Palo Alto Networks PCNSE6 Palo Alto Networks Certified Network Security Engineer 6 Online Training
Palo Alto Networks PCNSE6 Online Training
The questions for PCNSE6 were last updated at Nov 20,2024.
- Exam Code: PCNSE6
- Exam Name: Palo Alto Networks Certified Network Security Engineer 6
- Certification Provider: Palo Alto Networks
- Latest update: Nov 20,2024
Which of the following must be enabled in order for UserID to function?
- A . Captive Portal Policies must be enabled.
- B . UserID must be enabled for the source zone of the traffic that is to be identified.
- C . Captive Portal must be enabled.
- D . Security Policies must have the UserID option enabled.
What new functionality is provided in PAN-OS 5.0 by Palo Alto Networks URL Filtering Database (PAN-DB)?
- A . The "Log Container Page Only" option can be employed in a URL-Filtering policy to reduce the number of logging events.
- B . URL-Filtering can now be employed as a match condition in Security policy
- C . IP-Based Threat Exceptions can now be driven by custom URL categories
- D . Daily database downloads for updates are no longer required as devices stay in-sync with the cloud.
How can a Palo Alto Networks firewall be configured to send syslog messages in a format compatible with nonstandard syslog servers?
- A . Enable support for non-standard syslog messages under device management.
- B . Select a non-standard syslog server profile.
- C . Create a custom log format under the syslog server profile.
- D . Check the custom-format checkbox in the syslog server profile.
What are the three Security Policy rule Type classifications supported in PAN-OS 6.1?
- A . Security, NAT, Policy-Based Forwarding
- B . Intrazone, Interzone, Global
- C . Intrazone, Interzone, Universal
- D . Application, User, Content
After pushing a security policy from Panorama to a PA-3020 firewall, the firewall administrator notices that traffic logs from the PA-3020 are not appearing in Panorama’s traffic logs.
What could be the problem?
- A . The firewall is not licensed for logging to this Panorama device.
- B . Panorama is not licensed to receive logs from this particular firewall.
- C . None of the firewall’s policies have been assigned a Log Forwarding profile.
- D . A Server Profile has not been configured for logging to this Panorama device.
WildFire Analysis Reports are available for the following Operating Systems (select all that apply)
- A . Windows XP
- B . Windows 7
- C . Windows 8
- D . Mac OS-X
A Palo Alto Networks firewall is being targeted by an NTP Amplification attack and is being flooded with tens of thousands of bogus UDP connections per second to a single destination IP address and port.
Which option, when enabled with the correct threshold, would mitigate this attack without dropping legitimate traffic to other hosts inside the network?
- A . Zone Protection Policy with UDP Flood Protection
- B . Classified DoS Protection Policy using destination IP only with a Protect action
- C . QoS Policy to throttle traffic below maximum limit
- D . Security Policy rule to deny traffic to the IP address and port that is under attack
A Palo Alto Networks firewall is being targeted by an NTP Amplification attack and is being flooded with tens of thousands of bogus UDP connections per second to a single destination IP address and port.
Which option, when enabled with the correct threshold, would mitigate this attack without dropping legitimate traffic to other hosts inside the network?
- A . Zone Protection Policy with UDP Flood Protection
- B . Classified DoS Protection Policy using destination IP only with a Protect action
- C . QoS Policy to throttle traffic below maximum limit
- D . Security Policy rule to deny traffic to the IP address and port that is under attack
A Palo Alto Networks firewall is being targeted by an NTP Amplification attack and is being flooded with tens of thousands of bogus UDP connections per second to a single destination IP address and port.
Which option, when enabled with the correct threshold, would mitigate this attack without dropping legitimate traffic to other hosts inside the network?
- A . Zone Protection Policy with UDP Flood Protection
- B . Classified DoS Protection Policy using destination IP only with a Protect action
- C . QoS Policy to throttle traffic below maximum limit
- D . Security Policy rule to deny traffic to the IP address and port that is under attack
A Palo Alto Networks firewall is being targeted by an NTP Amplification attack and is being flooded with tens of thousands of bogus UDP connections per second to a single destination IP address and port.
Which option, when enabled with the correct threshold, would mitigate this attack without dropping legitimate traffic to other hosts inside the network?
- A . Zone Protection Policy with UDP Flood Protection
- B . Classified DoS Protection Policy using destination IP only with a Protect action
- C . QoS Policy to throttle traffic below maximum limit
- D . Security Policy rule to deny traffic to the IP address and port that is under attack
Latest PCNSE6 Dumps Valid Version with 153 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
