PCNSE6 Exam Questions

After pushing a security policy from Panorama to a PA-3020 firewall, the firewall administrator notices that traffic logs from the PA-3020 are not appearing in Panorama's traffic l...

Which mechanism is used to trigger a High Availability (HA) failover if a firewall interface goes down?

The WildFire Cloud or WF-500 appliance provide information to which two Palo Alto Networks security services? Choose 2 answers

Which of the following are accurate statements describing the HA3 link in an Active-Active HA deployment?

Which statement accurately reflects the functionality of using regions as objects in Security policies?

How is the Forward Untrust Certificate used?

Where in the firewall GUI can an administrator see how many sessions of web-browsing traffic have occurred in the last day?

A company has a policy that denies all applications they classify as bad and permits only applications they classify as good. The firewall administrator created the following secur...

Ethernet 1/1 has been configured with the following subinterfaces: The following security policy is applied: The Interface Management Profile permits the following: Your customer i...

Subsequent to the installation of new licenses, the firewall must be rebooted

Taking into account only the information in the screenshot above, answer the following question. In order for ping traffic to traverse this device from e1/2 to e1/1, what else need...

Palo Alto Networks firewalls support the use of both Dynamic (built-in user roles) and Role-Based (customized user roles)

How can a Palo Alto Networks firewall be configured to send syslog messages in a format compatible with nonstandard syslog servers?

What has happened when the traffic log shows an internal host attempting to open a session to a properly configured sinkhole address?

A local/enterprise PKI system is required to deploy outbound forward proxy SSL decryption capabilities.

You'd like to schedule a firewall policy to only allow a certain application during a particular time of day. Where can this policy option be configured?

A company hosts a publicly-accessible web server behind their Palo Alto Networks firewall, with this configuration information: Users outside the company are in the "Untrust-L3" zo...

Which three processor types are found on the data plane of a PA-5050? Choose 3 answers

When configuring Admin Roles for Web UI access, what are the available access levels?

As the Palo Alto Networks administrator responsible for User Identification, you are looking for the simplest method of mapping network users that do not sign into LDAP. Which info...

You have decided to implement a Virtual Wire Subinterface. Which options can be used to classify traffic?

Which source address translation type will allow multiple devices to share a single translated source address while using a single NAT Policy rule?

When Network Address Translation has been performed on traffic, Destination Zones in Security rules should be based on:

Which three engines are built into the Single-Pass Parallel Processing Architecture? Choose 3 answers

Which of the following would be a reason to use an XML API to communicate with a Palo Alto Networks firewall?

Which routing protocol is supported on the Palo Alto Networks platform?

After configuring Captive Portal in Layer 3 mode, users in the Trust Zone are not receiving the Captive Portal authentication page when they launch their web browsers. How can this...

Given the following routing table: Which configuration change on the firewall would cause it to use 10.66.24.88 as the nexthop for the 192.168.93.0/30 network?

In PAN-OS 6.0, rule numbers were introduced. Rule Numbers are:

Will an exported configuration contain Management Interface settings?

In PAN-OS 5.0, which of the following features is supported with regards to IPv6?

With IKE, each device is identified to the other by a Peer ID. In most cases, this is just the public IP address of the device. In situations where the public ID is not static, thi...

Which of the following must be enabled in order for UserID to function?

Taking into account only the information in the screenshot above, answer the following question. Which applications will be allowed on their standard ports? (Select all correct ans...

Which link is used by an Active-Passive cluster to synchronize session information?

What new functionality is provided in PAN-OS 5.0 by Palo Alto Networks URL Filtering Database (PAN-DB)?

Which Security Policy rule configuration option disables antivirus and anti-spyware scanning of server-to-client flows only?

Which two interface types can be used when configuring GlobalProtect Portal? Choose 2 answers

After migrating from an ASA firewall, the VPN connection between a remote network and the Palo Alto Networks firewall is not establishing correctly. The following entry is appearin...

A security architect has been asked to implement User-ID in a MacOS environment with no enterprise email, using a Sun LDAP server for user authentication. In this environment, whic...

A website is presenting an RSA 2048-bit key. By default, what will the size of the key in the certificate sent by the firewall to the client be when doing SSL Decryption?

Administrative Alarms can be enabled for which of the following except?

A company has purchased a WildFire subscription and would like to implement dynamic updates to download the most recent content as often as possible. What is the shortest time inte...

Which of the following fields is not available in DoS policy?

In PAN-OS 5.0, how is Wildfire enabled?

WildFire Analysis Reports are available for the following Operating Systems (select all that apply)

Which method is the most efficient for determining which administrator made a specific change to the running config?

Which two statements are true about DoS Protection Profiles and Policies? Choose 2 answers

Two firewalls are configured in an Active/Passive High Availability (HA) pair with the following election settings: Firewall 5050-B is presently in the "Active" state and 5050-A is...

In PAN-OS 5.0, how is Wildfire enabled?