[Free] Download New Updated (April 2016) Palo Alto Networks PCNSE6 Actual Tests 71-80

Ensurepass

QUESTION 71

Which of the Dynamic Updates listed below are issued on a daily basis?

 

A.

Global Protect

B.

URL Filtering

C.

Antivirus

D.

Applications and Threats

 

Correct Answer: BC

 

 

QUESTION 72

When configuring a Decryption Policy, which of the following are available as matching criteria in a policy? (Choose 3)

 

A.

Source Zone

B.

Source User

C.

Service

D.

URL-Category

E.

Application

 

Correct Answer: ABD

 

 

QUESTION 73

When Destination Network Address Translation is being performed, the destination in the corresponding Security Policy Rule should use:

 

A.

The PostNAT destination zone and PostNAT IP address.

B.

The PreNAT destination zone and PreNAT IP address.

C.

The PreNAT destination zone and PostNAT IP address.

D.

The PostNAT destination zone and PreNAT IP address.

 

Correct Answer: D

 

 

QUESTION 74

When creating a Security Policy to allow Facebook in PAN-OS 5.0, how can you be sure that no other web-browsing traffic is permitted?

 

A.

Ensure that the Service column is defined as “application-default” for this security rule. This will automatically include the implicit web-browsing application dependency.

B.

Create a subsequent rule which blocks all other traffic

C.

When creating the rule, ensure that web-browsing is added to the same rule. Both applications will be processed by the Security policy, allowing only Facebook to be accessed. Any other applications can be permitted in subsequent rules.

D.

No other configuration is required on the part of the administrator, since implicit application dependencies will be added automaticaly.

 

Correct Answer: D

 

 

QUESTION 75

A network engineer experienced network reachability problems through the firewall. The routing table on the device is complex. To troubleshoot the problem the engineer ran a Command Line Interface (CLI) command to determine the egress interface for traffic destined to 98.139.183.24. The command resulted in the following output:

 

clip_image002

 

How should this output be interpreted?

A.

There is no route for the IP address 98.139.183.24, and there is a default route for outbound traffic.

B.

There is no interface in the firewall with the IP address 98.139.183.24.

C.

In virtual-router vrl, there is a route in the routing table for the network 98.139.0.0/16.

D.

There is no route for the IP address 98.139.183.24, and there is no default route.

 

Correct Answer: D

 

 

QUESTION 76

A user complains that they are no longer able to access a needed work application after you have implemented vulnerability and anti-spyware profiles. The user’s application uses a unique port. What is the most efficient way to allow the user access to this application?

 

A.

Utilize an Application Override Rule, referencing the custom port utilzed by this application. Application Override rules bypass all Layer 7 inspection, thereby allowing access to this application.

B.

In the Threat log, locate the event which is blocking access to the user’s application and create a IP-based exemption for this user.

C.

In the vulnerability and anti-spyware profiles, create an application exemption for the user’s application.

D.

Create a custom Security rule for this user to access the required application. Do not apply vulnerability and anti-spyware profiles to this rule.

 

Correct Answer: B

 

 

QUESTION 77

Which mode will allow a user to choose how they wish to connect to the GlobalProtect Network as they would like?

 

A.

Single Sign-On Mode

B.

On Demand Mode

C.

Always On Mode

D.

Optional Mode

 

Correct Answer: B

 

 

QUESTION 78

A “Continue” action can be configured on the following Security Profiles:

 

A.

URL Filtering, File Blocking, and Data Filtering

B.

URL Filteringn

C.

URL Filtering and Antivirus

D.

URL Filtering and File Blocking

 

Correct Answer: D

 

 

QUESTION 79

When creating an application filter, which of the following is true?

 

A.

They are used by malware

B.

Excessive bandwidth may be used as a filter match criteria

C.

They are called dynamic because they automatically adapt to new IP addresses

D.

They are called dynamic because they will automatically include new applications from an application signature update if the new application’s type is included in the filter

 

Correct Answer: D

 

 

QUESTION 80

Which of the following options may be enabled to reduce system overhead when using Content ID?

 

A.

STP

B.

VRRP

C.

RSTP

D.

DSRI

 

Correct Answer: D

 

Free VCE & PDF File for Palo Alto Networks PCNSE6 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …