PCNSE6 Exam Questions - Online Test
PCNSE6 Premium VCE File
150 Lectures, 20 Hours
Q1. Administrative Alarms can be enabled for which of the following except?
A. Certificate Expirations
B. Security Violation Thresholds
C. Security Policy Tags
D. Traffic Log capacity
Answer: A
Q2. A network engineer experienced network reachability problems through the firewall. The routing table on the device is complex. To troubleshoot the problem the engineer ran a Command Line Interface (CLI) command to determine the egress interface for traffic destined to 98.139.183.24. The command resulted in the following output:
How should this output be interpreted?
A. There is no route for the IP address 98.139.183.24, and there is a default route for outbound traffic.
B. There is no interface in the firewall with the IP address 98.139.183.24.
C. In virtual-router vrl, there is a route in the routing table for the network 98.139.0.0/16.
D. There is no route for the IP address 98.139.183.24, and there is no default route.
Answer: D
Q3. When an interface is in Tap mode and a policy action is set to block, the interface will send a TCP reset.
A. True
B. False
Answer: B
Q4. What option should be configured when using User-ID
A. Enable User-ID per zone
B. Enable User-ID per interface
C. Enable User-ID per Security Policy
D. None of the above
Answer: C
Q5. Which Security Policy rule configuration option disables antivirus and anti-spyware scanning of server-to-client flows only?
A. Apply an Application Override Policy
B. Disable Server Response Inspection
C. Add server IP to Security Policy exception
D. Disable HIP Profile
Answer: B
Explanation:
Reference: https://www.paloaltonetworks.com/documentation/61/pan-os/pan-os/getting-started/set-up-basic-security-policies.html
Q6. When Destination Network Address Translation is being performed, the destination in the corresponding Security Policy Rule should use:
A. The PostNAT destination zone and PostNAT IP address.
B. The PreNAT destination zone and PreNAT IP address.
C. The PreNAT destination zone and PostNAT IP address.
D. The PostNAT destination zone and PreNAT IP address.
Answer: D
Q7. When troubleshooting Phase 1 of an IPSec VPN tunnel, what location will have the most informative logs?
A. Responding side, Traffic Logs
B. Initiating side, Traffic Logs
C. Responding side, System Logs
D. Initiating side, System Logs
Answer: C
Q8. What is the name of the debug save file for IPSec VPN tunnels?
A. set vpn all up
B. test vpn ike-sa
C. request vpn IPsec-sa test
D. Ikemgr.pcap
Answer: D
Q9. Both SSL decryption and SSH decryption are disabled by default.
A. True
B. False
Answer: A
Q10. Which two interface types provide support for network address translation (NAT)? Choose 2 answers
A. HA
B. Tap
C. Layer3
D. Virtual Wire
E. Layer2
Answer: C,D
Explanation:
Reference: https://live.paloaltonetworks.com/servlet/JiveServlet/previewBody/1517-102-7-11647/Understanding_NAT-4.1-RevC.pdf
- Paloalto Networks PCNSE7 Dumps 2021
- [2021-New] Paloalto Networks PCNSE6 Dumps With Update Exam Questions (61-70)
- Paloalto Networks PCNSE7 Exam Questions and Answers 2021
- [2021-New] Paloalto Networks PCNSE6 Dumps With Update Exam Questions (1-10)
- Realistic PCNSE7 Exam Questions and Answers 2021
- [2021-New] Paloalto Networks PCNSE6 Dumps With Update Exam Questions (41-50)
- [2021-New] Paloalto Networks PCNSE6 Dumps With Update Exam Questions (11-20)
- Approved PCNSE7 Free Practice Questions 2021
- [2021-New] Paloalto Networks PCNSE6 Dumps With Update Exam Questions (51-60)
- Paloalto Networks PCNSE7 Dumps Questions 2021