[Free] Download New Updated (April 2016) Palo Alto Networks PCNSE6 Actual Tests 91-100

Ensurepass

QUESTION 91

Which mechanism is used to trigger a High Availability (HA) failover if a firewall interface goes down?

 

A.

Link Monitoring

B.

Heartbeat Polling

C.

Preemption

D.

SNMP Polling

 

Correct Answer: A

Explanation:

https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/framemaker/60/pan-os/pan-os/section_4.pdf page130

 

QUESTI
ON 92

The WildFire Cloud or WF-500 appliance provide information to which two Palo Alto Networks security services? Choose 2 answers

 

A.

Threat Prevention

B.

App-ID

C.

URL Filtering

D.

PAN-OS

E.

GlobalProtect Data File

 

Correct Answer: AE

Explanation:

https://www.paloaltonetworks.com/products/technologies/wildfire.html

 

 

QUESTION 93

Which of the following are accurate statements describing the HA3 link in an Active-Active HA deployment?

 

A.

HA3 is used for session synchronization

B.

The HA3 link is used to transfer Layer 7 information

C.

HA3 is used to handle asymmetric routing

D.

HA3 is the control link

 

Correct Answer: A

 

 

QUESTION 94

Which statement accurately reflects the functionality of using regions as objects in Security policies?

 

A.

Predefined regions are provided for countries, not but not for cities. The administrator can set up custom regions, including latitude and longitude, to specify the geographic position of that particular region.

B.

The administrator can set up custom regions, including latitude and longitude, to specify the geographic position of that particular region. These custom regions can be used in the “Source User” field of the Security Policies.

C.

Regions cannot be used in the “Source User” field of the Security Policies, unless the administrator has set up custom regions.

D.

The administrator can set up custom regions, including latitude and longitude, to specify the geographic position of that particular region. Both predefined regions and custom regions can be used in the “Source User” field.

 

Correct Answer: A

 

 

QUESTION 95

How is the Forward Untrust Certificate used?

 

A.

It issues certificates encountered on the Untrust security zone.

B.

It is used for Captive Portal to identify unknown users.

C.

It is used when web servers request a client certificate.

D.

It is the issuer for an external certificate which is not trusted by the firewall.

 

Correct Answer: D

 

 

QUESTION 96

Where in the firewall GUI can an administrator see how many sessions of web-browsing traffic have occurred in the last day?

 

A.

Monitor->Session Browser

B.

Monitor->App Scope->Summary

C.

Objects->Applications->web-browsing

D.

ACC->Application

 

Correct Answer: D

Explanation:

http://www.newnet66.org/Support/Resources/Using-The-ACC.pdf

 

 

QUESTION 97

A company has a policy that denies all applications they classify as bad and permits only applications they classify as good. The firewall administrator created the following security policy on the company s firewall:

 

clip_image002

 

Which two benefits are gained from having both rule 2 and rule 3 present? Choose 2 answers

 

A.

Different security profiles can be applied to traffic matching rules 2 and 3.

B.

Separate Log Forwarding profiles can be applied to rules 2 and 3.

C.

Rule 2 denies traffic flowing across different TCP and UDP ports than rule 3.

D.

A report can be created that identifies unclassified traffic on the network.

 

Correct Answer:
AD

 

 

QUESTION 98

Ethernet 1/1 has been configured with the following subinterfaces:

 

clip_image004

 

The following security policy is applied:

 

clip_image006

 

The Interface Management Profile permits the following:

 

clip_image008

 

Your customer is trying to ping 10.10.10.1 from VLAN 800 IP 10.10.10.2/24.

 

What will be the result of this ping?

 

A.

The ping will be successful because the management profile applied to Ethernet1/1 allows ping.

B.

The ping will not be successful because the virtual router is different from the other subinterfaces.

C.

The ping will not be successful because there is no management profile attached to Ethernet1/1.799.

D.

The ping will not be successful because the security policy does not apply to VLAN 800.

E.

The ping will be successful because the security policy permits this traffic.

 

Correct Answer: D

 

 

 

QUESTION 99

Subsequent to the installation of new licenses, the firewall must be rebooted

 

A.

True

B.

False

 

Correct Answer: B

 

 

QUESTION 100

Taking into account only the information in the screenshot above, answer the following question. In order for ping traffic to traverse this device from e1/2 to e1/1, what else needs to be configured? Select all that apply.

 

clip_image010

 

A.

Security policy from trust zone to Internet zone that allows ping

B.

Create the appropriate routes in the default virtual router

C.

Security policy from Internet zone to trust zone that allows ping

D.

Create a Management profile that allows ping. Assign that management profile to e1/1 and e1/2

 

Correct Answer: AD

 

Free VCE & PDF File for Palo Alto Networks PCNSE6 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …