we provide Printable Paloalto Networks pcnse6 exam questions actual exam which are the best for clearing pcnse6 exam questions test, and to get certified by Paloalto Networks Palo Alto Networks Certified Network Security Engineer 6.0. The pcnse6 exam Questions & Answers covers all the knowledge points of the real pcnse6 exam dumps exam. Crack your Paloalto Networks pcnse6 pdf Exam with latest dumps, guaranteed!
2017 NEW RECOMMEND
Free VCE & PDF File for Paloalto Networks PCNSE6 Real Exam
Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions
Q81. Which best describes how Palo Alto Networks firewall rules are applied to a session?
A. last match applied
B. first match applied
C. all matches applied
D. most specific match applied
Q82. As the Palo Alto Networks administrator, you have enabled Application Block pages. Afterward, some users do not receive web-based feedback for all denied applications. Why would this be?
A. Some users are accessing the Palo Alto Networks firewall through a virtual system that does not have Application Block pages enabled.
B. Application Block Pages will only be displayed when Captive Portal is configured
C. Some Application ID's are set with a Session Timeout value that is too low.
D. Application Block Pages will only be displayed when users attempt to access a denied web-based application.
Q83. Which Public Key Infrastructure component is used to authenticate users for GlobalProtect when the Connect Method is set to "pre-logon"?
A. Certificate Revocation List
B. Trusted root certificate
C. Machine certificate
D. Online Certificate Status Protocol
Reference: https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/framemaker/60/globalprotect/Global_Protect_6.0.pdf page 12.
Q84. Which statement accurately reflects the functionality of using regions as objects in Security policies?
A. Predefined regions are provided for countries, not but not for cities. The administrator can set up custom regions, including latitude and longitude, to specify the geographic position of that particular region.
B. The administrator can set up custom regions, including latitude and longitude, to specify the geographic position of that particular region. These custom regions can be used in the "Source User" field of the Security Policies.
C. Regions cannot be used in the "Source User" field of the Security Policies, unless the administrator has set up custom regions.
D. The administrator can set up custom regions, including latitude and longitude, to specify the geographic position of that particular region. Both predefined regions and custom regions can be used in the "Source User" field.
Q85. Traffic going to a public IP address is being translated by your PANW firewall to your web server's private IP. Which IP should the Security Policy use as the "Destination IP" in order to allow traffic to the server.
A. The serverâs public IP
B. The firewallâs gateway IP
C. The serverâs private IP
D. The firewallâs MGT IP
Q86. In an Anti-Virus profile, changing the action to âBlockâ for IMAP or POP decoders will result in the following:
A. The connection from the server will be reset
B. The Anti-virus profile will behave as if âAlertâ had been specified for the action
C. The traffic will be dropped by the firewall
D. Error 541 being sent back to the server
Q87. A firewall administrator is troubleshooting problems with traffic passing through the Palo Alto Networks firewall.
Which method will show the global counters associated with the traffic after configuring the appropriate packet filters?
A. From the CLI, issue the show counter interface command for the egress interface.
B. From the GUI, select "Show global counters" under the Monitor tab.
C. From the CLI, issue the show counter global filter packet-filter yes command.
D. From the CLI, issue the show counter interface command for the ingress interface.
Q88. A hotel chain is using a system to centrally control a variety of items in guest rooms. The client devices in each guest room communicate to the central controller using TCP and frequently disconnect due to a premature timeouts when going through a Palo Alto Networks firewall.
Which action will address this issue without affecting all TCP traffic traversing the firewall?
A. Create a security policy without security profiles, allowing the client-to-server traffic.
B. Create an application override policy, assigning the client-to-server traffic to a custom application.
C. Create an application with a specified TCP timeout and assign traffic to it with an application override policy.
D. Create an application override policy, assigning the server-to-client traffic to a custom application.
Q89. A local/enterprise PKI system is required to deploy outbound forward proxy SSL decryption capabilities.
Q90. Taking into account only the information in the screenshot above, answer the following question. In order for ping traffic to traverse this device from e1/2 to e1/1, what else needs to be configured? Select all that apply.
A. Security policy from trust zone to Internet zone that allows ping
B. Create the appropriate routes in the default virtual router
C. Security policy from Internet zone to trust zone that allows ping
D. Create a Management profile that allows ping. Assign that management profile to e1/1 and e1/2