[Free] Download New Updated (April 2016) Palo Alto Networks PCNSE6 Actual Tests 21-30

Ensurepass

QUESTION 21

A company is in the process of upgrading their existing Palo Alto Networks firewalls from version 6.1.0 to 6.1.1. Which three methods can the firewall administrator use to install PAN-OS 6.1.1 across the enterprise? Choose 3 answers

 

A.

Push the PAN-OS 6.1.1 updates from the support site to install on each firewall.

B.

Download PAN-OS 6.1.1 files from the support site and install them on each firewall after manually uploading.

C.

Download PAN-OS 6.1.1 to a USB drive and the firewall will automatically update after the USB drive is inserted in the firewall.

D.

Push the PAN-OS 6.1.1 update from one firewall to all of the other remaining after updating one firewall.

E.

Download and push PAN-OS 6.1.1 from Panorama to each firewall.

F.

Download and install PAN-OS 6.1.1 directly on each firewall.

 

Correct Answer: BEF

Explanation:

https://live.paloaltonetworks.com/docs/DOC-1062

 

 

 

QUESTION 22

When employing the BrightCloud URL filtering database in a Palo Alto Networks firewall, the order of evaluation within a profile is:

 

A.

Block list, Custom Categories, Predefined categories, Dynamic URL filtering, Allow list, Cache files.

B.

Block list, Allow list, Custom Categories, Cache files, Local URL DB file.

C.

Block list, Custom Categories, Cache files, Predefined categories, Dynamic URL filtering, Allow list.

D.

Dynamic URL filtering, Block list, Allow list, Cache files, Custom categories, Predefined categories.

 

Correct Answer: A

 

 

QUESTION 23

When troubleshooting Phase 1 of an IPSec VPN tunnel, what location will have the most informative logs?

 

A.

Responding side, Traffic Logs

B.

Initiating side, Traffic Logs

C.

Responding side, System Logs

D.

Initiating side, System Logs

 

Correct Answer: C

 

 

QUESTION 24

Which of the following interfaces types will have a MAC address?

 

A.

Layer 3

B.

Tap

C.

Vwire

D.

Layer 2

 

Correct Answer: D

 

 

QUESTION 25

In Active/Active HA environments, redundancy for the HA3 interface can be achieved by

 

A.

Configuring a corresponding HA4 interface

B.

Configuring HA3 as an Aggregate Ethernet bundle

C.

Configuring multiple HA3 interfaces

D.

Configuring HA3 in a redundant group

 

Correct Answer: B

 

 

QUESTION 26

Enabling “Highlight Unsused Rules” in the Security policy window will:

 

A.

Hightlight all rules that did not immmediately match traffic.

B.

Hightlight all rules that did not match traffic since the rule was created or since last reboot of the firewall

C.

Allows the administrator to troubleshoot rules when a validation error occurs at the time of commit.

D.

Allow the administrator to temporarily disable rules that do not match traffic, for testing purposes

 

Correct Answer: B

 

 

QUESTION 27

What can cause missing SSL packets when performing a packet capture on data plane interfaces?

 

A.

There is a hardware problem with the offloading FPGA on the management plane.

B.

The missing packets are offloaded to the management plane CPU.

C.

The packets are hardware offloaded to the offload processor on the data plane.

D.

The packets are not captured because they are encrypted.

 

Correct Answer: C

Explanation:

https://live.paloaltonetworks.com/docs/DOC-8621

 

 

QUESTION 28

Palo Alto Networks maintains a dynamic database of malicious domains. Which two Security Platform components use this database to prevent threats? Choose 2 answers

 

A.

Brute-force signatures

B.

DNS-based command-and-control signatures

C.

PAN-DB URL Filtering

D.

BrightCloud URL Filtering

 

Correct Answer: BC

Explanation:

https://www.paloaltonetworks.com/products/features/apt-prevention.html

 

 

QUESTION 29

Where can the maximum concurrent SSL VPN Tunnels be set for Vsys2 when provisioning a Palo Alto Networks firewall for multiple virtual systems?

 

A.

In the GUI under Network->Global Protect->Gateway->Vsys2

B.

In the GUI under Device->Setup->Session->Session Settings

C.

In the GUI under Device->Virtual Systems->Vsys2->Resource

D.

In the GUI under Network->Global Protect->Portal->Vsys2

 

Correct Answer: C

Explanation:

https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/tech-briefs/virtual-systems.pdf page6

 

 

 

 

 

QUESTION 30

The “Drive-By Download” protection feature, under File Blocking profiles in Content-ID, provides:

 

A.

Password-protected access to specific file downloads, for authorized users increased speed on the downloads of the allowed file types

B.

Protection against unwanted downloads, by alerting the user with a response page indicating that file is going to be downloaded

C.

The Administrator the ability to leverage Authentication Profiles in order to protect against unwanted downloads

D.

None of the above

 

Correct Answer: C

 

Free VCE & PDF File for Palo Alto Networks PCNSE6 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …