Beruflich Dokumente
Kultur Dokumente
q172
Exam Code: ACE
Exam Name: Accredited Configuration Engineer (ACE)
Certification Provider: Palo Alto Networks
Free Question Number: 172
Version: v2018-04-10
# of views: 749
# of Questions views: 28126
https://www.freecram.com/torrent/PaloAltoNetworks.ACE.v2018-04-10.q172.html
NEW QUESTION: 1
What Security Profile type must be configured to send files to the WildFire cloud, and with
what choices for the action setting?
A. A URL Filtering profile with the possible action of "Forward".
B. A Data Filtering profile with possible actions of "Forward" or "Continue and Forward".
C. A Vulnerability Protection profile with the possible action of "Forward".
D. A File Blocking profile with possible actions of "Forward" or "Continue and Forward".
Answer: D
NEW QUESTION: 2
Which of the following facts about dynamic updates is correct?
A. Application and Threat updates are released daily. Antivirus and URL Filtering updates
are released weekly.
B. Threat and URL Filtering updates are released daily. Application and Antivirus updates
are released weekly.
C. Application and Antivirus updates are released weekly. Threat and "Threat and URL
Filtering" updates are released weekly.
D. Antivirus updates are released daily. Application and Threat updates are released
weekly.
Answer: D
NEW QUESTION: 3
Previous to PAN-OS 7.0 the firewall was able to decode up to two levels. With PAN-OS 7.0
the firewall can now decode up to how many levels?
A. Six
B. Three
C. Five
D. Four
Answer: D
NEW QUESTION: 4
Which of the following services are enabled on the MGT interface by default?
A. Telnet
B. HTTP
C. HTTPS
D. SSH
Answer: C,D
NEW QUESTION: 5
In PAN-OS 7.0 which of the available choices serves as an alert warning by defining
patterns of suspicious traffic and network anomalies that may indicate a host has been
compromised?
A. Correlation Objects
B. Custom Signatures
C. Correlation Events
D. App-ID Signatures
E. Command & Control Signatures
Answer: B
NEW QUESTION: 6
Taking into account only the information in the screenshot above, answer the following
question:
A span port or a switch is connected to e1/4, but there are no traffic logs.
Which of the following conditions most likely explains this behavior?
A. The interface is not assigned a virtual router.
B. The interface is not up.
C. There is no zone assigned to the interface.
D. The interface is not assigned an IP address.
Answer: C
NEW QUESTION: 7
In PANOS 6.0, rule numbers are:
A. Numbers on a scale of 0 to 99 that specify priorities when two or more rules are in
conflict.
B. Numbers created to be unique identifiers in each firewall's policy database.
C. Numbers that specify the order in which security policies are evaluated.
D. Numbers created to make it easier for users to discuss a complicated or difficult
sequence of rules.
Answer: C
NEW QUESTION: 8
When employing the Brightcloud URL filtering database on the Palo Alto Networks
firewalls, the order of checking within a profile is:
A. None of the above
B. Block List, Allow List, Cache Files, Custom Categories, Predefined Categories, Dynamic
URL Filtering
C. Block List, Allow List, Custom Categories, Cache Files, Predefined Categories, Dynamic
URL Filtering
D. Dynamic URL Filtering, Block List, Allow List, Cache Files, Custom Categories,
Predefined Categories
Answer: C
NEW QUESTION: 9
Select the implicit rules that are applied to traffic that fails to match any administrator-
defined Security Policies.
A. Inter-zone traffic is allowed
B. Intra-zone traffic is allowed
C. Intra-zone traffic is denied
D. Inter-zone traffic is denied
Answer: B,D
NEW QUESTION: 10
A user complains that they are no longer able to access a needed work application after
you have implemented vulnerability and anti-spyware profiles. The user's application uses
a unique port. What is the most efficient way to allow the user access to this application?
A. In the Threat log, locate the event which is blocking access to the user's application and
create a IP- based exemption for this user.
B. Utilize an Application Override Rule, referencing the custom port utilized by this
application. Application Override rules bypass all Layer 7 inspection, thereby allowing
access to this application.
C. In the vulnerability and anti-spyware profiles, create an application exemption for the
user's application.
D. Create a custom Security rule for this user to access the required application. Do not
apply vulnerability and anti-spyware profiles to this rule.
Answer: A
NEW QUESTION: 11
Which of the following statements is NOT True about Palo Alto Networks firewalls?
