PCNSE6 Exam Questions

Which option allows an administrator to segrate Panorama and Syslog traffic, so that the Management Interface is not employed when sending these types of traffic?

To properly configure DOS protection to limit the number of sessions individually from specific source IPs you would configure a DOS Protection rule with the following characterist...

Where can the maximum concurrent SSL VPN Tunnels be set for Vsys2 when provisioning a Palo Alto Networks firewall for multiple virtual systems?

The "Drive-By Download" protection feature, under File Blocking profiles in Content-ID, provides:

What is the name of the debug save file for IPSec VPN tunnels?

You are configuring a File Blocking Profile to be applied to all outbound traffic uploading a specific file type, and there is a specific application that you want to match in the...

When setting up GlobalProtect, what is the job of the GlobalProtect Portal? Select the best answer

via Google Translator?

In order to route traffic between layer 3 interfaces on the PAN firewall you need:

Wildfire may be used for identifying which of the following types of traffic?

Wildfire may be used for identifying which of the following types of traffic?

As a Palo Alto Networks firewall administrator, you have made unwanted changes to the Candidate configuration. These changes may be undone by Device > Setup > Operations > Configur...

A company wants to run their pair of PA-200 firewalls in a High Availability Active/Passive configuration and will be using HA-Lite. Which capability can be used in this situation?

Which of the following must be configured when deploying User-ID to obtain information from an 802.1x authenticator?

To create a custom signature object for an Application Override Policy, which of the following fields are mandatory?

For non-Microsoft clients, what Captive Portal method is supported?

Which of the following objects cannot use User-ID as a match criteria?

An Outbound SSL forward-proxy decryption rule cannot be created using which type of zone?

A Palo Alto Networks firewall has the following interface configuration; Hosts are directly connected on the following interfaces: Ethernet 1/6 -Host IP 192.168.62.2 Ethernet 1/3 -...

Which best describes how Palo Alto Networks firewall rules are applied to a session?

A company has a web server behind their Palo Alto Networks firewall that they would like to make accessible to the public. They have decided to configure a destination NAT Policy r...

What built-in administrator role allows all rights except for the creation of administrative accounts and virtual systems?

Company employees have been given access to the GlobalProtect Portal at https://portal.company.com: Assume the following: 1. The firewall is configured to resolve DNS names using t...

What will the user experience when attempting to access a blocked hacking website through a translation service such as Google Translate or Bing Translator?

How do you limit the amount of information recorded in the URL Content Filtering Logs?

Which of the following describes the sequence of the Global Protect agent connecting to a Gateway?

When a Palo Alto Networks firewall is forwarding traffic through interfaces configured for L2 mode, security policies can be set to match on multicast IP addresses.

Which of the following are methods HA clusters use to identify network outages?

Which URL Filtering Security Profile action logs the URL Filtering category to the URL Filtering log?

In PANOS 6.0, rule numbers are:

As the Palo Alto Networks administrator, you have enabled Application Block pages. Afterward, some users do not receive web-based feedback for all denied applications. Why would th...

Which of the Dynamic Updates listed below are issued on a daily basis?

When configuring a Decryption Policy, which of the following are available as matching criteria in a policy? (Choose 3)

When Destination Network Address Translation is being performed, the destination in the corresponding Security Policy Rule should use:

When creating a Security Policy to allow Facebook in PAN-OS 5.0, how can you be sure that no other web-browsing traffic is permitted?

A network engineer experienced network reachability problems through the firewall. The routing table on the device is complex. To troubleshoot the problem the engineer ran a Comman...

A user complains that they are no longer able to access a needed work application after you have implemented vulnerability and anti-spyware profiles. The user's application uses a...

Which mode will allow a user to choose how they wish to connect to the GlobalProtect Network as they would like?

A "Continue" action can be configured on the following Security Profiles:

When creating an application filter, which of the following is true?

Which of the following options may be enabled to reduce system overhead when using Content ID?

Traffic going to a public IP address is being translated by your PANW firewall to your web server's private IP. Which IP should the Security Policy use as the "Destination IP" in o...

What option should be configured when using User-ID

A Palo Alto Networks firewall is being targeted by an NTP Amplification attack and is being flooded with tens of thousands of bogus UDP connections per second to a single destinati...

Which fields can be altered in the default Vulnerability Protection Profile?

Which of the following is NOT a valid option for built-in CLI access roles?

What is the default setting for 'Action' in a Decryption Policy's rule?

Which fields can be altered in the default Vulnerability profile?

The following can be configured as a next hop in a Static Route:

Which feature can be configured with an IPv6 address?