Palo Alto Networks PCNSE6 Palo Alto Networks Certified Network Security Engineer 6 Online Training
Palo Alto Networks PCNSE6 Online Training
The questions for PCNSE6 were last updated at Nov 19,2024.
- Exam Code: PCNSE6
- Exam Name: Palo Alto Networks Certified Network Security Engineer 6
- Certification Provider: Palo Alto Networks
- Latest update: Nov 19,2024
Which of the following are accurate statements describing the HA3 link in an Active-Active HA deployment?
- A . HA3 is used for session synchronization
- B . The HA3 link is used to transfer Layer 7 information
- C . HA3 is used to handle asymmetric routing
- D . HA3 is the control link
Which of the following would be a reason to use an XML API to communicate with a Palo Alto Networks firewall?
- A . So that information can be pulled from other network resources for User-ID
- B . To allow the firewall to push UserID information to a Network Access Control (NAC) device.
- C . To permit sys logging of User Identification events
When Network Address Translation has been performed on traffic, Destination Zones in Security rules should be based on:
- A . Post-NAT addresses
- B . The same zones used in the NAT rules
- C . Pre-NAT addresses
- D . None of the above
Two firewalls are configured in an Active/Passive High Availability (HA) pair with the following election settings:
Firewall 5050-B is presently in the "Active" state and 5050-A is presently in the "Passive" state. Firewall 5050B reboots causing 5050-A to become Active.
Which firewall will be in the "Active" state after firewall 5050-B has completed its reboot and is back online?
- A . Both firewalls are active (split brain)
- B . Firewall 5050-B
- C . Firewall 5050-A
- D . It could be either firewall
Which three engines are built into the Single-Pass Parallel Processing Architecture? Choose 3 answers
- A . Application Identification (App-ID)
- B . Group Identification (Group-ID)
- C . User Identification (User-ID)
- D . Threat Identification (Threat-ID)
- E . Content Identification (Content-ID)
In an Anti-Virus profile, changing the action to “Block” for IMAP or POP decoders will result in the following:
- A . The connection from the server will be reset
- B . The Anti-virus profile will behave as if “Alert” had been specified for the action
- C . The traffic will be dropped by the firewall
- D . Error 541 being sent back to the server
Subsequent to the installation of new licenses, the firewall must be rebooted
- A . True
- B . False
When setting up GlobalProtect, what is the job of the GlobalProtect Portal? Select the best answer
- A . To maintain the list of remote GlobalProtect Portals and list of categories for checking the client machine
- B . To maintain the list of GlobalProtect Gateways and list of categories for checking the client machine
- C . To load balance GlobalProtect client connections to GlobalProtect Gateways
- D . None of the above
Can multiple administrator accounts be configured on a single firewall?
- A . Yes
- B . No
Taking into account only the information in the screenshot above, answer the following question.
In order for ping traffic to traverse this device from e1/2 to e1/1, what else needs to be configured? Select all that apply.
- A . Security policy from trust zone to Internet zone that allows ping
- B . Create the appropriate routes in the default virtual router
- C . Security policy from Internet zone to trust zone that allows ping
- D . Create a Management profile that allows ping. Assign that management profile to e1/1 and e1/2
Latest PCNSE6 Dumps Valid Version with 153 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