A. System defaults may be restored by performing a factory reset in Maintenance Mode.
B. The Admin account may not be disabled.
C. Initial configuration may be accomplished thru the MGT interface or the Console port.
D. The Admin account may be disabled.
Answer: D
NEW QUESTION: 12
What built-in administrator role allows all rights except for the creation of administrative
accounts and virtual systems?
A. deviceadmin
B. A custom role is required for this level of access
C. superuser
D. vsysadmin
Answer: A
NEW QUESTION: 13
You can assign an IP address to an interface in Virtual Wire mode.
A. True
B. False
Answer: B
NEW QUESTION: 14
Which option allows an administrator to segrate Panorama and Syslog traffic, so that the
Management Interface is not employed when sending these types of traffic?
A. On the Device tab in the Web UI, create custom server profiles for Syslog and
Panorama
B. Define a Loopback interface for the Panorama and Syslog Devices
C. Custom entries in the Virtual Router, pointing to the IP addresses of the Panorama and
Syslog devices.
D. Service Route Configuration
Answer: D
NEW QUESTION: 15
Which of the following interface types can have an IP address assigned to it?
A. Virtual Wire
B. Tap
C. Layer 3
D. Layer 2
Answer: C
NEW QUESTION: 16
Which of the following are accurate statements describing the HA3 link in an Active-Active
HA deployment?
A. HA3 is used for session synchronization
B. The HA3 link is used to transfer Layer 7 information
C. HA3 is the control link
D. HA3 is used to handle asymmetric routing
Answer: A
Valid ACE Dumps shared by PrepAwayExam.com for Helping Passing ACE Exam!
PrepAwayExam.com now offer the newest ACE exam dumps, the
PrepAwayExam.com ACE exam questions have been updated and answers have
been corrected get the newest PrepAwayExam.com ACE dumps with Test Engine
here: https://www.prepawayexam.com/Palo-Alto-
Networks/braindumps.ACE.ete.file.html (222 Q&As Dumps, 40%OFF Special
Discount: freecram)
NEW QUESTION: 17
In order to route traffic between layer 3 interfaces on the PAN firewall you need:
A. Virtual Router
B. Security Profile
C. Vwire
D. VLAN
Answer: D
NEW QUESTION: 18
Which of the following represents HTTP traffic events that can be used to identify potential
Botnets?
A. Traffic from users that browse to IP addresses instead of fully-qualified domain names,
traffic to domains that have been registered in the last 60 days, downloading executable
files from unknown URL's
B. Traffic from users that browse to IP addresses instead of fully-qualified domain names,
traffic to domains that have been registered in the last 30 days.
C. Traffic from users that browse to IP addresses instead of fully-qualified domain names,
traffic to domains that have been registered in the last 60 days, downloading executable
files from unknown URL's, IRC-based Command and Control traffic
D. Traffic from users that browse to IP addresses instead of fully-qualified domain names,
downloading W32.Welchia.Worm from a Windows share, traffic to domains that have been
registered in the last 30 days, downloading executable files from unknown URL's
Answer: B
NEW QUESTION: 19
In Active/Active HA environments, redundancy for the HA3 interface can be achieved by:
A. Configuring HA3 as an Aggregate Ethernet bundle
B. Configuring HA3 in a redundant group
C. Configuring multiple HA3 interfaces
D. Configuring a corresponding HA4 interface
Answer: A
NEW QUESTION: 20
When troubleshooting Phase 1 of an IPSec VPN tunnel, what location will have the most
informative logs?
A. Responding side, System Logs
B. Responding side, Traffic Logs
C. Initiating side, Traffic Logs
D. Initiating side, System Logs
Answer: A
NEW QUESTION: 21
After the installation of a new Application and Threat database, the firewall must be
rebooted.
A. True
B. False
Answer: B
NEW QUESTION: 22
Which statement accurately reflects the functionality of using regions as objects in Security
policies?
A. Regions cannot be used in the "Source User" field of the Security Policies, unless the
administrator has set up custom regions.
B. The administrator can set up custom regions, including latitude and longitude, to specify
the geographic position of that particular region. These custom regions can be used in the
"Source User" field of the Security Policies.
C. Predefined regions are provided for countries, not but not for cities. The administrator
can set up custom regions, including latitude and longitude, to specify the geographic
position of that particular region.
D. The administrator can set up custom regions, including latitude and longitude, to specify
the geographic position of that particular region. Both predefined regions and custom
regions can be used in the
"Source User" field.
Answer: C
NEW QUESTION: 23
What happens at the point of Threat Prevention license expiration?
A. Threat Prevention is no longer used; applicable traffic is allowed
B. Threat Prevention no longer used; traffic is allowed or blocked by configuration per
Security Rule
C. Threat Prevention no longer used; applicable traffic is blocked
D. Threat Prevention no longer updated; existing database still effective
Answer: D
NEW QUESTION: 24
Enabling "Highlight Unused Rules" in the Security policy window will:
A. Highlight all rules that did not immediately match traffic.
B. Highlight all rules that did not match traffic since the rule was created or since last
reboot of the firewall.
C. Allow the administrator to temporarily disable rules that do not match traffic, for testing
purposes.
D. Allows the administrator to troubleshoot rules when a validation error occurs at the time
of commit.
Answer: B
NEW QUESTION: 25
Which of the following interfaces types will have a MAC address?
A. Tap
B. Layer 2
C. Vwire
D. Layer 3
Answer: B
NEW QUESTION: 26
Which fields can be altered in the default Vulnerability profile?
A. Severity
B. Category
C. None
D. CVE
Answer: C
NEW QUESTION: 27
Which of the following must be configured when deploying User-ID to obtain information
from an 802.1x authenticator?
A. XML API for User-ID Agent
B. A User-ID agent, with the "Use for NTLM Authentication" option enabled.
C. An Agentless deployment of User-ID, employing only the Palo Alto Networks Firewall
D. Terminal Server Agent
Answer: A
NEW QUESTION: 28
When using remote authentication for users (LDAP, RADIUS, Active Directory, etc.), what
must be done to allow a user to authenticate through multiple methods?
A. This cannot be done. A single user can only use one authentication type.
B. This cannot be done. Although multiple authentication methods exist, a firewall must
choose a single, global authentication type and all users must use this method.
C. Create multiple authentication profiles for the same user.
D. Create an Authentication Sequence, dictating the order of authentication profiles.
Answer: D
NEW QUESTION: 29
You have decided to implement a Virtual Wire Subinterface. Which options can be used to
classify traffic?
A. Either VLAN tag or IP address, provided that each tag or ID is contained in the same
zone.
B. VLAN tag, or VLAN tag plus IP address (IP address, IP range, or subnet).
C. Subinterface ID and VLAN tag only
D. By Zone and/or IP Classifier
Answer: B
NEW QUESTION: 30
After the installation of the Threat Prevention license, the firewall must be rebooted.
A. False
B. True
Answer: A
NEW QUESTION: 31
Which one of the options describes the sequence of the GlobalProtect agent connecting to
a Gateway?
A. The agent connects to the portal, obtains a list of the Gateways, and connects to the
Gateway with the fastest SSL connect time
B. The agent connects to the portal, obtains a list of the Gateways, and connects to the
Gateway with the fastest PING response time
C. The agent connects to the closest Gateway and sends the HIP report to the portal
D. The agent connects to the portal and randomly establishes connect to the first available
Gateway
Answer: B
Valid ACE Dumps shared by PrepAwayExam.com for Helping Passing ACE Exam!
PrepAwayExam.com now offer the newest ACE exam dumps, the
PrepAwayExam.com ACE exam questions have been updated and answers have
been corrected get the newest PrepAwayExam.com ACE dumps with Test Engine
here: https://www.prepawayexam.com/Palo-Alto-
Networks/braindumps.ACE.ete.file.html (222 Q&As Dumps, 40%OFF Special
Discount: freecram)
NEW QUESTION: 32
In PAN-OS 6.0, rule numbers were introduced. Rule Numbers are:
A. Dynamic numbers that refer to a security policy's order and are especially useful when
filtering security policies by tags
B. Static numbers that must be manually re-numbered whenever a new security policy is
added
C. Numbers referring to when the security policy was created and do not have a bearing
on the order of policy enforcement
Answer: A
NEW QUESTION: 33
After the installation of a new version of PANOS, the firewall must be rebooted.
A. False
B. True
Answer: B
NEW QUESTION: 34
All of the interfaces on a Palo Alto Networks device must be of the same interface type.
A. True
B. False
Answer: B
NEW QUESTION: 35
Which of the following Global Protect features requires a separate license?
A. Use of a Portal to allow users to connect
B. Use of dynamic selection between multiple Gateways
C. Manual Gateway Selection
D. Allowing users to connect
Answer: B
NEW QUESTION: 36
Besides selecting the Heartbeat Backup option when creating an ActivePassive HA Pair,
which of the following also prevents "SplitBrain"?
A. Configuring a backup HA2 link that points to the MGT interface of the other device in the
pair.
B. Under "Packet Forwarding", selecting the VR Sync checkbox.
C. Creating a custom interface under Service Route Configuration, and assigning this
interface as the backup HA2 link.
D. Configuring an independent backup HA1 link.
Answer: A
NEW QUESTION: 37
How do you limit the amount of information recorded in the URL Content Filtering Logs?
A. Enable URL log caching
B. Enable DSRI
C. Disable URL packet captures
D. Enable Log container page only
Answer: D
NEW QUESTION: 38
When an interface is in Tap mode and a policy action is set to block, the interface will send
a TCP reset.
A. False
B. True
Answer: A
NEW QUESTION: 39
What is the size limitation of files manually uploaded to WildFire?
A. Hard-coded at 2 megabytes
B. Configurable up to 20 megabytes
C. Hard-coded at 10 megabytes
D. Configurable up to 10 megabytes
Answer: D
NEW QUESTION: 40
Which fields can be altered in the default Vulnerability Protection Profile?
A. Severity
B. Category
C. None
Answer: C
NEW QUESTION: 41
When allowing an Application in a Security policy on a PAN-OS 5.0 device, would a
dependency Application need to also be enabled if the application does not employ HTTP,
SSL, MSRPC, RPC, t.120, RTSP, RTMP, and NETBIOS-SS.
A. Yes
B. No
Answer: A
NEW QUESTION: 42
An interface in tap mode can transmit packets on the wire.
A. True
B. False
Answer: B
NEW QUESTION: 43
When configuring a Decryption Policy rule, which option allows a firewall administrator to
control SSHv2 tunneling in policies by specifying the SSHtunnel AppID?
A. SSL Reverse Proxy
B. SSL Inbound Inspection
C. SSL Forward Proxy
D. SSH Proxy
Answer: D
NEW QUESTION: 44
Which mode will allow a user to choose when they wish to connect to the Global Protect
Network?
A. Always On mode
B. Single SignOn mode
C. On Demand mode
D. Optional mode
Answer: C
NEW QUESTION: 45
When employing the BrightCloud URL filtering database in a Palo Alto Networks firewall,
the order of evaluation within a profile is:
A. Block list, Custom Categories, Cache files, Predefined categories, Dynamic URL
filtering, Allow list.
B. Block list, Allow list, Custom Categories, Cache files, Local URL DB file.
C. Dynamic URL filtering, Block list, Allow list, Cache files, Custom categories, Predefined
categories.
D. Block list, Custom Categories, Predefined categories, Dynamic URL filtering, Allow list,
Cache files.
Answer: D
NEW QUESTION: 46
Can multiple administrator accounts be configured on a single firewall?
A. Yes
B. No
Answer: A
Valid ACE Dumps shared by PrepAwayExam.com for Helping Passing ACE Exam!
PrepAwayExam.com now offer the newest ACE exam dumps, the
PrepAwayExam.com ACE exam questions have been updated and answers have
been corrected get the newest PrepAwayExam.com ACE dumps with Test Engine
here: https://www.prepawayexam.com/Palo-Alto-
Networks/braindumps.ACE.ete.file.html (222 Q&As Dumps, 40%OFF Special
Discount: freecram)
NEW QUESTION: 47
Select the implicit rules that are applied to traffic that fails to match any administrator
defined Security Policies.
A. Interzone traffic is allowed
B. Interzone traffic is denied
C. Intrazone traffic is allowed
D. Intrazone traffic is denied
Answer: B,C
NEW QUESTION: 48
Which of the Dynamic Updates listed below are issued on a daily basis?
A. Applications and Threats
B. Global Protect
C. URL Filtering
D. Antivirus
Answer: C,D
NEW QUESTION: 49
Which statement below is True?
A. PANOS uses BrightCloud for URL Filtering, replacing PANDB.
B. PANOS uses PANDB as the default URL Filtering database, but also supports
BrightCloud.
C. PANOS uses BrightCloud as its default URL Filtering database, but also supports
PANDB.
