Exam Code: pcnse6 pdf (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Palo Alto Networks Certified Network Security Engineer 6.0
Certification Provider: Paloalto Networks
Free Today! Guaranteed Training- Pass pcnse6 pdf Exam.

Q16. Which two steps are required to make Microsoft Active Directory users appear in the firewall’s traffic log? Choose 2 answers 

A. Enable User-ID on the zone object for the source zone. 

B. Enable User-ID on the zone object for the destination zone. 

C. Configure a RADIUS server profile to point to a domain controller. 

D. Run the User-ID Agent using an Active Directory account that has "domain administrator" permissions. 

E. Run the User-ID Agent using an Active Directory account that has "event log viewer" permissions. 

Answer: A,E 

Q17. You have decided to implement a Virtual Wire Subinterface. Which options can be used to classify traffic? 

A. Either VLAN tag or IP address, provided that each tag or ID is contained in the same zone. 

B. Subinterface ID and VLAN tag only 

C. By Zone and/or IP Classifier 

D. VLAN tag, or VLAN tag plus IP address (IP address, IP range, or subnet). 


Q18. To create a custom signature object for an Application Override Policy, which of the following fields are mandatory? 

A. Category 

B. Regular Expressions 

C. Ports 

D. Characteristics 


Q19. Which mode will allow a user to choose how they wish to connect to the GlobalProtect Network as they would like? 

A. Single Sign-On Mode 

B. On Demand Mode 

C. Always On Mode 

D. Optional Mode 


Q20. In the following display, ethernetl/6 is configured with an interface management profile that allows ping with no restriction on the source address: 

Given the following security policy rule base: 

What is the result of a ping sent from an address on the Trust-L3 zone to the IP address of ethernet1/6? 

A. The firewall will send an ICMP redirect message to the client. 

B. The client will receive an ICMP "destination unreachable" packet. 

C. The interface will respond. 

D. The traffic will be dropped by the firewall. 


Q21. Which three inspections can be performed with a next-generation firewall but NOT with a legacy firewall? Choose 3 answers 

A. Recognizing when SSH sessions are using SSH v1 instead of SSH v2 

B. Validating that UDP port 53 packets are not being used to tunnel data for another protocol 

C. Identifying unauthorized applications that attempt to connect over non-standard ports 

D. Allowing a packet through from an external DNS server only if an internal host recently queried that DNS server 

E. Removing from the session table any TCP session without traffic for 3600 seconds 

Answer: B,C,D 

Q22. A "Continue" action can be configured on the following Security Profiles: 

A. URL Filtering, File Blocking, and Data Filtering 

B. URL Filteringn 

C. URL Filtering and Antivirus 

D. URL Filtering and File Blocking 


Q23. Enabling "Highlight Unsused Rules" in the Security policy window will: 

A. Hightlight all rules that did not immmediately match traffic. 

B. Hightlight all rules that did not match traffic since the rule was created or since last reboot of the firewall 

C. Allows the administrator to troubleshoot rules when a validation error occurs at the time of commit. 

D. Allow the administrator to temporarily disable rules that do not match traffic, for testing purposes 


Q24. As the Palo Alto Networks administrator, you have enabled Application Block pages. Afterward, some users do not receive web-based feedback for all denied applications. Why would this be? 

A. Some users are accessing the Palo Alto Networks firewall through a virtual system that does not have Application Block pages enabled. 

B. Application Block Pages will only be displayed when Captive Portal is configured 

C. Some Application ID's are set with a Session Timeout value that is too low. 

D. Application Block Pages will only be displayed when users attempt to access a denied web-based application. 


Q25. Wildfire may be used for identifying which of the following types of traffic? 

A. Malware 



D. URL Content 


Q26. What built-in administrator role allows all rights except for the creation of administrative accounts and virtual systems? 

A. superuser 

B. vsysadmin 

C. A custom role is required for this level of access 

D. deviceadmin 


Q27. Which of the following must be enabled in order for UserID to function? 

A. Captive Portal Policies must be enabled. 

B. UserID must be enabled for the source zone of the traffic that is to be identified. 

C. Captive Portal must be enabled. 

D. Security Policies must have the UserID option enabled. 


Q28. How do you limit the amount of information recorded in the URL Content Filtering Logs? 

A. Enable DSRI 

B. Disable URL packet captures 

C. Enable URL log caching 

D. Enable Log container page only 


Q29. When a user logs in via Captive Portal, their user information can be checked against: 

A. Terminal Server Agent 

B. Security Logs 


D. Radius 


Q30. When creating an application filter, which of the following is true? 

A. They are used by malware 

B. Excessive bandwidth may be used as a filter match criteria 

C. They are called dynamic because they automatically adapt to new IP addresses 

D. They are called dynamic because they will automatically include new applications from an application signature update if the new application's type is included in the filter