Free Palo Alto Networks PCNSE6 Exam Dumps Questions & Answers

A company is in the process of upgrading their existing Palo Alto Networks firewalls from version
6.1.0 to 6.1.1.
Which three methods can the firewall administrator use to install PAN-OS 6.1.1 across the enterprise? Choose 3 answers

• A.  Push the PAN-OS 6.1.1 updates from the support site to install on each firewall.
• B.  Download PAN-OS 6.1.1 to a USB drive and the firewall will automatically update after the USB drive is inserted in the firewall.
• C.  Download and install PAN-OS 6.1.1 directly on each firewall.
• D.  Download and push PAN-OS 6.1.1 from Panorama to each firewall.
• E.  Download PAN-OS 6.1.1 files from the support site and install them on each firewall after manually uploading.
• F.  Push the PAN-OS 6.1.1 update from one firewall to all of the other remaining after updating one firewall.

What can cause missing SSL packets when performing a packet capture on data plane interfaces?

• A.  The packets are not captured because they are encrypted.
• B.  The missing packets are offloaded to the management plane CPU.
• C.  There is a hardware problem with the offloading FPGA on the management plane.
• D.  The packets are hardware offloaded to the offload processor on the data plane.

Ethernet 1/1 has been configured with the following subinterfaces:

The following security policy is applied:

The Interface Management Profile permits the following:

Your customer is trying to ping 10.10.10.1 from VLAN 800 IP 10.10.10.2/24
What will be the result of this ping?

• A.  The ping will be successful because the management profile applied to Ethernet1/1 allows ping.
• B.  The ping will not be successful because the security policy does not apply to VLAN 800.
• C.  The ping will not be successful because the virtual router is different from the other subinterfaces.
• D.  The ping will not be successful because there is no management profile attached to Ethernet1/1.799.
• E.  The ping will be successful because the security policy permits this traffic.

How is the Forward Untrust Certificate used?

• A.  It is the issuer for an external certificate which is not trusted by the firewall.
• B.  It is used when web servers request a client certificate.
• C.  It is used for Captive Portal to identify unknown users.
• D.  It issues certificates encountered on the Untrust security zone.

A network engineer experienced network reachability problems through the firewall. The routing table on the device is complex. To troubleshoot the problem the engineer ran a Command Line Interface (CLI) command to determine the egress interface for traffic destined to 98.139.183.24. The command resulted in the following output:

How should this output be interpreted?

• A.  There is no route for the IP address 98.139.183.24, and there is no default route.
• B.  There is no route for the IP address 98.139.183.24, and there is a default route for outbound traffic.
• C.  There is no interface in the firewall with the IP address 98.139.183.24.
• D.  In virtual-router vrl, there is a route in the routing table for the network 98.139.0.0/16.