You can create notes on the Pdf files. Download the examination engine on your own PC and spend one or perhaps two hours practicing the actual Paloalto Networks simulated test every single day. You can in addition visit our Knowledge Exchange Forum from Testking home web site. And then converse with just about all our clients who are the actual Paloalto Networks Paloalto Networks certification candidates. You will become better prepared for that PCNSE6 exam.

2021 Sep PCNSE6 practice exam

Q11. In PAN-OS 5.0, which of the following features is supported with regards to IPv6? 


B. NAT64 

C. IPSec VPN tunnels 

D. None of the above 

Answer: B 

Q12. You have decided to implement a Virtual Wire Subinterface. Which options can be used to classify traffic? 

A. Either VLAN tag or IP address, provided that each tag or ID is contained in the same zone. 

B. Subinterface ID and VLAN tag only 

C. By Zone and/or IP Classifier 

D. VLAN tag, or VLAN tag plus IP address (IP address, IP range, or subnet). 

Answer: D 

Q13. A user complains that they are no longer able to access a needed work application after you have implemented vulnerability and anti-spyware profiles. The user's application uses a unique port. What is the most efficient way to allow the user access to this application? 

A. Utilize an Application Override Rule, referencing the custom port utilzed by this application. Application Override rules bypass all Layer 7 inspection, thereby allowing access to this application. 

B. In the Threat log, locate the event which is blocking access to the user's application and create a IP-based exemption for this user. 

C. In the vulnerability and anti-spyware profiles, create an application exemption for the user's application. 

D. Create a custom Security rule for this user to access the required application. Do not apply vulnerability and anti-spyware profiles to this rule. 

Answer: B 

Q14. Wildfire may be used for identifying which of the following types of traffic? 

A. URL content 



D. Viruses 

Answer: D 

Q15. It is discovered that WebandNetTrends Unlimited’s new web server software produces traffic that the Palo Alto Networks firewall sees as "unknown-tcp" traffic. 

Which two configurations would identify the application while preserving the ability of the firewall to perform content and threat detection on the traffic? Choose 2 answers 

A. A custom application, with a name properly describing the new web server s purpose 

B. A custom application and an application override policy that assigns traffic going to and from the web server to the custom application 

C. An application override policy that assigns the new web server traffic to the built-in application "web-browsing" 

D. A custom application with content and threat detection enabled, which includes a signature, identifying the new web server s traffic 

Answer: A,B 

PCNSE6 latest exam

Up to the minute PCNSE6 free question:

Q16. After pushing a security policy from Panorama to a PA-3020 firewall, the firewall administrator notices that traffic logs from the PA-3020 are not appearing in Panorama's traffic logs. 

What could be the problem? 

A. The firewall is not licensed for logging to this Panorama device. 

B. Panorama is not licensed to receive logs from this particular firewall. 

C. None of the firewall’s policies have been assigned a Log Forwarding profile. 

D. A Server Profile has not been configured for logging to this Panorama device. 

Answer: C 

Q17. By default, all PA-5060 syslog data is forwarded out the Management interface. What needs to be configured in order to send syslog data out of a different interface? 

A. Configure Service Route Only for Threats and URL Filtering, and the traffic will use the same route. 

B. Configure an Interface Management Profile and apply it to the interface that the syslogs will be sent through. 

C. Configure a Service Route for the Syslog service to use a dataplane interface. 

D. Create a Log-Forwarding Profile that points to the device that will receive the syslogs. 

Answer: C 



Q18. What will the user experience when browsing a Blocked hacking website such as via Google Translator? 

A. The URL filtering policy to Block is enforced 

B. It will be translated successfully 

C. It will be redirected to 

D. User will get "HTTP Error 503 - Service unavailable" message 

Answer: A 

Q19. Which statement accurately reflects the functionality of using regions as objects in Security policies? 

A. Predefined regions are provided for countries, not but not for cities. The administrator can set up custom regions, including latitude and longitude, to specify the geographic position of that particular region. 

B. The administrator can set up custom regions, including latitude and longitude, to specify the geographic position of that particular region. These custom regions can be used in the "Source User" field of the Security Policies. 

C. Regions cannot be used in the "Source User" field of the Security Policies, unless the administrator has set up custom regions. 

D. The administrator can set up custom regions, including latitude and longitude, to specify the geographic position of that particular region. Both predefined regions and custom regions can be used in the "Source User" field. 

Answer: A 

Q20. What is a prerequisite for configuring a pair of Palo Alto Networks firewalls in an Active/Passive High Availability (HA) pair? 

A. The peer HA1 IP address must be the same on both firewalls. 

B. The management interfaces must be on the same network. 

C. The firewalls must have the same set of licenses. 

D. The HA interfaces must be directly connected to each other. 

Answer: C 


Reference: page 134