Palo Alto Networks Certified Network Security Engineer 6

Question 1

Which Security Policy rule configuration option disables antivirus and anti-spyware scanning of server-to-client flows only?

A. Add server IP to Security Policy exception

B. Disable Server Response Inspection

C. Apply an Application Override Policy

D. Disable HIP Profile

Correct Answer: B

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 2

How can a Palo Alto Networks firewall be configured to send syslog messages in a format compatible with nonstandard syslog servers?

A. Check the custom-format checkbox in the syslog server profile.

B. Create a custom log format under the syslog server profile.

C. Select a non-standard syslog server profile.

D. Enable support for non-standard syslog messages under device management.

Correct Answer: B

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 3

HOTSPOT
Match the components with their role in preventing threats.
Answer options may be used more than once or not at all.

Correct Answer:

Explanation:
Panorama - Dynamically updates firewall policy with VM context for NSX
Physical Firewall - Inspects North-South traffic for threats Wildfire -Generates zero-day threat signatures VM series firewall- Inspects east-west traffic for threats

Question 4

What has happened when the traffic log shows an internal host attempting to open a session to a properly configured sinkhole address?

A. The internal host attempted to use DNS to resolve a known malicious domain into an IP address.

B. A rogue DNS server is now using the sinkhole address to direct traffic to a known malicious domain.

C. The internal host is trying to resolve a DNS query by connecting to a rogue DNS server.

D. A malicious domain is trying to contact an internal DNS server.

Correct Answer: A

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 5

HOTSPOT
Assuming that the default antivirus profile is installed, match each decoder with its default action.
Answer options may be used more than once or not at all.

Correct Answer:

Explanation:
FTP, SMB - Block HTTP - Block POP3, SMTP - Alert IMAP - Alert

Question 6

Which source address translation type will allow multiple devices to share a single translated source address while using a single NAT Policy rule?

A. Dynamic IP

B. Dynamic IP and Port

C. Bi-directional

D. Static IP

Correct Answer: B

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Palo Alto Networks Certified Network Security Engineer 6 - PCNSE6 Exam Practice Test

Latest Update

Useful Links

Contact Us