Exambible offers free demo for pcnse6 exam dumps exam. "Palo Alto Networks Certified Network Security Engineer 6.0", also known as pcnse6 exam exam, is a Paloalto Networks Certification. This set of posts, Passing the Paloalto Networks pcnse6 pdf exam, will help you answer those questions. The pcnse6 study guide Questions & Answers covers all the knowledge points of the real exam. 100% real Paloalto Networks pcnse6 dumps exams and revised by experts!

Q16. The "Drive-By Download" protection feature, under File Blocking profiles in Content-ID, provides: 

A. Password-protected access to specific file downloads, for authorized users increased speed on the downloads of the allowed file types 

B. Protection against unwanted downloads, by alerting the user with a response page indicating that file is going to be downloaded 

C. The Administrator the ability to leverage Authentication Profiles in order to protect against unwanted downloads 

Answer:


Q17. Which fields can be altered in the default Vulnerability Protection Profile? A. Category 

B. Severity 

C. None 

Answer:


Q18. As the Palo Alto Networks administrator, you have enabled Application Block pages. Afterward, some users do not receive web-based feedback for all denied applications. Why would this be? 

A. Some users are accessing the Palo Alto Networks firewall through a virtual system that does not have Application Block pages enabled. 

B. Application Block Pages will only be displayed when Captive Portal is configured 

C. Some Application ID's are set with a Session Timeout value that is too low. 

D. Application Block Pages will only be displayed when users attempt to access a denied web-based application. 

Answer:


Q19. Which statement accurately reflects the functionality of using regions as objects in Security policies? 

A. Predefined regions are provided for countries, not but not for cities. The administrator can set up custom regions, including latitude and longitude, to specify the geographic position of that particular region. 

B. The administrator can set up custom regions, including latitude and longitude, to specify the geographic position of that particular region. These custom regions can be used in the "Source User" field of the Security Policies. 

C. Regions cannot be used in the "Source User" field of the Security Policies, unless the administrator has set up custom regions. 

D. The administrator can set up custom regions, including latitude and longitude, to specify the geographic position of that particular region. Both predefined regions and custom regions can be used in the "Source User" field. 

Answer:


Q20. What is the name of the debug save file for IPSec VPN tunnels? 

A. set vpn all up 

B. test vpn ike-sa 

C. request vpn IPsec-sa test 

D. Ikemgr.pcap 

Answer:


Q21. Select the implicit rules enforced on traffic failing to match any user defined Security Policies: 

A. Intra-zone traffic is denied 

B. Inter-zone traffic is denied 

C. Intra-zone traffic is allowed 

D. Inter-zone traffic is allowed 

Answer: B,C 


Q22. Which authentication method can provide role-based administrative access to firewalls running PAN-OS? 

A. LDAP 

B. Certificate-based authentication 

C. Kerberos 

D. RADIUS with Vendor Specific Attributes 

Answer:


Q23. When configuring a Decryption Policy, which of the following are available as matching criteria in a policy? (Choose 3) 

A. Source Zone 

B. Source User 

C. Service 

D. URL-Category 

E. Application 

Answer: A,B,D 


Q24. Which two interface types provide support for network address translation (NAT)? Choose 2 answers 

A. HA 

B. Tap 

C. Layer3 

D. Virtual Wire 

E. Layer2 

Answer: C,D 

Explanation: 

Reference: https://live.paloaltonetworks.com/servlet/JiveServlet/previewBody/1517-102-7-11647/Understanding_NAT-4.1-RevC.pdf 


Q25. A firewall administrator is troubleshooting problems with traffic passing through the Palo Alto Networks firewall. 

Which method will show the global counters associated with the traffic after configuring the appropriate packet filters? 

A. From the CLI, issue the show counter interface command for the egress interface. 

B. From the GUI, select "Show global counters" under the Monitor tab. 

C. From the CLI, issue the show counter global filter packet-filter yes command. 

D. From the CLI, issue the show counter interface command for the ingress interface. 

Answer:

Explanation: 

Reference: https://live.paloaltonetworks.com/docs/DOC-7971 


Q26. What is the default setting for 'Action' in a Decryption Policy's rule? 

A. No-decrypt 

B. Decrypt 

C. Any 

D. None 

Answer:


Q27. What will the user experience when attempting to access a blocked hacking website through a translation service such as Google Translate or Bing Translator? 

A. A “Blocked” page response when the URL filtering policy to block is enforced. 

B. A “Success” page response when the site is successfully translated. 

C. The browser will be redirected to the original website address. 

D. An "HTTP Error 503 Service unavailable" message. 

Answer:


Q28. Which of the following objects cannot use User-ID as a match criteria? 

A. Security Policies 

B. QoS 

C. Policy Based Forwarding 

D. DoS Protection 

E. None of the above 

Answer:


Q29. Which of the following fields is not available in DoS policy? 

A. Destination Zone 

B. Source Zone 

C. Application 

D. Service 

Answer:


Q30. When configuring Security rules based on FQDN objects, which of the following statements are true? 

A. The firewall resolves the FQDN first when the policy is committed, and is refreshed each time Security rules are evaluated. 

B. The firewall resolves the FQDN first when the policy is committed, and is refreshed at TTL expiration. There is no limit on the number of IP addresses stored for each resolved FQDN. 

C. In order to create FQDN-based objects, you need to manually define a list of associated IP. Up to 10 IP addresses can be configured for each FQDN entry. 

D. The firewall resolves the FQDN first when the policy is committed, and is refreshed at TTL expiration. The resolution of this FQDN stores up to 10 different IP addresses. 

Answer: