[Free] Download New Updated (April 2016) Palo Alto Networks PCNSE6 Actual Tests 51-60

Ensurepass

QUESTION 51

Which of the following describes the sequence of the Global Protect agent connecting to a Gateway?

 

A.

The Agent connects to the Portal obtains a list of Gateways, and connects to the Gateway with the fastest SSL response time

B.

The agent connects to the closest Gateway and sends the HIP report to the portal

C.

The agent connects to the portal, obtains a list of gateways, and connects to the gateway with the fastest PING response time

D.

The agent connects to the portal and randomly establishes a connection to the first available gateway

 

Correct Answer: A

 

 

QUESTION 52

Company employees have been given access to the GlobalProtect Portal at https://portal.company.com:

 

clip_image002

 

Assume the following:

 

1. The firewall is configured to resolve DNS names using the internal DNS server.

2. The URL portal.company.com resolves to the external interface of the firewall on the company’s external DNS server and to the internal interface of the firewall on the company s internal DNS server.

3. The URL gatewayl.company.com resolves to the external interface of the firewall on the company’s external DNS server and to the internal interface of the firewall on the company s internal DNS server.

 

This Gateway configuration will have which two outcomes? Choose 2 answers

 

A.

Clients outside the network will be able to connect to the external gateway Gateway1.

B.

Clients inside the network will be able to connect to the internal gateway Gateway1.

C.

Clients outside the network will NOT be able to connect to the external gateway Gateway1.

D.

Clients inside the network will NOT be able to connect to the internal gateway Gateway1.

 

Correct Answer: AB

 

 

 

 

QUESTION 53

HOTSPOT

Match each type of report provided by the firewall with its description. Answer options may be used more than once or not at all.

 

clip_image004

 

Correct Answer:

 

 

clip_image006

 

 

QUESTION 54

When a Palo Alto Networks firewall is forwarding traffic through interfaces configured for L2 mode, security policies can be set to match on multicast IP addresses.

 

A.

True

B.

False

 

Correct Answer: B

 

 

 

 

QUESTION 55

Which of the following are methods HA clusters use to identify network outages?

 

A.

Path and Link Monitoring

B.

VR and VSys Monitors

C.

Heartbeat and Session Monitors

D.

Link and Session Monitors

 

Correct Answer: A

 

 

QUESTION 56

Which URL Filtering Security Profile action logs the URL Filtering category to the URL Filtering log?

 

A.

Allow

B.

Alert

C.

Log

D.

Default

 

Correct Answer: B

Explanation:

https://www.paloaltonetworks.com/documentation/61/pan-os/pan-os/url-filtering/configure-url-filtering.html

 

 

QUESTION 57

In PANOS 6.0, rule numbers are:

 

A.

Numbers that specify the order in which security policies are evaluated.

B.

Numbers created to be unique identifiers in each firewall’s policy database.

C.

Numbers on a scale of 0 to 99 that specify priorities when two or more rules are in conflict.

D.

Numbers created to make it easier for users to discuss a complicated or difficult sequence of rules.

 

Correct Answer: A

 

 

QUESTION 58

Which two statements are true about DoS Protection Profiles and Policies? Choose 2 answers

 

A.

They mitigate against SYN, UDP, ICMP, ICMPv6, and other IP Flood attacks on a zone basis, regardless of interface(s). They provide reconnaissance protection against TCP/UDP port scans and host sweeps.

B.

They mitigate against SYN, UDP, ICMP, ICMPv6, and other IP Flood attacks. They provide resource protection by limiting the number of sessions that can be used.

C.

They mitigate against volumetric attacks that leverage known vulnerabilities, brute force methods, amplification, spoofing, and other vulnerabilities.

D.

They mitigate against SYN, UDP, ICMP, ICMPv6, and other IP Flood attacks by utilizing “random early drop”.

 

Correct Answer: BD

Explanation:

https://live.paloaltonetworks.com/servlet/JiveServlet/previewBody/7158-102-3-25328/Application%20DDoS%20Mitigation.pdf page4

 

 

QUESTION 59

Two firewalls are configured in an Active/Passive High Availability (HA) pair with the following election settings:

 

clip_image008

 

Firewall 5050-B is presently in the “Active” state and 5050-A is presently in the “Passive” state. Firewall 5050-B reboots causing 5050-A to become Active.

 

Which firewall will be in the “Active” state after firewall 5050-B has completed its reboot and is back online?

 

A.

Both firewalls are active (split brain)

B.

Firewall 5050-B

C.

Firewall 5050-A

D.

It could be either firewall

 

Correct Answer: B

Explanation:

https://live.paloaltonetworks.com/docs/DOC-2926

 

 

QUESTION 60

In PAN-OS 5.0, how is Wildfire enabled?

 

A.

Via the URL-Filtering “Continue” Action

B.

Wildfire is automaticaly enabled with a valid URL-Filtering license

C.

A custom file blocking action must be enabled for all PDF and PE type files

D.

Via the “Forward” and “Continue and Forward” File-Blocking actions

 

Correct Answer: A

 

Free VCE & PDF File for Palo Alto Networks PCNSE6 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …