[Free] Download New Updated (April 2016) Palo Alto Networks PCNSE6 Actual Tests 41-50

Ensurepass

QUESTION 41

To create a custom signature object for an Application Override Policy, which of the following fields are mandatory?

 

A.

Category

B.

Regular Expressions

C.

Ports

D.

Characteristics

 

Correct Answer: D

 

 

QUESTION 42

For non-Microsoft clients, what Captive Portal method is supported?

 

A.

NTLM Auth

B.

User Agent

C.

Local Database

D.

Web Form Captive Portal

 

Correct Answer: D

 

 

QUESTION 43

Which of the following objects cannot use User-ID as a match criteria?

 

A.

Security Policies

B.

QoS

C.

Policy Based Forwarding

D.

DoS Protection

E.

None of the above

 

Correct Answer: E

 

 

QUESTION 44

An Outbound SSL forward-proxy decryption rule cannot be created using which type of zone?

 

A.

Virtual Wire

B.

Tap

C.

L3

D.

L2

 

Correct Answer: A

 

 

QUESTION 45

A Palo Alto Networks firewall has the following interface configuration:

 

clip_image002

 

Hosts are directly connected on the following interfaces:

 

Ethernet 1/6 – Host IP 192.168.62.2

Ethernet 1/3 – Host IP 10.46.40.63

 

The security administrator is investigating why ICMP traffic between the hosts is not working.

 

She first ensures that ail traffic is allowed between zones based on the following security policy rule:

 

clip_image004

 

The routing table of the firewall shows the following output:

 

clip_image005

 

Which interface configuration change should be applied to ethernet1/6 to allow the two hosts to communicate based on this information?

 

A.

Change the Management Profile.

B.

Change the security policy to explicitly allow ICMP on this interface.

C.

Change the configured zone to DMZ.

D.

Change the Virtual Router setting to VR1.

 

Correct Answer: D

 

 

QUESTION 46

Which best describes how Palo Alto Networks firewall rules are applied to a session?

 

A.

last match applied

B.

first match applied

C.

all matches applied

D.

most specific match applied

 

Correct Answer: B

 

 

QUESTION 47

A company has a web server behind their Palo Alto Networks firewall that they would like to make accessible to the public. They have decided to configure a destination NAT Policy rule.

 

Given the following zone information:

 

clip_image007DMZzone: DMZ-L3

clip_image007[1]Public zone: Untrust-L3

clip_image007[2]Web server zone: Trust-L3

clip_image007[3]Public IP address (Untrust-L3): 1.1.1.1

clip_image007[4]Private IP address (Trust-L3): 192.168.1.50

 

What should be configured as the destination zone on the Original Packet tab of the NAT Policy rule?

 

A.

DMZ-L3

B.

Any

C.

Untrust-L3

D.

Trust-L3

 

Correct Answer: C

 

 

QUESTION 48

What built-in administrator role allows all rights except for the creation of administrative accounts and virtual systems?

 

A.

superuser

B.

vsysadmin

C.

A custom role is required for this level of access

D.

deviceadmin

 

Correct Answer: D

 

 

QUESTION 49

What will the user experience when attempting to access a blocked hacking website through a translation service such as Google Translate or Bing Translator?

 

A.

A “Blocked” page response when the URL filtering policy to block is enforced.

B.

A “Success” page response when the site is successfully translated.

C.

The browser will be redirected to the original website address.

D.

An “HTTP Error 503 Service unavailable” message.

 

Correct Answer: A

 

 

QUESTION 50

How do you limit the amount of information recorded in the URL Content Filtering Logs?

 

A.

Enable DSRI

B.

Disable URL packet captures

C.

Enable URL log caching

D.

Enable Log container page only

 

Correct Answer: D

 

Free VCE & PDF File for Palo Alto Networks PCNSE6 Real Exam

Instant Access to Free VCE Files: CompTIA |
VMware | SAP …

Instant Access to Free PDF Files: CompTIA | VMware | SAP …