Want to know Actualtests pcnse6 pdf Exam practice test features? Want to lear more about Paloalto Networks Palo Alto Networks Certified Network Security Engineer 6.0 certification experience? Study Validated Paloalto Networks pcnse6 exam dumps answers to Down to date pcnse6 exam questions questions at Actualtests. Gat a success with an absolute guarantee to pass Paloalto Networks pcnse6 pdf (Palo Alto Networks Certified Network Security Engineer 6.0) test on your first attempt.

Q46. When setting up GlobalProtect, what is the job of the GlobalProtect Portal? Select the best answer 

A. To maintain the list of remote GlobalProtect Portals and list of categories for checking the client machine 

B. To maintain the list of GlobalProtect Gateways and list of categories for checking the client machine 

C. To load balance GlobalProtect client connections to GlobalProtect Gateways 

D. None of the above 


Q47. Palo Alto Networks maintains a dynamic database of malicious domains. Which two Security Platform components use this database to prevent threats? Choose 2 answers 

A. Brute-force signatures 

B. DNS-based command-and-control signatures 

C. PAN-DB URL Filtering 

D. BrightCloud URL Filtering 

Answer: B,C 


Reference: https://www.paloaltonetworks.com/products/features/apt-prevention.html 

Q48. A security engineer has been asked by management to optimize how Palo Alto Networks firewall syslog messages are forwarded to a syslog receiver. There are currently 20 PA-5060 s, each of which is configured to forward syslogs individually. 

The security engineer would like to leverage their two M-100 appliances to send syslog messages from a single source and has already deployed one in Panorama mode and the other as a Log Collector. 

What is the remaining step in implementing this solution? 

A. Configure Collector Log Forwarding 

B. Configure a Syslog Proxy Profile 

C. Configure a Panorama Log Forwarding Profile 

D. Enable Syslog Aggregation 



Reference: https://live.paloaltonetworks.com/docs/DOC-7987 

Q49. An Outbound SSL forward-proxy decryption rule cannot be created using which type of zone? 

A. Virtual Wire 

B. Tap 

C. L3 

D. L2 


Q50. A company has a policy that denies all applications they classify as bad and permits only applications they classify as good. The firewall administrator created the following security policy on the company s firewall: 

Which two benefits are gained from having both rule 2 and rule 3 present? Choose 2 answers 

A. Different security profiles can be applied to traffic matching rules 2 and 3. 

B. Separate Log Forwarding profiles can be applied to rules 2 and 3. 

C. Rule 2 denies traffic flowing across different TCP and UDP ports than rule 3. 

D. A report can be created that identifies unclassified traffic on the network. 

Answer: A,D 

Q51. What is the default setting for 'Action' in a Decryption Policy's rule? 

A. No-decrypt 

B. Decrypt 

C. Any 

D. None 


Q52. Where can the maximum concurrent SSL VPN Tunnels be set for Vsys2 when provisioning a Palo Alto Networks firewall for multiple virtual systems? 

A. In the GUI under Network->Global Protect->Gateway->Vsys2 

B. In the GUI under Device->Setup->Session->Session Settings 

C. In the GUI under Device->Virtual Systems->Vsys2->Resource 

D. In the GUI under Network->Global Protect->Portal->Vsys2 



Reference: https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/tech-briefs/virtual-systems.pdf page 6 

Q53. A firewall is being attacked with a port scan. Which component can prevent this attack? 

A. DoS Protection 

B. Anti-Spyware 

C. Vulnerability Protection 

D. Zone Protection 



Reference: https://live.paloaltonetworks.com/docs/DOC-4501 

Q54. A security architect has been asked to implement User-ID in a MacOS environment with no enterprise email, using a Sun LDAP server for user authentication. 

In this environment, which two User-ID methods are effective for mapping users to IP addresses? Choose 2 answers 

A. Terminal Server Agent 

B. Mac OS Agent 

C. Captive Portal 

D. GlobalProtect 

Answer: C,D 


Match the components with their role in preventing threats. 

Answer options may be used more than once or not at all. 


Q56. After pushing a security policy from Panorama to a PA-3020 firewall, the firewall administrator notices that traffic logs from the PA-3020 are not appearing in Panorama's traffic logs. 

What could be the problem? 

A. The firewall is not licensed for logging to this Panorama device. 

B. Panorama is not licensed to receive logs from this particular firewall. 

C. None of the firewall’s policies have been assigned a Log Forwarding profile. 

D. A Server Profile has not been configured for logging to this Panorama device. 


Q57. What can cause missing SSL packets when performing a packet capture on data plane interfaces? 

A. There is a hardware problem with the offloading FPGA on the management plane. 

B. The missing packets are offloaded to the management plane CPU. 

C. The packets are hardware offloaded to the offload processor on the data plane. 

D. The packets are not captured because they are encrypted. 



Reference: https://live.paloaltonetworks.com/docs/DOC-8621 

Q58. Which of the following is NOT a valid option for built-in CLI access roles? 

A. read/write 

B. superusers 

C. vsysadmin 

D. deviceadmin 


Q59. Administrative Alarms can be enabled for which of the following except? 

A. Certificate Expirations 

B. Security Violation Thresholds 

C. Security Policy Tags 

D. Traffic Log capacity 


Q60. When configuring Admin Roles for Web UI access, what are the available access levels? 

A. Enable and Disable only 

B. None, Superuser, Device Administrator 

C. Allow and Deny only 

D. Enable, Read-Only and Disable