Exam PCNSE6

s@lm@n
Paloalto Networks
Exam PCNSE6
Palo Alto Networks Certified Network Security Engineer 6.0
Version: 6.1
[ Total Questions: 153 ]

Configuring a pair of devices into an Active/Active HA pair provides support for:
A. Higher session count
B. Redundant Virtual Routers
C. Asymmetric routing environments
D. Lower fail-over times
Answer: B
As a Palo Alto Networks firewall administrator, you have made unwanted changes to the
Candidate configuration. These changes may be undone by Device > Setup >
Operations
>
Configuration Management>....and then what operation?
A. Revert to Running Configuration
B. Revert to last Saved Configuration
C. Load Configuration Version
D. Import Named Configuration Snapshot
Answer: A
A company has a Palo Alto Networks firewall with a single VSYS that has both locally
defined rules as well as shared and device-group rules pushed from Panorama.
In what order are the policies evaluated?
Question No : 1
Question No : 2
Question No : 3 HOTSPOT
Paloalto Networks PCNSE6 : Practice Test
A Composite Solution With Just One Click - Certification Guaranteed 2
Answer:
1
1
1
1
A company hosts a publicly-accessible web server behind their Palo Alto Networks
firewall,
with this configuration information:
Users outside the company are in the "Untrust-L3" zone.
The web server physically resides in the "Trust-L3" zone.

Web server public IP address: 1.1.1.1
Web server private IP address: 192.168.1.10
Which NAT Policy rule will allow users outside the company to access the web server?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: B
Wildfire may be used for identifying which of the following types of traffic?
A. URL content
B. DHCP
C. DNS
D. Viruses
Answer: D
Question No : 4
Question No : 5
In PAN-OS 5.0, how is Wildfire enabled?
A. Via the "Forward" and "Continue and Forward" File-Blocking actions
B. A custom file blocking action must be enabled for all PDF and PE type files
C. Wildfire is automatically enabled with a valid URL-Filtering license
D. Via the URL-Filtering "Continue" Action.
Answer: A
The IT department has received complaints about VoIP call jitter when the sales staff is
making or receiving calls. QoS is enabled on all firewall interfaces, but there is no QoS
policy written in the rulebase. The IT manager wants to find out what traffic is causing
the
jitter in real time when a user reports the jitter.
Which feature can be used to identify, in real-time, the applications taking up the most
bandwidth?
A. Application Command Center (ACC)
B. QoS Statistics
C. QoS Log
D. Applications Report
Answer: A
Reference: http://www.newnet66.org/Support/Resources/Using-The-ACC.pdf
Which two steps are required to make Microsoft Active Directory users appear in the
firewalls traffic log? Choose 2 answers
Question No : 6
Question No : 7
Question No : 8
A. Enable User-ID on the zone object for the source zone.
B. Enable User-ID on the zone object for the destination zone.

