★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Exam Code: PCNSE6 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Palo Alto Networks Certified Network Security Engineer 6.0
Certification Provider: Paloalto Networks
Free Today! Guaranteed Training- Pass PCNSE6 Exam.
2016 Apr PCNSE6 Study Guide Questions:
Q76. When employing the BrightCloud URL filtering database in a Palo Alto Networks firewall, the order of evaluation within a profile is:
A. Block list, Custom Categories, Predefined categories, Dynamic URL filtering, Allow list, Cache files.
B. Block list, Allow list, Custom Categories, Cache files, Local URL DB file.
C. Block list, Custom Categories, Cache files, Predefined categories, Dynamic URL filtering, Allow list.
D. Dynamic URL filtering, Block list, Allow list, Cache files, Custom categories, Predefined categories.
Q77. As a Palo Alto Networks firewall administrator, you have made unwanted changes to the Candidate configuration. These changes may be undone by Device > Setup > Operations >
Configuration Management>....and then what operation?
A. Revert to Running Configuration
B. Revert to last Saved Configuration
C. Load Configuration Version
D. Import Named Configuration Snapshot
Q78. Which three processor types are found on the data plane of a PA-5050? Choose 3 answers
A. Multi-Core Security Processor
B. Signature Match Processor
C. Network Processor
D. Protocol Decoder Processor
E. Management Processor
Reference: https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/white-papers/single-pass-parallel-processing-architecture.pdf page 8
Q79. Administrative Alarms can be enabled for which of the following except?
A. Certificate Expirations
B. Security Violation Thresholds
C. Security Policy Tags
D. Traffic Log capacity
Q80. How can a Palo Alto Networks firewall be configured to send syslog messages in a format compatible with nonstandard syslog servers?
A. Enable support for non-standard syslog messages under device management.
B. Select a non-standard syslog server profile.
C. Create a custom log format under the syslog server profile.
D. Check the custom-format checkbox in the syslog server profile.
Reference: https://live.paloaltonetworks.com/docs/DOC-2021 Page 16 of PDF available there.
Avant-garde PCNSE6 exam cost:
Q81. When Network Address Translation has been performed on traffic, Destination Zones in Security rules should be based on:
A. Post-NAT addresses
B. The same zones used in the NAT rules
C. Pre-NAT addresses
D. None of the above
Q82. Wildfire may be used for identifying which of the following types of traffic?
D. URL Content
Q83. In order to route traffic between layer 3 interfaces on the PAN firewall you need:
C. Security Profile
D. Virtual Router
Q84. An Outbound SSL forward-proxy decryption rule cannot be created using which type of zone?
A. Virtual Wire
Q85. Which method is the most efficient for determining which administrator made a specific change to the running config?
A. In the Configuration log, set a filter for the edit command and look for the object that was changed.
B. In the System log, set a filter for the name of the object that was changed.
C. In Config Audit, compare the current running config to all of the saved configurations until the change is found.
D. In Config Audit, compare the current running config to previous committed versions until the change is found.
Precise PCNSE6 paper:
Q86. Which two interface types provide support for network address translation (NAT)? Choose 2 answers
D. Virtual Wire
Q87. Which of the following is NOT a valid option for built-in CLI access roles?
Q88. WildFire Analysis Reports are available for the following Operating Systems (select all that apply)
A. Windows XP
B. Windows 7
C. Windows 8
D. Mac OS-X
Q89. What are the benefits gained when the "Enable Passive DNS Monitoring" checkbox is chosen on the firewall? (Select all correct answers.)
A. Improved DNSbased C&C signatures.
B. Improved PANDB malware detection.
C. Improved BrightCloud malware detection.
D. Improved malware detection in WildFire.
Q90. It is discovered that WebandNetTrends Unlimited’s new web server software produces traffic that the Palo Alto Networks firewall sees as "unknown-tcp" traffic.
Which two configurations would identify the application while preserving the ability of the firewall to perform content and threat detection on the traffic? Choose 2 answers
A. A custom application, with a name properly describing the new web server s purpose
B. A custom application and an application override policy that assigns traffic going to and from the web server to the custom application
C. An application override policy that assigns the new web server traffic to the built-in application "web-browsing"
D. A custom application with content and threat detection enabled, which includes a signature, identifying the new web server s traffic
see more Palo Alto Networks Certified Network Security Engineer 6.0