D. PANOS uses PANDB for URL Filtering, replacing BrightCloud.
Answer: B
NEW QUESTION: 50
The "Disable Server Return Inspection" option on a security profile:
A. Can only be configured in Tap Mode
B. Does not perform higher-level inspection of traffic from the side that originated the TCP
SYN packet
C. Should only be enabled on security policies allowing traffic to a trusted server.
D. Only performs inspection of traffic from the side that originated the TCP SYN-ACK
packet
Answer: C
NEW QUESTION: 51
When Network Address Translation has been performed on traffic, Destination Zones in
Security rules should be based on:
A. Pre-NAT addresses
B. None of the above
C. The same zones used in the NAT rules
D. Post-NAT addresses
Answer: D
NEW QUESTION: 52
Color-coded tags can be used on all of the items listed below EXCEPT:
A. Vulnerability Profiles
B. Address Objects
C. Zones
D. Service Groups
Answer: A
NEW QUESTION: 53
Users may be authenticated sequentially to multiple authentication servers by configuring:
A. A custom Administrator Profile.
B. An Authentication Profile.
C. An Authentication Sequence.
D. Multiple RADIUS servers sharing a VSA configuration.
Answer: C
NEW QUESTION: 54
WildFire analyzes files to determine whether or not they are malicious. When doing so,
WildFire will classify the file with an official verdict. This verdict is known as the WildFire
Analysis verdict. Choose the three correct classifications as a result of this analysis and
classification?
A. Malware detection
B. Benign
C. Adware
D. Spyware
E. Safeware
F. Grayware
Answer: A,B,F
NEW QUESTION: 55
Which of the following statements is NOT True regarding a Decryption Mirror interface?
A. Supports SSL outbound
B. Can be a member of any VSYS
C. Supports SSL inbound
D. Requires superuser privilege
Answer: B
NEW QUESTION: 56
What needs to be done prior to committing a configuration in Panorama after making a
change via the CLI or web interface on a device?
A. No additional actions required
B. Synchronize the configuration between the device and Panorama
C. Make the same change again via Panorama
D. Re-import the configuration from the device into Panorama
Answer: A
NEW QUESTION: 57
For correct routing to SSL VPN clients to occur, the following must be configured:
A. No routing needs to be configured - the PAN device automatically responds to ARP
requests for the SSL VPN client IP pool
B. Network Address Translation must be enabled for the SSL VPN client IP pool
C. A static route on the next-hop gateway of the SSL VPN client IP pool with a destination
of the Palo Alto Networks device
D. A dynamic routing protocol between the Palo Alto Networks device and the next-hop
gateway to advertise the SSL VPN client IP pool
Answer: B
NEW QUESTION: 58
UserID is enabled in the configuration of:
A. a Zone.
B. a Security Policy.
C. a Security Profile.
D. an Interface.
Answer: A
NEW QUESTION: 59
In a Destination NAT configuration, the Translated Address field may be populated with
either an IP address or an Address Object.
A. False
B. True
Answer: B
NEW QUESTION: 60
When using Config Audit, the color yellow indicates which of the following?
A. An invalid value has been used in a config file.
B. A setting has been changed between the two config files
C. A setting has been deleted from a config file.
D. A setting has been added to a config file
Answer: B
NEW QUESTION: 61
In a Palo Alto Networks firewall, every interface in use must be assigned to a zone in order
to process traffic.
A. False
B. True
Answer: B
Valid ACE Dumps shared by PrepAwayExam.com for Helping Passing ACE Exam!
PrepAwayExam.com now offer the newest ACE exam dumps, the
PrepAwayExam.com ACE exam questions have been updated and answers have
been corrected get the newest PrepAwayExam.com ACE dumps with Test Engine
here: https://www.prepawayexam.com/Palo-Alto-
Networks/braindumps.ACE.ete.file.html (222 Q&As Dumps, 40%OFF Special
Discount: freecram)
NEW QUESTION: 62
Which of the following platforms supports the Decryption Port Mirror function?
A. VMSeries 100
B. PA3000
C. PA2000
D. PA4000
Answer: B
NEW QUESTION: 63
Taking into account only the information in the screenshot above, answer the following
question. Which applications will be allowed on their standard ports?
A. SSH
B. Skype
C. BitTorrent
D. Gnutella
Answer: A,C
NEW QUESTION: 64
Configuring a pair of devices into an Active/Active HA pair provides support for:
A. Redundant Virtual Routers
B. Lower fail-over times
C. Asymmetric routing environments
D. Higher session count
Answer: A
NEW QUESTION: 65
Which of the following is NOT a valid option for builtin CLI Admin roles?
A. devicereader
B. deviceadmin
C. read/write
D. superuser
Answer: C
NEW QUESTION: 66
When a user logs in via Captive Portal, their user information can be checked against:
A. Terminal Server Agent
B. Security Logs
C. XML API
D. Radius
Answer: D
NEW QUESTION: 67
Which of the following objects cannot use User-ID as a match criteria?
A. QoS
B. None of the above
C. Security Policies
D. Policy Based Forwarding
E. DoS Protection
Answer: B
NEW QUESTION: 68
What is the correct policy to most effectively block Skype?
A. Allow Skype, block Skype-probe
B. Block Skype-probe, block Skype
C. Block Skype
D. Allow Skype-probe, block Skype
Answer: A
NEW QUESTION: 69
With IKE Phase 1, each device is identified to the other by a Peer ID. In most cases, the
Peer ID is just the public IP address of the device. In situations where the public IP
address is not static, the Peer ID can be a text value.
A. True
B. False
Answer: A
NEW QUESTION: 70
In PANOS 6.0 and later, which of these items may be used as match criterion in a
PolicyBased Forwarding Rule? (Choose three.)
A. Application
B. Destination Zone
C. Source Zone
D. Source User
Answer: A,C,D
NEW QUESTION: 71
Which of the following types of protection are available in DoS policy?
A. Session Limit, SYN Flood, UDP Flood
B. Session Limit, Port Scanning, Host Swapping, UDP Flood
C. Session Limit, SYN Flood, Port Scanning, Host Swapping
D. Session Limit, SYN Flood, Host Swapping, UDP Flood
Answer: A
NEW QUESTION: 72
Which of the following would be a reason to use an XML API to communicate with a Palo
Alto Networks firewall?
A. So that information can be pulled from other network resources for User-ID
B. To allow the firewall to push UserID information to a Network Access Control (NAC)
device.
C. To permit sys logging of User Identification events
Answer: B
NEW QUESTION: 73
An interface in Virtual Wire mode must be assigned an IP address.
A. False
B. True
Answer: A
NEW QUESTION: 74
Select the implicit rules enforced on traffic failing to match any user defined Security
Policies:
A. Intra-zone traffic is denied
B. Intra-zone traffic is allowed
C. Inter-zone traffic is allowed
D. Inter-zone traffic is denied
Answer: B,D
NEW QUESTION: 75
Which of the following CANNOT use the source user as a match criterion?
A. Secuirty Policies
B. DoS Protection
C. Policy Based Forwarding
D. Antivirus Profile
E. QoS
Answer: D
NEW QUESTION: 76
When creating an application filter, which of the following is true?
A. They are called dynamic because they will automatically include new applications from
an application signature update if the new application's type is included in the filter
B. They are called dynamic because they automatically adapt to new IP addresses
C. They are used by malware
D. Excessive bandwidth may be used as a filter match criteria
Answer: A
Valid ACE Dumps shared by PrepAwayExam.com for Helping Passing ACE Exam!
PrepAwayExam.com now offer the newest ACE exam dumps, the
PrepAwayExam.com ACE exam questions have been updated and answers have
been corrected get the newest PrepAwayExam.com ACE dumps with Test Engine
here: https://www.prepawayexam.com/Palo-Alto-
Networks/braindumps.ACE.ete.file.html (222 Q&As Dumps, 40%OFF Special
Discount: freecram)
NEW QUESTION: 77
Which of the following is a routing protocol supported in a Palo Alto Networks firewall?
A. RIPv2
B. ISIS
C. EIGRP
D. IGRP
Answer: A
NEW QUESTION: 78
A "Continue" action can be configured on the following Security Profiles:
A. URL Filtering and Antivirus
B. URL Filtering
C. URL Filtering, File Blocking, and Data Filtering
D. URL Filtering and File Blocking
Answer: D
NEW QUESTION: 79
In PAN-OS 5.0, which of the following features is supported with regards to IPv6?
A. None of the above
B. NAT64
C. IPSec VPN tunnels
D. OSPF
Answer: B
NEW QUESTION: 80
Which of the Dynamic Updates listed below are issued on a daily basis?
A. Antivirus
B. Applications
C. BrightCloud URL Filtering
D. Applications and Threats
Answer: A,C
NEW QUESTION: 81
Wildfire may be used for identifying which of the following types of traffic?
A. URL content
B. Viruses
C. DNS
D. DHCP
Answer: B
NEW QUESTION: 82
An Outbound SSL forward-proxy decryption rule cannot be created using which type of
zone?
A. L3
B. Tap
C. L2
D. Virtual Wire
Answer: D
NEW QUESTION: 83
Which feature can be configured to block sessions that the firewall cannot decrypt?
A. Decryption Profile in PBF
B. Decryption Profile in Security Policy
C. Decryption Profile in Security Profile
D. Decryption Profile in Decryption Policy
Answer: D
NEW QUESTION: 84
What are the benefits gained when the "Enable Passive DNS Monitoring" checkbox is
chosen on the firewall?
A. Improved BrightCloud malware detection.
B. Improved malware detection in WildFire.
C. Improved PANDB malware detection.
D. Improved DNS-based C&C signatures.
Answer: B,C,D
NEW QUESTION: 85
A Config Lock may be removed by which of the following users?
A. Any administrator
B. Device administrators
C. Superusers
D. The administrator who set it
Answer: C,D
NEW QUESTION: 86
Which link is used by an Active-Passive cluster to synchronize session information?
A. The Management Link
B. The Control Link
C. The Data Link
D. The Uplink
Answer: C
NEW QUESTION: 87
Taking into account only the information in the screenshot above, answer the following
question. In order for ping traffic to traverse this device from e1/2 to e1/1, what else needs
to be configured?
A. Security policy from trust zone to Internet zone that allows ping
B. Security policy from Internet zone to trust zone that allows ping
C. Create a Management profile that allows ping. Assign that management profile to e1/1
and e1/2
D. Create the appropriate routes in the default virtual router
Answer: A,C
NEW QUESTION: 88
With PAN-OS 5.0, how can a common NTP value be pushed to a cluster of firewalls?
A. Via a Panorama Device Group
B. Via a Device Group object in Panorama
C. Via a shared object in Panorama
D. Via a Panorama Template
Answer: C
NEW QUESTION: 89
Which type of license is required to perform Decryption Port Mirroring?
A. A subscriptionbased
B. A free PANPADecrypt license
C. A Client Decryption license
D. A subscriptionbased PANPADecrypt license
E. SSL Port license
Answer: B
NEW QUESTION: 90
Using the API in PAN-OS 6.1, WildFire subscribers can upload up to how many samples
per day?
A. 1000
B. 50
C. 10
D. 500
Answer: A
NEW QUESTION: 91
Which of the following must be enabled in order for UserID to function?
A. Captive Portal must be enabled.
B. UserID must be enabled for the source zone of the traffic that is to be identified.
C. Security Policies must have the UserID option enabled.
D. Captive Portal Policies must be enabled.
Answer: B
Valid ACE Dumps shared by PrepAwayExam.com for Helping Passing ACE Exam!
PrepAwayExam.com now offer the newest ACE exam dumps, the
PrepAwayExam.com ACE exam questions have been updated and answers have
been corrected get the newest PrepAwayExam.com ACE dumps with Test Engine
here: https://www.prepawayexam.com/Palo-Alto-
Networks/braindumps.ACE.ete.file.html (222 Q&As Dumps, 40%OFF Special
Discount: freecram)
NEW QUESTION: 92
When configuring the firewall for UserID, what is the maximum number of Domain
Controllers that can be configured?
A. 10
B. 100
C. 150
D. 50
Answer: B
NEW QUESTION: 93
In an Anti-Virus profile, changing the action to "Block" for IMAP or POP decoders will result
in the following:
A. The Anti-virus profile will behave as if "Alert" had been specified for the action
B. The traffic will be dropped by the firewall
C. The connection from the server will be reset
D. Error 541 being sent back to the server
Answer: A
NEW QUESTION: 94
What is the function of the GlobalProtect Portal?
A. To loadbalance
B. GlobalProtect client connections to GlobalProtect Gateways.
C. To provide redundancy for tunneled connections through the GlobalProtect Gateways.
D. To maintain the list of Global Protect Gateways and specify HIP data that the agent
should report.
E. To maintain the list of remote GlobalProtect Portals and the list of categories for
checking the client machine.
Answer: E
NEW QUESTION: 95
When creating a Security Policy to allow Facebook in PAN-OS 5.0, how can you be sure
that no other web-browsing traffic is permitted?
A. No other configuration is required on the part of the administrator, since implicit
application dependencies will be added automatically.
B. Ensure that the Service column is defined as "application-default" for this security rule.
This will automatically include the implicit web-browsing application dependency.
