Scribd Logo
Upload

Welcome to Scribd!

  • 113 views

    Examen ACE 86%

    Uploaded by

    Maria Pastor
    Examen ACE 86%

    Copyright:

    © All Rights Reserved
    Download as ODT, PDF, TXT or read online from Scribd

    Examen ACE 86%

    Uploaded by

    Maria Pastor
    113 views2 pages
    Examen ACE 86%

    Copyright

    © © All Rights Reserved

    Available Formats

    ODT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Examen ACE 86%

    Copyright:

    © All Rights Reserved
    Download as ODT, PDF, TXT or read online from Scribd
    Download as odt, pdf, or txt
    113 views2 pages

    Examen ACE 86%

    Uploaded by

    Maria Pastor
    Examen ACE 86%

    Copyright:

    © All Rights Reserved
    Download as ODT, PDF, TXT or read online from Scribd
    Download as odt, pdf, or txt
    of 2

    D

    6781
    7947
    7941
    6791
    7942
    7943
    7954
    7994
    7952
    8756
    8741
    8746
    7944
    7945
    7959
    8077

    8087

    8092

    8072
    8711
    8706
    8701
    8681
    8686
    8581
    8676
    8656
    8736
    8630
    8636
    8621
    8591

    Question
    Correct
    A "Continue" action can be configured on which of the following Security Profiles? Correct
    After the installation of a new version of PAN-OS, the firewall must be rebooted.
    Correct
    All of the interfaces on a Palo Alto Networks device must be of the same interface
    Correct
    type.
    An enterprise PKI system is required to deploy SSL Forward Proxy decryption
    Correct
    capabilities.
    An interface in tap mode can transmit packets on the wire.
    Correct
    An interface in Virtual Wire mode must be assigned an IP address.
    Correct
    As a Palo Alto Networks firewall administrator, you have made unwanted changes to
    the Candidate configuration. These changes may be undone by Device > Setup >
    Correct
    Operations > Configuration Management>....and then what operation?
    Can multiple administrator accounts be configured on a single firewall?
    Correct
    In a Palo Alto Networks firewall, every interface in use must be assigned to a zone in
    Correct
    order to process traffic.
    In order to route traffic between Layer 3 interfaces on the Palo Alto Networks
    Correct
    firewall, you need a:
    In PAN-OS 6.0 and later, which of these items may be used as match criterion in a
    Correct
    Policy-Based Forwarding Rule? (Choose 3.)
    In PAN-OS 6.0, rule numbers are:
    Correct
    Palo Alto Networks firewalls support the use of both Dynamic (built-in user roles)
    Correct
    and Role-Based (customized user roles) for Administrator Accounts.
    Security policies specify a source interface and a destination interface.
    Correct
    Select the implicit rules that are applied to traffic that fails to match any
    Correct
    administrator-defined Security Policies. (Choose all rules that are correct.)
    Taking into account only the information in the screenshot above, answer the
    following question. An administrator is pinging 4.4.4.4 and fails to receive a
    Correct
    response. What is the most likely reason for the lack of response?
    Taking into account only the information in the screenshot above, answer the
    following question. An administrator is using SSH on port 3333 and BitTorrent on
    Incorrect
    port 7777. Which statements are True?
    Taking into account only the information in the screenshot above, answer the
    following question. Which applications will be allowed on their standard ports?
    Correct
    (Select all correct answers.)
    Taking into account only the information in the screenshot above, answer the
    following question: A span port or a switch is connected to e1/4, but there are no
    Correct
    traffic logs. Which of the following conditions most likely explains this behavior?
    The "Drive-By Download" protection feature, under File Blocking profiles in
    Correct
    Content-ID, provides:
    The following can be configured as a next hop in a static route:
    Traffic going to a public IP address is being translated by a Palo Alto Networks firewall to an
    internal servers private IP address. Which IP address should the Security Policy use as the
    "Destination IP" in order to allow traffic to the server?
    What are the benefits gained when the "Enable Passive DNS Monitoring" checkbox is chosen
    on the firewall? (Select all correct answers.)
    What are two sources of information for determining whether the firewall has been successful
    in communicating with an external User-ID Agent?
    What general practice best describes how Palo Alto Networks firewall policies are applied to a
    session?
    What is the default DNS sinkhole address used by the Palo Alto Networks Firewall to cut off
    communication?
    What is the maximum file size of .EXE files uploaded from the firewall to WildFire?
    What Security Profile type must be configured to send files to the WildFire cloud, and with
    what choices for the action setting?
    When configuring a Decryption Policy Rule, which of the following are available as matching
    criteria in the rule? (Choose 3 answers.)
    When configuring a Decryption Policy rule, which option allows a firewall administrator to
    control SSHv2 tunneling in policies by specifying the SSH-tunnel App-ID?
    When configuring a Security Policy Rule based on FQDN Address Objects, which of the
    following statements is True?
    When Destination Network Address Translation is being performed, the destination in the

    Correct
    Correct
    Incorrect
    Correct
    Correct
    Correct
    Correct
    Correct
    Incorrect
    Correct
    Correct
    Correct

    8576
    8571
    8561
    8551
    8541
    8510
    8531
    8526

    8516
    8500
    8495
    8485
    8461
    8456
    8420
    8443
    7950
    8438

    corresponding Security Policy Rule should use:


    Which feature can be configured to block sessions that the firewall cannot decrypt?
    Which link is used by an Active/Passive cluster to synchronize session information?
    Which of the Dynamic Updates listed below are issued on a daily basis? (Select all correct
    answers.)
    Which of the following are methods that HA clusters use to identify network outages?
    Which of the following can provide information to a Palo Alto Networks firewall for the
    purposes of User-ID? (Select all correct answers.)
    Which of the following CANNOT use the source user as a match criterion?
    Which of the following interface types can have an IP address assigned to it?
    Which of the following is NOT a valid option for built-in CLI Admin roles?

    Correct
    Correct
    Correct
    Correct
    Incorrect
    Incorrect
    Correct
    Incorrect

    Which of the following must be enabled in order for User-ID to function?


    Correct
    Which of the following platforms supports the Decryption Port Mirror function?
    Correct
    Which of the following services are enabled on the MGT interface by default? (Select all
    Correct
    correct answers.)
    Which of the following statements is NOT True about Palo Alto Networks firewalls?
    Correct
    Which routing protocol is supported on the Palo Alto Networks platform?
    Correct
    Which statement about config locks is True?
    Correct
    Which statement below is True?
    Incorrect
    Will an exported configuration contain Management Interface settings?
    Correct
    With IKE Phase 1, each device is identified to the other by a Peer ID. In most cases, the Peer ID
    is just the public IP address of the device. In situations where the public IP address is not
    Correct
    static, the Peer ID can be a text value.
    Without a WildFire subscription, which of the following files can be submitted by the Firewall
    Correct
    to the hosted WildFire virtualized sandbox?

    You might also like