Proper study guides for Regenerate Paloalto Networks Palo Alto Networks Certified Network Security Engineer 6.0 certified begins with Paloalto Networks pcnse6 dumps preparation products which designed to deliver the Breathing pcnse6 exam dumps questions by making you pass the pcnse6 exam questions test at your first time. Try the free pcnse6 exam dumps demo right now.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Paloalto Networks PCNSE6 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW PCNSE6 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/PCNSE6-exam-dumps.html
Q11. How is the Forward Untrust Certificate used?
A. It issues certificates encountered on the Untrust security zone.
B. It is used for Captive Portal to identify unknown users.
C. It is used when web servers request a client certificate.
D. It is the issuer for an external certificate which is not trusted by the firewall.
Answer: D
Q12. Which of the following must be enabled in order for UserID to function?
A. Captive Portal Policies must be enabled.
B. UserID must be enabled for the source zone of the traffic that is to be identified.
C. Captive Portal must be enabled.
D. Security Policies must have the UserID option enabled.
Answer: B
Q13. HOTSPOT
Within a Zone Protection Profile, under the Reconnaissance Protection tab, there are several possible values for Action:
Match each Reconnaissance Protection Action to its description. Answer options may be used more than once or not at all.
Answer:
Q14. What are two sources of information for determining if the firewall has been successful in communicating with an external User-ID Agent?
A. System Logs and the indicator light under the User-ID Agent settings in the firewall
B. There's only one location - System Logs
C. There's only one location - Traffic Logs
D. System Logs and indicator light on the chassis
Answer: A
Q15. A company hosts a publicly-accessible web server behind their Palo Alto Networks firewall, with this configuration information:
Users outside the company are in the "Untrust-L3" zone.
The web server physically resides in the "Trust-L3" zone.
Web server public IP address: 1.1.1.1
Web server private IP address: 192.168.1.10
Which NAT Policy rule will allow users outside the company to access the web server?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: B
Q16. Administrative Alarms can be enabled for which of the following except?
A. Certificate Expirations
B. Security Violation Thresholds
C. Security Policy Tags
D. Traffic Log capacity
Answer: A
Q17. Which two interface types can be used when configuring GlobalProtect Portal? Choose 2 answers
A. Virtual Wire
B. Loopback
C. Tunnel
D. Layer3
Answer: B,D
Explanation:
Reference: https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/framemaker/61/globalprotect/globalprotect-admin-guide.pdf page 10
Q18. Palo Alto Networks firewalls support the use of both Dynamic (built-in user roles) and Role-Based (customized user roles)
A. True
B. False
Answer: A
Q19. A Palo Alto Networks firewall is being targeted by an NTP Amplification attack and is being flooded with tens of thousands of bogus UDP connections per second to a single destination IP address and port.
Which option, when enabled with the correct threshold, would mitigate this attack without dropping legitimate traffic to other hosts inside the network?
A. Zone Protection Policy with UDP Flood Protection
B. Classified DoS Protection Policy using destination IP only with a Protect action
C. QoS Policy to throttle traffic below maximum limit
D. Security Policy rule to deny traffic to the IP address and port that is under attack
Answer: B
Explanation:
Reference: https://live.paloaltonetworks.com/docs/DOC-1746
Q20. Given the following routing table:
Which configuration change on the firewall would cause it to use 10.66.24.88 as the nexthop for the 192.168.93.0/30 network?
A. Configuring the Administrative Distance for RIP to be higher than that of OSPF Ext
B. Configuring the metric for RIP to be higher than that of OSPF Int
C. Configuring the metric for RIP to be lower than that of OSPF Ext
D. Configuring the Administrative Distance for RIP to be lower than that of OSPF Int
Answer: D
Explanation:
Reference: https://live.paloaltonetworks.com/servlet/JiveServlet/previewBody/5284-102-3-17278/Route%20Redistribution%20and%20Filtering%20TechNote%20-%20Rev%20B.pdf
