http://https://www.lead1pass.com/Fortinet/NSE6-practice-exam-dumps.html (60 Q&As Dumps, 30%OFF Special Discount: 30free )

NEW QUESTION NO: 15
Which Public Key Infrastructure component is used to authenticate users for GlobalProtect when the Connect Method is set to "pre-logon"?
A. Certificate Revocation List
B. Trusted root certificate
C. Machine certificate
D. Online Certificate Status Protocol
Answer: C
Explanation/Reference:
Reference: https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/ framemaker/60/globalprotect/Global_Protect_6.0.pdf page 12.

NEW QUESTION NO: 16
A network engineer experienced network reachability problems through the firewall. The routing table on the device is complex. To troubleshoot the problem the engineer ran a Command Line Interface (CLI) command to determine the egress interface for traffic destined to 98.139.183.24. The command resulted in the following output:

How should this output be interpreted?
A. There is no route for the IP address 98.139.183.24, and there is no default route.
B. In virtual-router vrl, there is a route in the routing table for the network 98.139.0.0/16.
C. There is no route for the IP address 98.139.183.24, and there is a default route for outbound traffic.
D. There is no interface in the firewall with the IP address 98.139.183.24.
Answer: A

NEW QUESTION NO: 17
Which two interface types provide support for network address translation (NAT)? Choose 2 answers
A. HA
B. Tap
C. Layer3
D. Virtual Wire
E. Layer2
Answer: C,D
Explanation/Reference:
Reference: https://live.paloaltonetworks.com/servlet/JiveServlet/previewBody/1517-102-7-11647/ Understanding_NAT-4.1-RevC.pdf

NEW QUESTION NO: 18
A company wants to run their pair of PA-200 firewalls in a High Availability Active/Passive configuration and will be using HA-Lite.
Which capability can be used in this situation?
A. Configuration Sync
B. Link Aggregation
C. Session Sync
D. Jumbo Frames
Answer: A
Explanation/Reference:
Reference: https://live.paloaltonetworks.com/docs/DOC-3091

NEW QUESTION NO: 19
The WildFire Cloud or WF-500 appliance provide information to which two Palo Alto Networks security services? Choose 2 answers
A. Threat Prevention
B. App-ID
C. URL Filtering
D. PAN-OS
E. GlobalProtect Data File
Answer: A,E
Explanation/Reference:
Reference: https://www.paloaltonetworks.com/products/technologies/wildfire.html

NEW QUESTION NO: 20
A company has purchased a WildFire subscription and would like to implement dynamic updates to download the most recent content as often as possible.
What is the shortest time interval the company can configure their firewall to check for WildFire updates?
A. Every 24 hours
B. Every 30 minutes
C. Every 15 minutes
D. Every 1 hour
E. Every 5 minutes
Answer: C
Explanation/Reference:
Reference: https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/ framemaker/60/wildfire/WF_Admin/section_1.pdf page 11

NEW QUESTION NO: 21
A Palo Alto Networks firewall has the following interface configuration;

Hosts are directly connected on the following interfaces:
Ethernet 1/6 - Host IP 192.168.62.2
Ethernet 1/3 - Host IP 10.46.40.63
The security administrator is investigating why ICMP traffic between the hosts is not working.
She first ensures that ail traffic is allowed between zones based on the following security policy rule:

The routing table of the firewall shows the following output:

Which interface configuration change should be applied to ethernet1/6 to allow the two hosts to communicate based on this information?
A. Change the security policy to explicitly allow ICMP on this interface.
B. Change the Virtual Router setting to VR1.
C. Change the Management Profile.
D. Change the configured zone to DMZ.
Answer: B

NEW QUESTION NO: 22
Palo Alto Networks maintains a dynamic database of malicious domains. Which two Security Platform components use this database to prevent threats? Choose 2 answers
A. Brute-force signatures
B. DNS-based command-and-control signatures
C. PAN-DB URL Filtering
D. BrightCloud URL Filtering
Answer: B,C
Explanation/Reference:
Reference: https://www.paloaltonetworks.com/products/features/apt-prevention.html

NEW QUESTION NO: 23
Which two steps are required to make Microsoft Active Directory users appear in the firewall's traffic log?
Choose 2 answers
A. Enable User-ID on the zone object for the source zone.
B. Run the User-ID Agent using an Active Directory account that has "event log viewer" permissions.
C. Configure a RADIUS server profile to point to a domain controller.
D. Enable User-ID on the zone object for the destination zone.
E. Run the User-ID Agent using an Active Directory account that has "domain administrator" permissions.
Answer: A,B

NEW QUESTION NO: 24
What are the three Security Policy rule Type classifications supported in PAN-OS 6.1?
A. Security, NAT, Policy-Based Forwarding
B. Intrazone, Interzone, Global
C. Intrazone, Interzone, Universal
D. Application, User, Content
Answer: C
Explanation/Reference:
Reference: https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/ framemaker/61/pan-os/NewFeaturesGuide.pdf page 18-19

NEW QUESTION NO: 25
HOTSPOT
Within a Zone Protection Profile, under the Reconnaissance Protection tab, there are several possible values for Action:

Match each Reconnaissance Protection Action to its description.
Answer options may be used more than once or not at all.

Hot Area:

Answer: 

Explanation/Reference:
Allow: Permits the port scan attempts.
Alert: Generates an alert for each scan that matches the threshold within the specified time interval.
Block: Drops all traffic from the source to the destination.
Block IP: Drops all traffic for a specific period of time (in seconds). There are two options:
* Source: Blocks traffic from the source
* Source-and-Destination: Blocks traffic for the source-destination pair
https://live.paloaltonetworks.com/servlet/JiveServlet/previewBody/5078-102-5-14892/ Understanding_DoS_Protection.pdf