Validated of PCNSE6 exam topics materials and resource for Paloalto Networks certification for IT learners, Real Success Guaranteed with Updated PCNSE6 pdf dumps vce Materials. 100% PASS Palo Alto Networks Certified Network Security Engineer 6.0 exam Today!
2021 Sep PCNSE6 simulations
Q71. When a user logs in via Captive Portal, their user information can be checked against:
A. Terminal Server Agent
B. Security Logs
C. XML API
D. Radius
Answer: D
Q72. A website is presenting an RSA 2048-bit key. By default, what will the size of the key in the certificate sent by the firewall to the client be when doing SSL Decryption?
A. 512 bits
B. 1024 bits
C. 2048 bits
D. 4096 bits
Answer: C
Explanation:
Reference: https://www.paloaltonetworks.com/documentation/61/pan-os/newfeaturesguide/management-features/configurable-key-size-for-ssl-forward-proxy-server-certificates.html
Q73. When configuring a Decryption Policy, which of the following are available as matching criteria in a policy? (Choose 3)
A. Source Zone
B. Source User
C. Service
D. URL-Category
E. Application
Answer: A,B,D
Q74. HOTSPOT
Match the description of an application field with its name.
Answer options may be used more than once or not at all.
Answer:
Q75. Which feature can be configured with an IPv6 address?
A. Static Route
B. RIPv2
C. DHCP Server
D. BGP
Answer: A
Explanation:
Reference: https://live.paloaltonetworks.com/docs/DOC-5493
Leading PCNSE6 practice:
Q76. In PAN-OS 6.0, rule numbers were introduced. Rule Numbers are:
A. Dynamic numbers that refer to a security policy’s order and are especially useful when filtering security policies by tags
B. Numbers referring to when the security policy was created and do not have a bearing on the order of policy enforcement
C. Static numbers that must be manually re-numbered whenever a new security policy is added
Answer: A
Q77. Where can the maximum concurrent SSL VPN Tunnels be set for Vsys2 when provisioning a Palo Alto Networks firewall for multiple virtual systems?
A. In the GUI under Network->Global Protect->Gateway->Vsys2
B. In the GUI under Device->Setup->Session->Session Settings
C. In the GUI under Device->Virtual Systems->Vsys2->Resource
D. In the GUI under Network->Global Protect->Portal->Vsys2
Answer: C
Explanation:
Reference: https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/tech-briefs/virtual-systems.pdf page 6
Q78. Can multiple administrator accounts be configured on a single firewall?
A. Yes
B. No
Answer: A
Q79. A user complains that they are no longer able to access a needed work application after you have implemented vulnerability and anti-spyware profiles. The user's application uses a unique port. What is the most efficient way to allow the user access to this application?
A. Utilize an Application Override Rule, referencing the custom port utilzed by this application. Application Override rules bypass all Layer 7 inspection, thereby allowing access to this application.
B. In the Threat log, locate the event which is blocking access to the user's application and create a IP-based exemption for this user.
C. In the vulnerability and anti-spyware profiles, create an application exemption for the user's application.
D. Create a custom Security rule for this user to access the required application. Do not apply vulnerability and anti-spyware profiles to this rule.
Answer: B
Q80. Two firewalls are configured in an Active/Passive High Availability (HA) pair with the following election settings:
Firewall 5050-B is presently in the "Active" state and 5050-A is presently in the "Passive" state. Firewall 5050-B reboots causing 5050-A to become Active.
Which firewall will be in the "Active" state after firewall 5050-B has completed its reboot and is back online?
A. Both firewalls are active (split brain)
B. Firewall 5050-B
C. Firewall 5050-A
D. It could be either firewall
Answer: B
Explanation:
Reference: https://live.paloaltonetworks.com/docs/DOC-2926