C. Configure a RADIUS server profile to point to a domain controller.
D. Run the User-ID Agent using an Active Directory account that has "domain
administrator" permissions.
E. Run the User-ID Agent using an Active Directory account that has "event log viewer"
permissions.
Answer: A,E
Administrative Alarms can be enabled for which of the following except?
A. Certificate Expirations
B. Security Violation Thresholds
C. Security Policy Tags
D. Traffic Log capacity
Answer: A
Where in the firewall GUI can an administrator see how many sessions of web-browsing
traffic have occurred in the last day?
A. Monitor->Session Browser
B. Monitor->App Scope->Summary
C. Objects->Applications->web-browsing
D. ACC->Application
Answer: D
Reference: http://www.newnet66.org/Support/Resources/Using-The-ACC.pdf
Question No : 9
Question No : 10
Question No : 11
Which of the following are accurate statements describing the HA3 link in an ActiveActive
HA deployment?
A. HA3 is used for session synchronization
B. The HA3 link is used to transfer Layer 7 information
C. HA3 is used to handle asymmetric routing
D. HA3 is the control link
Answer: A
Which of the following would be a reason to use an XML API to communicate with a
Palo
Alto Networks firewall?
A. So that information can be pulled from other network resources for User-ID
B. To allow the firewall to push UserID information to a Network Access Control (NAC)
device.
C. To permit sys logging of User Identification events
Answer: B
When Network Address Translation has been performed on traffic, Destination Zones in
Security rules should be based on:
A. Post-NAT addresses
B. The same zones used in the NAT rules
C. Pre-NAT addresses
D. None of the above
Answer: A
Two firewalls are configured in an Active/Passive High Availability (HA) pair with the
Question No : 12
Question No : 13
Question No : 14
following election settings:
Firewall 5050-B is presently in the "Active" state and 5050-A is presently in the
"Passive"
state. Firewall 5050-B reboots causing 5050-A to become Active.
Which firewall will be in the "Active" state after firewall 5050-B has completed its reboot
and
is back online?
A. Both firewalls are active (split brain)
B. Firewall 5050-B
C. Firewall 5050-A
D. It could be either firewall
Answer: B
Reference: https://live.paloaltonetworks.com/docs/DOC-2926
Which three engines are built into the Single-Pass Parallel Processing Architecture?
Choose 3 answers
A. Application Identification (App-ID)
B. Group Identification (Group-ID)
C. User Identification (User-ID)
D. Threat Identification (Threat-ID)
E. Content Identification (Content-ID)
Answer: A,C,E
Reference: https://www.paloaltonetworks.com/content/dam/paloaltonetworkscom/
en_US/assets/pdf/white-papers/single-pass-parallel-processing-architecture.pdf page
5
Question No : 15
In an Anti-Virus profile, changing the action to Block for IMAP or POP decoders will
result
in the following:
A. The connection from the server will be reset
B. The Anti-virus profile will behave as if Alert had been specified for the action
C. The traffic will be dropped by the firewall
D. Error 541 being sent back to the server
Answer: B
Subsequent to the installation of new licenses, the firewall must be rebooted
A. True
B. False
Answer: B
When setting up GlobalProtect, what is the job of the GlobalProtect Portal? Select the
best
answer
A. To maintain the list of remote GlobalProtect Portals and list of categories for checking
the client machine
B. To maintain the list of GlobalProtect Gateways and list of categories for checking the
client machine
C. To load balance GlobalProtect client connections to GlobalProtect Gateways
D. None of the above
Answer: B
Question No : 16
Question No : 17
Question No : 18
Can multiple administrator accounts be configured on a single firewall?
A. Yes
B. No
Answer: A
Taking into account only the information in the screenshot above, answer the following
question. In order for ping traffic to traverse this device from e1/2 to e1/1, what else
needs
to be configured? Select all that apply.
A. Security policy from trust zone to Internet zone that allows ping
B. Create the appropriate routes in the default virtual router
C. Security policy from Internet zone to trust zone that allows ping
D. Create a Management profile that allows ping. Assign that management profile to
e1/1
and e1/2
Answer: A,D
A firewall administrator is troubleshooting problems with traffic passing through the Palo
Alto Networks firewall.
Question No : 19
Question No : 20
Question No : 21
Which method will show the global counters associated with the traffic after configuring
the
appropriate packet filters?
A. From the CLI, issue the show counter interface command for the egress interface.
B. From the GUI, select "Show global counters" under the Monitor tab.
C. From the CLI, issue the show counter global filter packet-filter yes command.
D. From the CLI, issue the show counter interface command for the ingress interface.
Answer: C
Which feature can be configured with an IPv6 address?
A. Static Route
B. RIPv2
C. DHCP Server
D. BGP
Answer: A
When creating an application filter, which of the following is true?
A. They are used by malware
B. Excessive bandwidth may be used as a filter match criteria
C. They are called dynamic because they automatically adapt to new IP addresses
D. They are called dynamic because they will automatically include new applications
from
an application signature update if the new application's type is included in the filter
Answer: D
Question No : 22
Question No : 23
Which statement accurately reflects the functionality of using regions as objects in
Security
policies?
A. Predefined regions are provided for countries, not but not for cities. The administrator
can set up custom regions, including latitude and longitude, to specify the geographic
position of that particular region.
B. The administrator can set up custom regions, including latitude and longitude, to
specify
the geographic position of that particular region. These custom regions can be used in
the
"Source User" field of the Security Policies.
C. Regions cannot be used in the "Source User" field of the Security Policies, unless the
administrator has set up custom regions.
D. The administrator can set up custom regions, including latitude and longitude, to
specify
the geographic position of that particular region. Both predefined regions and custom
regions can be used in the "Source User" field.
Answer: A
In Active/Active HA environments, redundancy for the HA3 interface can be achieved by
A. Configuring a corresponding HA4 interface
B. Configuring HA3 as an Aggregate Ethernet bundle
C. Configuring multiple HA3 interfaces
D. Configuring HA3 in a redundant group
Answer: B
A Palo Alto Networks firewall has the following interface configuration;
Question No : 24
Question No : 25
Question No : 26
Hosts are directly connected on the following interfaces:
Ethernet 1/6 - Host IP 192.168.62.2
Ethernet 1/3 - Host IP 10.46.40.63
The security administrator is investigating why ICMP traffic between the hosts is not
working.
She first ensures that ail traffic is allowed between zones based on the following
security
policy rule:
The routing table of the firewall shows the following output:
Which interface configuration change should be applied to ethernet1/6 to allow the two
hosts to communicate based on this information?
A. Change the Management Profile.
B. Change the security policy to explicitly allow ICMP on this interface.
C. Change the configured zone to DMZ.
D. Change the Virtual Router setting to VR1.
Answer: D
What can cause missing SSL packets when performing a packet capture on data plane
interfaces?
A. There is a hardware problem with the offloading FPGA on the management plane.
B. The missing packets are offloaded to the management plane CPU.
C. The packets are hardware offloaded to the offload processor on the data plane.
D. The packets are not captured because they are encrypted.
Answer: C
Which three processor types are found on the data plane of a PA-5050? Choose 3
answers
A. Multi-Core Security Processor
B. Signature Match Processor
C. Network Processor
D. Protocol Decoder Processor
E. Management Processor
Answer: A,B,C
Reference: https://www.paloaltonetworks.com/content/dam/paloaltonetworkscom/
en_US/assets/pdf/white-papers/single-pass-parallel-processing-architecture.pdf page
8
What happens at the point of Threat Prevention license expiration?
A. Threat Prevention no longer updated; existing database still effective
B. Threat Prevention is no longer used; applicable traffic is allowed
C. Threat Prevention no longer used; applicable traffic is blocked

Exam PCNSE6

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Exam PCNSE6

Uploaded by

Copyright:

Available Formats

s@lm@n

[ Total Questions: 153 ]

The web server physically resides in the "Trust-L3" zone.

B. Enable User-ID on the zone object for the destination zone.

You might also like