Palo Alto Networks Certified Network Security Engineer 6 (PCNSE6) Free Practice Test

Question 1

The WildFire Cloud or WF-500 appliance provide information to which two Palo Alto Networks security services? Choose 2 answers

A. URL Filtering

B. PAN-OS

C. Threat Prevention

D. GlobalProtect Data File

E. App-ID

Correct Answer: C,D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

A company has a web server behind their Palo Alto Networks firewall that they would like to make accessible to the public. They have decided to configure a destination NAT Policy rule.
Given the following zone information:
-DMZzone: DMZ-L3 -Public zone: Untrust-L3 -Web server zone: Trust-L3 -Public IP address (Untrust-L3): 1.1.1.1 -Private IP address (Trust-L3): 192.168.1.50
What should be configured as the destination zone on the Original Packet tab of the NAT Policy rule?

A. Any

B. Trust-L3

C. Untrust-L3

D. DMZ-L3

Correct Answer: C

Question 3

A security architect has been asked to implement User-ID in a MacOS environment with no enterprise email, using a Sun LDAP server for user authentication.
In this environment, which two User-ID methods are effective for mapping users to IP addresses? Choose 2 answers

A. GlobalProtect

B. Captive Portal

C. Terminal Server Agent

D. Mac OS Agent

Correct Answer: A,B

Question 4

Which Security Policy rule configuration option disables antivirus and anti-spyware scanning of server-to-client flows only?

A. Disable Server Response Inspection

B. Disable HIP Profile

C. Add server IP to Security Policy exception

D. Apply an Application Override Policy

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

What has happened when the traffic log shows an internal host attempting to open a session to a properly configured sinkhole address?

A. The internal host is trying to resolve a DNS query by connecting to a rogue DNS server.

B. A malicious domain is trying to contact an internal DNS server.

C. A rogue DNS server is now using the sinkhole address to direct traffic to a known malicious domain.

D. The internal host attempted to use DNS to resolve a known malicious domain into an IP address.

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 6

A hotel chain is using a system to centrally control a variety of items in guest rooms. The client devices in each guest room communicate to the central controller using TCP and frequently disconnect due to a premature timeouts when going through a Palo Alto Networks firewall.
Which action will address this issue without affecting all TCP traffic traversing the firewall?

A. Create an application override policy, assigning the server-to-client traffic to a custom application.

B. Create an application with a specified TCP timeout and assign traffic to it with an application override policy.

C. Create a security policy without security profiles, allowing the client-to-server traffic.

D. Create an application override policy, assigning the client-to-server traffic to a custom application.

Correct Answer: B

Welcome to TestSimulate

Palo Alto Networks Certified Network Security Engineer 6 (PCNSE6) Free Practice Test