Examen ACE 86%
Examen ACE 86%
Examen ACE 86%
6781
7947
7941
6791
7942
7943
7954
7994
7952
8756
8741
8746
7944
7945
7959
8077
8087
8092
8072
8711
8706
8701
8681
8686
8581
8676
8656
8736
8630
8636
8621
8591
Question
Correct
A "Continue" action can be configured on which of the following Security Profiles? Correct
After the installation of a new version of PAN-OS, the firewall must be rebooted.
Correct
All of the interfaces on a Palo Alto Networks device must be of the same interface
Correct
type.
An enterprise PKI system is required to deploy SSL Forward Proxy decryption
Correct
capabilities.
An interface in tap mode can transmit packets on the wire.
Correct
An interface in Virtual Wire mode must be assigned an IP address.
Correct
As a Palo Alto Networks firewall administrator, you have made unwanted changes to
the Candidate configuration. These changes may be undone by Device > Setup >
Correct
Operations > Configuration Management>....and then what operation?
Can multiple administrator accounts be configured on a single firewall?
Correct
In a Palo Alto Networks firewall, every interface in use must be assigned to a zone in
Correct
order to process traffic.
In order to route traffic between Layer 3 interfaces on the Palo Alto Networks
Correct
firewall, you need a:
In PAN-OS 6.0 and later, which of these items may be used as match criterion in a
Correct
Policy-Based Forwarding Rule? (Choose 3.)
In PAN-OS 6.0, rule numbers are:
Correct
Palo Alto Networks firewalls support the use of both Dynamic (built-in user roles)
Correct
and Role-Based (customized user roles) for Administrator Accounts.
Security policies specify a source interface and a destination interface.
Correct
Select the implicit rules that are applied to traffic that fails to match any
Correct
administrator-defined Security Policies. (Choose all rules that are correct.)
Taking into account only the information in the screenshot above, answer the
following question. An administrator is pinging 4.4.4.4 and fails to receive a
Correct
response. What is the most likely reason for the lack of response?
Taking into account only the information in the screenshot above, answer the
following question. An administrator is using SSH on port 3333 and BitTorrent on
Incorrect
port 7777. Which statements are True?
Taking into account only the information in the screenshot above, answer the
following question. Which applications will be allowed on their standard ports?
Correct
(Select all correct answers.)
Taking into account only the information in the screenshot above, answer the
following question: A span port or a switch is connected to e1/4, but there are no
Correct
traffic logs. Which of the following conditions most likely explains this behavior?
The "Drive-By Download" protection feature, under File Blocking profiles in
Correct
Content-ID, provides:
The following can be configured as a next hop in a static route:
Traffic going to a public IP address is being translated by a Palo Alto Networks firewall to an
internal servers private IP address. Which IP address should the Security Policy use as the
"Destination IP" in order to allow traffic to the server?
What are the benefits gained when the "Enable Passive DNS Monitoring" checkbox is chosen
on the firewall? (Select all correct answers.)
What are two sources of information for determining whether the firewall has been successful
in communicating with an external User-ID Agent?
What general practice best describes how Palo Alto Networks firewall policies are applied to a
session?
What is the default DNS sinkhole address used by the Palo Alto Networks Firewall to cut off
communication?
What is the maximum file size of .EXE files uploaded from the firewall to WildFire?
What Security Profile type must be configured to send files to the WildFire cloud, and with
what choices for the action setting?
When configuring a Decryption Policy Rule, which of the following are available as matching
criteria in the rule? (Choose 3 answers.)
When configuring a Decryption Policy rule, which option allows a firewall administrator to
control SSHv2 tunneling in policies by specifying the SSH-tunnel App-ID?
When configuring a Security Policy Rule based on FQDN Address Objects, which of the
following statements is True?
When Destination Network Address Translation is being performed, the destination in the
Correct
Correct
Incorrect
Correct
Correct
Correct
Correct
Correct
Incorrect
Correct
Correct
Correct
8576
8571
8561
8551
8541
8510
8531
8526
8516
8500
8495
8485
8461
8456
8420
8443
7950
8438
Correct
Correct
Correct
Correct
Incorrect
Incorrect
Correct
Incorrect