C. When creating the rule, ensure that web-browsing is added to the same rule. Both
applications will be processed by the Security policy, allowing only Facebook to be
accessed. Any other applications can be permitted in subsequent rules.
D. Create a subsequent rule which blocks all other traffic
Answer: A
NEW QUESTION: 96
A "Continue" action can be configured on which of the following Security Profiles?
A. URL Filtering and File Blocking
B. URL Filtering and Anti-virus
C. URL Filtering only
D. URL Filtering, File Blocking, and Data Filtering
Answer: A
NEW QUESTION: 97
Will an exported configuration contain Management Interface settings?
A. Yes
B. No
Answer: A
NEW QUESTION: 98
As the Palo Alto Networks Administrator responsible for UserID, you need to enable
mapping of network users that do not sign in using LDAP. Which information source would
allow for reliable UserID mapping while requiring the least effort to configure?
A. Captive Portal
B. Exchange CAS Security logs
C. Active Directory Security Logs
D. WMI Query
Answer: C
NEW QUESTION: 99
The following can be configured as a next hop in a Static Route:
A. Virtual System
B. A Policy-Based Forwarding Rule
C. Virtual Router
D. A Dynamic Routing Protocol
Answer: C
Valid ACE Dumps shared by PrepAwayExam.com for Helping Passing ACE Exam!
PrepAwayExam.com now offer the newest ACE exam dumps, the
PrepAwayExam.com ACE exam questions have been updated and answers have
been corrected get the newest PrepAwayExam.com ACE dumps with Test Engine
here: https://www.prepawayexam.com/Palo-Alto-
Networks/braindumps.ACE.ete.file.html (222 Q&As Dumps, 40%OFF Special
Discount: freecram)
Valid ACE Dumps shared by PrepAwayExam.com for Helping Passing ACE Exam!
PrepAwayExam.com now offer the newest ACE exam dumps, the
PrepAwayExam.com ACE exam questions have been updated and answers have
been corrected get the newest PrepAwayExam.com ACE dumps with Test Engine
here: https://www.prepawayexam.com/Palo-Alto-
Networks/braindumps.ACE.ete.file.html (222 Q&As Dumps, 40%OFF Special
Discount: freecram)
Taking into account only the information in the screenshot above, answer the following
question. An administrator is using SSH on port 3333 and BitTorrent on port 7777. Which
statements are true?
A. The SSH traffic will be allowed.
B. The SSH traffic will be denied.
C. The BitTorrent traffic will be allowed.
D. The BitTorrent traffic will be denied.
Answer: A,D
Valid ACE Dumps shared by PrepAwayExam.com for Helping Passing ACE Exam!
PrepAwayExam.com now offer the newest ACE exam dumps, the
PrepAwayExam.com ACE exam questions have been updated and answers have
been corrected get the newest PrepAwayExam.com ACE dumps with Test Engine
here: https://www.prepawayexam.com/Palo-Alto-
Networks/braindumps.ACE.ete.file.html (222 Q&As Dumps, 40%OFF Special
Discount: freecram)
Valid ACE Dumps shared by PrepAwayExam.com for Helping Passing ACE Exam!
PrepAwayExam.com now offer the newest ACE exam dumps, the
PrepAwayExam.com ACE exam questions have been updated and answers have
been corrected get the newest PrepAwayExam.com ACE dumps with Test Engine
here: https://www.prepawayexam.com/Palo-Alto-
Networks/braindumps.ACE.ete.file.html (222 Q&As Dumps, 40%OFF Special
Discount: freecram)
Valid ACE Dumps shared by PrepAwayExam.com for Helping Passing ACE Exam!
PrepAwayExam.com now offer the newest ACE exam dumps, the
PrepAwayExam.com ACE exam questions have been updated and answers have
been corrected get the newest PrepAwayExam.com ACE dumps with Test Engine
here: https://www.prepawayexam.com/Palo-Alto-
Networks/braindumps.ACE.ete.file.html (222 Q&As Dumps, 40%OFF Special
Discount: freecram)
Valid ACE Dumps shared by PrepAwayExam.com for Helping Passing ACE Exam!
PrepAwayExam.com now offer the newest ACE exam dumps, the
PrepAwayExam.com ACE exam questions have been updated and answers have
been corrected get the newest PrepAwayExam.com ACE dumps with Test Engine
here: https://www.prepawayexam.com/Palo-Alto-
Networks/braindumps.ACE.ete.file.html (222 Q&As Dumps, 40%OFF Special
Discount: freecram)