PCNSE6 bundle(91 to 105) for IT learners: Apr 2016 Edition

PCNSE6 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library!


Exam Code: PCNSE6 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Palo Alto Networks Certified Network Security Engineer 6.0
Certification Provider: Paloalto Networks
Free Today! Guaranteed Training- Pass PCNSE6 Exam.

2016 Apr PCNSE6 Study Guide Questions:

Q91. When Network Address Translation has been performed on traffic, Destination Zones in Security rules should be based on: 

A. Post-NAT addresses 

B. The same zones used in the NAT rules 

C. Pre-NAT addresses 

D. None of the above 

Answer: A 

Q92. To properly configure DOS protection to limit the number of sessions individually from specific source IPs you would configure a DOS Protection rule with the following characteristics: 

A. Action: Protect, Classified Profile with "Resources Protection" configured, and Classified Address with "source-ip-only" configured 

B. Action: Deny, Aggregate Profile with "Resources Protection" configured 

C. Action: Protect, Aggregate Profile with "Resources Protection" configured 

D. Action: Deny, Classified Profile with "Resources Protection" configured, and Classified Address with "source-ip-only" configured 

Answer: A 

Q93. Which authentication method can provide role-based administrative access to firewalls running PAN-OS? 


B. Certificate-based authentication 

C. Kerberos 

D. RADIUS with Vendor Specific Attributes 

Answer: D 

Q94. Where can the maximum concurrent SSL VPN Tunnels be set for Vsys2 when provisioning a Palo Alto Networks firewall for multiple virtual systems? 

A. In the GUI under Network->Global Protect->Gateway->Vsys2 

B. In the GUI under Device->Setup->Session->Session Settings 

C. In the GUI under Device->Virtual Systems->Vsys2->Resource 

D. In the GUI under Network->Global Protect->Portal->Vsys2 

Answer: C 


Reference: https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/tech-briefs/virtual-systems.pdf page 6 

Q95. It is discovered that WebandNetTrends Unlimited’s new web server software produces traffic that the Palo Alto Networks firewall sees as "unknown-tcp" traffic. 

Which two configurations would identify the application while preserving the ability of the firewall to perform content and threat detection on the traffic? Choose 2 answers 

A. A custom application, with a name properly describing the new web server s purpose 

B. A custom application and an application override policy that assigns traffic going to and from the web server to the custom application 

C. An application override policy that assigns the new web server traffic to the built-in application "web-browsing" 

D. A custom application with content and threat detection enabled, which includes a signature, identifying the new web server s traffic 

Answer: A,B 

PCNSE6 exam

Most recent PCNSE6 exam:

Q96. Which of the following types of protection are available in DoS policy? 

A. Session Limit, SYN Flood, UDP Flood 

B. Session Limit, Port Scanning, Host Swapping, UDP Flood 

C. Session Limit, SYN Flood, Host Swapping, UDP Flood 

D. Session Limit, SYN Flood, Port Scanning, Host Swapping 

Answer: A 

Q97. As a Palo Alto Networks firewall administrator, you have made unwanted changes to the Candidate configuration. These changes may be undone by Device > Setup > Operations > 

Configuration Management>....and then what operation? 

A. Revert to Running Configuration 

B. Revert to last Saved Configuration 

C. Load Configuration Version 

D. Import Named Configuration Snapshot 

Answer: A 


Match the description of an application field with its name. 

Answer options may be used more than once or not at all. 


Q99. Which of the following interfaces types will have a MAC address? 

A. Layer 3 

B. Tap 

C. Vwire 

D. Layer 2 

Answer: D 

Q100. In PAN-OS 6.0, rule numbers were introduced. Rule Numbers are: 

A. Dynamic numbers that refer to a security policy’s order and are especially useful when filtering security policies by tags 

B. Numbers referring to when the security policy was created and do not have a bearing on the order of policy enforcement 

C. Static numbers that must be manually re-numbered whenever a new security policy is added 

Answer: A 

PCNSE6 practice

Exact PCNSE6 :

Q101. As the Palo Alto Networks administrator, you have enabled Application Block pages. Afterward, some users do not receive web-based feedback for all denied applications. Why would this be? 

A. Some users are accessing the Palo Alto Networks firewall through a virtual system that does not have Application Block pages enabled. 

B. Application Block Pages will only be displayed when Captive Portal is configured 

C. Some Application ID's are set with a Session Timeout value that is too low. 

D. Application Block Pages will only be displayed when users attempt to access a denied web-based application. 

Answer: D 

Q102. As the Palo Alto Networks administrator responsible for User Identification, you are looking for the simplest method of mapping network users that do not sign into LDAP. Which information source would allow reliable User ID mapping for these users, requiring the least amount of configuration? 

A. WMI Query 

B. Exchange CAS Security Logs 

C. Captive Portal 

D. Active Directory Security Logs 

Answer: C 

Q103. How can a Palo Alto Networks firewall be configured to send syslog messages in a format compatible with nonstandard syslog servers? 

A. Enable support for non-standard syslog messages under device management. 

B. Select a non-standard syslog server profile. 

C. Create a custom log format under the syslog server profile. 

D. Check the custom-format checkbox in the syslog server profile. 

Answer: C 


Reference: https://live.paloaltonetworks.com/docs/DOC-2021 Page 16 of PDF available there. 

Q104. Which two interface types provide support for network address translation (NAT)? Choose 2 answers 

A. HA 

B. Tap 

C. Layer3 

D. Virtual Wire 

E. Layer2 

Answer: C,D 


Reference: https://live.paloaltonetworks.com/servlet/JiveServlet/previewBody/1517-102-7-11647/Understanding_NAT-4.1-RevC.pdf 

Q105. With IKE, each device is identified to the other by a Peer ID. In most cases, this is just the public IP address of the device. In situations where the public ID is not static, this value can be replaced with a domain name or other text value 

A. True 

B. False 

Answer: A 

see more Palo Alto Networks Certified Network Security Engineer 6.0