[Free] Download New Updated (April 2016) Palo Alto Networks PCNSE6 Actual Tests 81-90

Ensurepass

QUESTION 81

Traffic going to a public IP address is being translated by your PANW firewall to your web server’s private IP. Which IP should the Security Policy use as the “Destination IP” in order to allow traffic to the server.

 

A.

The server’s public IP

B.

The firewall’s gateway IP

C.

The server’s private IP

D.

The firewall’s MGT IP

 

Correct Answer: A

 

 

QUESTION 82

What option should be configured when using User-ID

 

A.

Enable User-ID per zone

B.

Enable User-ID per interface

C.

Enable User-ID per Security Policy

D.

None of the above

 

Correct Answer: C

 

 

QUESTION 83

A Palo Alto Networks firewall is being targeted by an NTP Amplification attack and is being flooded with tens of thousands of bogus UDP connections per second to a single destination IP address and port. Which option, when enabled with the correct threshold, would mitigate this attack without dropping legitimate traffic to other hosts inside the network?

 

A.

Zone Protection Policy with UDP Flood Protection

B.

Classified DoS Protection Policy using destination IP only with a Protect action

C.

QoS Policy to throttle traffic below maximum limit

D.

Security Policy rule to deny traffic to the IP address and port that is under attack

 

Correct Answer: B

Explanation:

https://live.paloaltonetworks.com/docs/DOC-1746

 

 

QUESTION 84

The IT department has received complaints about VoIP call jitter when the sales staff is making or receiving calls. QoS is enabled on all firewall interfaces, but there is no QoS policy written in the rulebase. The IT manager wants to find out what traffic is causing the jitter in real time when a user reports the jitter. Which feature can be used to identify, in real-time, the applications taking up the mos
t bandwidth?

 

A.

Application Command Center (ACC)

B.

QoS Statistics

C.

QoS Log

D.

Applications Report

 

Correct Answer: A

Explanation:

http://www.newnet66.org/Support/Resources/Using-The-ACC.pdf

 

 

QUESTION 85

Which of the following is NOT a valid option for built-in CLI access roles?

 

A.

read/write

B.

superusers

C.

vsysadmin

D.

deviceadmin

 

Correct Answer: A

 

 

QUESTION 86

What is the default setting for ‘Action’ in a Decryption Policy’s rule?

 

A.

No-decrypt

B.

Decrypt

C.

Any

D.

None

 

Correct Answer: D

 

 

QUESTION 87

Which fields can be altered in the default Vulnerability profile?

 

A.

Severity

B.

Category

C.

CVE

D.

None

 

Correct Answer: D

 

 

QUESTION 88

The following can be configured as a next hop in a Static Route:

 

A.

A Policy-Based Forwarding Rule

B.

Virtual System

C.

A Dynamic Routing Protocol

D.

Virtual Router

 

Correct Answer: D

 

 

QUESTION 89

Which feature can be configured with an IPv6 address?

 

A.

Static Route

B.

RIPv2

C.

DHCP Server

D.

BGP

 

Correct Answer: A

Explanation:

https://live.paloaltonetworks.com/docs/DOC-5493

 

 

QUESTION 90

After pushing a security policy from Panorama to a PA-3020 firewall, the firewall administrator notices that traffic logs from the PA-3020 are not appearing in Panorama’s traffic logs. What could be the problem?

 

A.

The firewall is not licensed for logging to this Panorama device.

B.

Panorama is not licensed to receive logs from this particular firewall.

C.

None of the firewall’s policies have been assigned a Log Forwarding profile.

D.

A Server Profile has not been configured for logging to this Panorama device.

 

Correct Answer: C

 

Free VCE & PDF File for Palo Alto Networks PCNSE6 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …