Want to know Exambible pcnse6 exam dumps Exam practice test features? Want to lear more about Paloalto Networks Palo Alto Networks Certified Network Security Engineer 6.0 certification experience? Study Actual Paloalto Networks pcnse6 exam dumps answers to Improve pcnse6 dumps questions at Exambible. Gat a success with an absolute guarantee to pass Paloalto Networks pcnse6 exam (Palo Alto Networks Certified Network Security Engineer 6.0) test on your first attempt.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Paloalto Networks PCNSE6 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW PCNSE6 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/PCNSE6-exam-dumps.html
Q81. Where can the maximum concurrent SSL VPN Tunnels be set for Vsys2 when provisioning a Palo Alto Networks firewall for multiple virtual systems?
A. In the GUI under Network->Global Protect->Gateway->Vsys2
B. In the GUI under Device->Setup->Session->Session Settings
C. In the GUI under Device->Virtual Systems->Vsys2->Resource
D. In the GUI under Network->Global Protect->Portal->Vsys2
Answer: C
Explanation:
Reference: https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/tech-briefs/virtual-systems.pdf page 6
Q82. Which two statements are true about DoS Protection Profiles and Policies? Choose 2 answers
A. They mitigate against SYN, UDP, ICMP, ICMPv6, and other IP Flood attacks on a zone basis, regardless of interface(s). They provide reconnaissance protection against TCP/UDP port scans and host sweeps.
B. They mitigate against SYN, UDP, ICMP, ICMPv6, and other IP Flood attacks. They provide resource protection by limiting the number of sessions that can be used.
C. They mitigate against volumetric attacks that leverage known vulnerabilities, brute force methods, amplification, spoofing, and other vulnerabilities.
D. They mitigate against SYN, UDP, ICMP, ICMPv6, and other IP Flood attacks by utilizing "random early drop".
Answer: B,D
Explanation:
Reference: https://live.paloaltonetworks.com/servlet/JiveServlet/previewBody/7158-102-3-25328/Application%20DDoS%20Mitigation.pdf page 4
Q83. You are configuring a File Blocking Profile to be applied to all outbound traffic uploading a specific file type, and there is a specific application that you want to match in the policy.
What are three valid actions that can be set when the specified file is detected? Choose 3 answers
A. Reset-both
B. Block
C. Continue
D. Continue-and-forward
E. Upload
Answer: B,C,D
Explanation:
Reference: https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/framemaker/60/pan-os/pan-os/section_8.pdf page 287
Q84. When an interface is in Tap mode and a policy action is set to block, the interface will send a TCP reset.
A. True
B. False
Answer: B
Q85. Taking into account only the information in the screenshot above, answer the following question. Which applications will be allowed on their standard ports? (Select all correct answers.)
A. BitTorrent
B. Gnutella
C. Skype
D. SSH
Answer: A,D
Q86. Two firewalls are configured in an Active/Passive High Availability (HA) pair with the following election settings:
Firewall 5050-B is presently in the "Active" state and 5050-A is presently in the "Passive" state. Firewall 5050-B reboots causing 5050-A to become Active.
Which firewall will be in the "Active" state after firewall 5050-B has completed its reboot and is back online?
A. Both firewalls are active (split brain)
B. Firewall 5050-B
C. Firewall 5050-A
D. It could be either firewall
Answer: B
Explanation:
Reference: https://live.paloaltonetworks.com/docs/DOC-2926
Q87. Which link is used by an Active-Passive cluster to synchronize session information?
A. The Data Link
B. The Control Link
C. The Uplink
D. The Management Link
Answer: A
Q88. To properly configure DOS protection to limit the number of sessions individually from specific source IPs you would configure a DOS Protection rule with the following characteristics:
A. Action: Protect, Classified Profile with "Resources Protection" configured, and Classified Address with "source-ip-only" configured
B. Action: Deny, Aggregate Profile with "Resources Protection" configured
C. Action: Protect, Aggregate Profile with "Resources Protection" configured
D. Action: Deny, Classified Profile with "Resources Protection" configured, and Classified Address with "source-ip-only" configured
Answer: A
Q89. What happens at the point of Threat Prevention license expiration?
A. Threat Prevention no longer updated; existing database still effective
B. Threat Prevention is no longer used; applicable traffic is allowed
C. Threat Prevention no longer used; applicable traffic is blocked
D. Threat Prevention no longer used; traffic is allowed or blocked by configuration per Security Rule
Answer: A
Q90. It is discovered that WebandNetTrends Unlimited’s new web server software produces traffic that the Palo Alto Networks firewall sees as "unknown-tcp" traffic.
Which two configurations would identify the application while preserving the ability of the firewall to perform content and threat detection on the traffic? Choose 2 answers
A. A custom application, with a name properly describing the new web server s purpose
B. A custom application and an application override policy that assigns traffic going to and from the web server to the custom application
C. An application override policy that assigns the new web server traffic to the built-in application "web-browsing"
D. A custom application with content and threat detection enabled, which includes a signature, identifying the new web server s traffic
Answer: A,B
