Files, Predefined Categories, Dynamic URL Filtering
B. Block List, Allow List, Cache Files, Custom Categories, Predefined Categories, Dynamic URL Filtering
C. Dynamic URL Filtering, Block List, Allow List, Cache Files, Custom Categories, Predefined Categories
D. None of the above
Answer: A
Q53. Taking into account only the information in the screenshot above, answer the following question. Which applications will be allowed on their standard ports? (Select all correct answers.)
A. BitTorrent
B. Gnutella
C. Skype
D. SSH
Answer: A,D
Q54. Users can be authenticated serially to multiple authentication servers by configuring:
A. Multiple RADIUS Servers sharing a VSA configuration
B. Authentication Sequence
C. Authentication Profile
D. A custom Administrator Profile
Answer: B
Q55. Both SSL decryption and SSH decryption are disabled by default.
A. True
B. False
Answer: A
Renovate PCNSE6 training:
Q56. Which of the following would be a reason to use an XML API to communicate with a Palo Alto Networks firewall?
A. So that information can be pulled from other network resources for User-ID
B. To allow the firewall to push UserID information to a Network Access Control (NAC) device.
C. To permit sys logging of User Identification events
Answer: B
Q57. A company wants to run their pair of PA-200 firewalls in a High Availability Active/Passive configuration and will be using HA-Lite.
Which capability can be used in this situation?
A. Configuration Sync
B. Link Aggregation
C. Session Sync
D. Jumbo Frames
Answer: A
Explanation:
Reference: https://live.paloaltonetworks.com/docs/DOC-3091
Q58. Which fields can be altered in the default Vulnerability Protection Profile? A. Category
B. Severity
C. None
Answer: C
Q59. In the following display, ethernetl/6 is configured with an interface management profile that allows ping with no restriction on the source address:
Given the following security policy rule base:
What is the result of a ping sent from an address on the Trust-L3 zone to the IP address of ethernet1/6?
A. The firewall will send an ICMP redirect message to the client.
B. The client will receive an ICMP "destination unreachable" packet.
C. The interface will respond.
D. The traffic will be dropped by the firewall.
Answer: D
Q60. Traffic going to a public IP address is being translated by your PANW firewall to your web server's private IP. Which IP should the Security Policy use as the "Destination IP" in order to allow traffic to the server.
A. The server’s public IP
B. The firewall’s gateway IP
C. The server’s private IP
D. The firewall’s MGT IP
Answer: A