Ucertify pcnse6 exam questions Questions are updated and all pcnse6 dumps answers are verified by experts. Once you have completely prepared with our pcnse6 exam exam prep kits you will be ready for the real pcnse6 exam dumps exam without a problem. We have Latest Paloalto Networks pcnse6 exam dumps study guide. PASSED pcnse6 exam dumps First attempt! Here What I Did.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Paloalto Networks PCNSE6 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW PCNSE6 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/PCNSE6-exam-dumps.html
Q21. What is the name of the debug save file for IPSec VPN tunnels?
A. set vpn all up
B. test vpn ike-sa
C. request vpn IPsec-sa test
D. Ikemgr.pcap
Answer: D
Q22. As the Palo Alto Networks administrator, you have enabled Application Block pages. Afterward, some users do not receive web-based feedback for all denied applications. Why would this be?
A. Some users are accessing the Palo Alto Networks firewall through a virtual system that does not have Application Block pages enabled.
B. Application Block Pages will only be displayed when Captive Portal is configured
C. Some Application ID's are set with a Session Timeout value that is too low.
D. Application Block Pages will only be displayed when users attempt to access a denied web-based application.
Answer: D
Q23. What is the size limitation of files manually uploaded to WildFire
A. Configuarable up to 10 megabytes
B. Hard-coded at 10 megabytes
C. Hard-coded at 2 megabytes
D. Configuarable up to 20 megabytes
Answer: A
Q24. Which two interface types provide support for network address translation (NAT)? Choose 2 answers
A. HA
B. Tap
C. Layer3
D. Virtual Wire
E. Layer2
Answer: C,D
Explanation:
Reference: https://live.paloaltonetworks.com/servlet/JiveServlet/previewBody/1517-102-7-11647/Understanding_NAT-4.1-RevC.pdf
Q25. Taking into account only the information in the screenshot above, answer the following question. In order for ping traffic to traverse this device from e1/2 to e1/1, what else needs to be configured? Select all that apply.
A. Security policy from trust zone to Internet zone that allows ping
B. Create the appropriate routes in the default virtual router
C. Security policy from Internet zone to trust zone that allows ping
D. Create a Management profile that allows ping. Assign that management profile to e1/1 and e1/2
Answer: A,D
Q26. A security architect has been asked to implement User-ID in a MacOS environment with no enterprise email, using a Sun LDAP server for user authentication.
In this environment, which two User-ID methods are effective for mapping users to IP addresses? Choose 2 answers
A. Terminal Server Agent
B. Mac OS Agent
C. Captive Portal
D. GlobalProtect
Answer: C,D
Q27. A company is in the process of upgrading their existing Palo Alto Networks firewalls from version 6.1.0 to 6.1.1.
Which three methods can the firewall administrator use to install PAN-OS 6.1.1 across the enterprise? Choose 3 answers
A. Push the PAN-OS 6.1.1 updates from the support site to install on each firewall.
B. Download PAN-OS 6.1.1 files from the support site and install them on each firewall after manually uploading.
C. Download PAN-OS 6.1.1 to a USB drive and the firewall will automatically update after the USB drive is inserted in the firewall.
D. Push the PAN-OS 6.1.1 update from one firewall to all of the other remaining after updating one firewall.
E. Download and push PAN-OS 6.1.1 from Panorama to each firewall.
F. Download and install PAN-OS 6.1.1 directly on each firewall.
Answer: B,E,F
Explanation:
Reference: https://live.paloaltonetworks.com/docs/DOC-1062
Q28. In the following display, ethernetl/6 is configured with an interface management profile that allows ping with no restriction on the source address:
Given the following security policy rule base:
What is the result of a ping sent from an address on the Trust-L3 zone to the IP address of ethernet1/6?
A. The firewall will send an ICMP redirect message to the client.
B. The client will receive an ICMP "destination unreachable" packet.
C. The interface will respond.
D. The traffic will be dropped by the firewall.
Answer: D
Q29. A "Continue" action can be configured on the following Security Profiles:
A. URL Filtering, File Blocking, and Data Filtering
B. URL Filteringn
C. URL Filtering and Antivirus
D. URL Filtering and File Blocking
Answer: D
Q30. Which of the following would be a reason to use an XML API to communicate with a Palo Alto Networks firewall?
A. So that information can be pulled from other network resources for User-ID
B. To allow the firewall to push UserID information to a Network Access Control (NAC) device.
C. To permit sys logging of User Identification events
Answer: B
