Palo Alto Networks PCNSE6 Palo Alto Networks Certified Network Security Engineer 6 Online Training
Palo Alto Networks PCNSE6 Online Training
The questions for PCNSE6 were last updated at Nov 20,2024.
- Exam Code: PCNSE6
- Exam Name: Palo Alto Networks Certified Network Security Engineer 6
- Certification Provider: Palo Alto Networks
- Latest update: Nov 20,2024
A company has purchased a WildFire subscription and would like to implement dynamic updates to download the most recent content as often as possible.
What is the shortest time interval the company can configure their firewall to check for WildFire updates?
- A . Every 24 hours
- B . Every 30 minutes
- C . Every 15 minutes
- D . Every 1 hour
- E . Every 5 minutes
After configuring Captive Portal in Layer 3 mode, users in the Trust Zone are not receiving the Captive Portal authentication page when they launch their web browsers.
How can this be corrected?
- A . Ensure that all users in the Trust Zone are using NTLM-capable browsers
- B . Enable "Response Pages" in the Interface Management Profile that is applied to the L3 Interface in the Trust Zone.
- C . Confirm that Captive Portal Timeout value is not set below 2 seconds
- D . Enable "Redirect " as the Mode type in the Captive Portal Settings
As the Palo Alto Networks administrator responsible for User Identification, you are looking for the simplest method of mapping network users that do not sign into LDAP.
Which information source would allow reliable User ID mapping for these users, requiring the least amount of configuration?
- A . WMI Query
- B . Exchange CAS Security Logs
- C . Captive Portal
- D . Active Directory Security Logs
When creating a Security Policy to allow Facebook in PAN-OS 5.0, how can you be sure that no other web-browsing traffic is permitted?
- A . Ensure that the Service column is defined as "application-default" for this security rule. This will automatically include the implicit web-browsing application dependency.
- B . Create a subsequent rule which blocks all other traffic
- C . When creating the rule, ensure that web-browsing is added to the same rule. Both applications will be processed by the Security policy, allowing only Facebook to be accessed. Any other applications can be permitted in subsequent rules.
- D . No other configuration is required on the part of the administrator, since implicit application dependencies will be added automaticaly.
After migrating from an ASA firewall, the VPN connection between a remote network and the Palo Alto Networks firewall is not establishing correctly. The following entry is appearing in the logs: pfs group mismatched: my:0 peer:2
Which setting should be changed on the Palo Alto Firewall to resolve this error message?
- A . Update the IPSEC Crypto profile for the Vendor IPSec Tunnel from group2 to no-pfs.
- B . Update the IKE Crypto profile for the Vendor IKE gateway from no-pfs to group2.
- C . Update the IPSEC Crypto profile for the Vendor IPSec Tunnel from no-pfs to group2.
- D . Update the IKE Crypto profile for the Vendor IKE gateway from group2 to no-pfs.
Which best describes how Palo Alto Networks firewall rules are applied to a session?
- A . last match applied
- B . first match applied
- C . all matches applied
- D . most specific match applied
It is discovered that WebandNetTrends Unlimited’s new web server software produces traffic that the Palo Alto Networks firewall sees as "unknown-tcp" traffic.
Which two configurations would identify the application while preserving the ability of the firewall to perform content and threat detection on the traffic? Choose 2 answers
- A . A custom application, with a name properly describing the new web server s purpose
- B . A custom application and an application override policy that assigns traffic going to and from the web server to the custom application
- C . An application override policy that assigns the new web server traffic to the built-in application "webbrowsing"
- D . A custom application with content and threat detection enabled, which includes a signature, identifying the new web server s traffic
Which of the following must be configured when deploying User-ID to obtain information from an 802.1x authenticator?
- A . Terminal Server Agent
- B . An Agentless deployment of User-ID, employing only the Palo Alto Networks Firewall
- C . A User-ID agent, with the "Use for NTLM Authentication" option enabled.
- D . XML API for User-ID Agent
Users can be authenticated serially to multiple authentication servers by configuring:
- A . Multiple RADIUS Servers sharing a VSA configuration
- B . Authentication Sequence
- C . Authentication Profile
- D . A custom Administrator Profile
Enabling "Highlight Unsused Rules" in the Security policy window will:
- A . Hightlight all rules that did not immmediately match traffic.
- B . Hightlight all rules that did not match traffic since the rule was created or since last reboot of the firewall
- C . Allows the administrator to troubleshoot rules when a validation error occurs at the time of commit.
- D . Allow the administrator to temporarily disable rules that do not match traffic, for testing purposes
Latest PCNSE6 Dumps Valid Version with 153 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
