PA ACE-8 1 - Passed80percent
Short Description
Passed with 36 correct....
Description
Realize Your Potential: paloaltonetworks
Page 1 of 12
Test - Accredited Configuration Engineer (ACE) Exam - PAN-OS 8.1 Version
ACE 8.1
uestion 1 of !". A Securit# $o%ic# ru%e dis$%a#ed in ita%ic font indicates &'ic' condition The rule is a clone. The rule is disabled. The rule is active. The rule has been overridden.
Mark for follow up
uestion of !". A Ser*er Profi%e ena+%es a fire&a%% to %ocate &'ic' ser*er t#$e a server with firewall threat updates a server with firewall software updates a server with remote user accounts a server with an available VPN connection
Mark for follow up
uestion , of !". An nterface anagement Profi%e can +e at tac'ed to &'ic' t&o interface t#$es (C'oose t&o.) Layer 2 Virtual Wire Layer
Tap Loopback
Mark for follow up
uestion ! of !". A$$%ication +%oc/ $ages can +e ena+%ed for &'ic' a$$%ications web!based
Realize Your Potential: paloaltonetworks
Page 2 of 12
non!T"P#$P any M%T port!based
Mark for follow up
uestion " of !". 0ecause a fire&a%% examines e*er# $ac/et in a session a fire&a%% can detect a$$%ication 22222222 &roups filters errors shifts
Mark for follow up
uestion 3 of !". 4inding 567s matc'ed to t'e not-reso%*ed 567 categor# in t'e 567 4i%tering %og fi%e mig't indicate t'at #ou s'ou%d ta/e &'ic' action Validate connectivity to the P'N!() cloud. *e!download the +*L seed database. Validate your ,ecurity policy rules. *eboot the firewall.
Mark for follow up
uestion of !". 4or &'ic' fire&a%% feature s'ou%d #ou create for&ard trust and for&ard untrust certificates ,,L client!side certificate checkin& ,,L $nbound $nspection decryption ,,L forward pro-y decryption ,, decryption
Mark for follow up
uestion 8 of !".
Realize Your Potential: paloaltonetworks
Page ( of 12
f t'ere is an 9A configuration mismatc' +et&een fire&a%%s during $eer negotiation &'ic' state &i%% t'e $assi*e fire&a%% enter N/N!0+N"T$/N'L P',,$V1 '"T$V1 $N$T$'L
Mark for follow up
uestion : of !". n an 9A configuration &'ic' t'ree com$onents are s#nc'roni;ed +et&een t'e $air of fire&a%%s (C'oose t'ree.) networks policies obects
lo&s
Mark for follow up
uestion 1< of !". n an 9A configuration &'ic' t'ree functions are associated &it' t'e 9A1 Contro% 7in/ (C'oose t'ree.) synchroni3in& confi&uration
synchroni3in& sessions e-chan&in& heartbeats e-chan&in& hellos
Mark for follow up
uestion 11 of !". n an 9A configuration &'ic' t&o fai%ure detection met'ods re%# on CP $ing (C'oose t&o.) hellos heartbeats
link &roups path &roups
Mark for follow up
uestion 1 of !".
Realize Your Potential: paloaltonetworks
Page ' of 12
On a fire&a%% t'at 'as , Et'ernet $orts and is configured &it' a d#namic P and $ort (=PP) NAT o*ersu+scri$tion rate of x &'at is t'e maximum num+er of concurrent sessions su$$orted +# eac' a*ai%a+%e P address 2 45 456 7286
Mark for follow up
uestion 1, of !". >'ic' t&o user ma$$ing met'ods are su$$orted +# t'e 5ser-= integrated agent (C'oose t&o.) WM$ probin& "lient Probin&
L('P 0ilters Net)$/, Probin&
Mark for follow up
uestion 1! of !". SS7 n+ound ns$ection re?uires t'at t'e fire&a%% +e configured &it' &'ic' t&o com$onents (C'oose t&o.) client9s client9s public key server9s private key
client9s di&ital certificate server9s di&ital certificate
Mark for follow up
uestion 1" of !". T'e fire&a%% acts as a $rox# for &'ic' t&o t#$es of traffic ( C'oose t&o.) ,,
Non!,,L ,,L outbound ,,L $nbound $nspection
Mark for follow up
uestion 13 of !". T'e T'reat %og records e*ents from &'ic' t'ree Securit# Profi%es (C'oose t'ree.)
Realize Your Potential: paloaltonetworks
Page 5 of 12
'ntivirus Vulnerability Protection +*L 0ilterin&
Wild0ire 'nalysis 0ile )lockin& 'nti!,pyware
Mark for follow up
uestion 1 of !". T'e >i%d4ire Porta% &e+site su$$orts &'ic' t'ree o$erations (C'oose t'ree.) re:uest firewall Wild0ire licenses view Wild0ire verdicts upload files to Wild0ire for analysis report incorrect verdicts
Mark for follow up
uestion 18 of !". >'at are t&o +enefits of attac'ing a =ecr#$tion Profi%e to a =ecr#$tion $o%ic# no-decr#$t ru%e (C'oose t&o.) acceptable protocol checkin& e-pired certificate checkin& untrusted certificate checkin&
+*L cate&ory match checkin&
Mark for follow up
uestion 1: of !". >'at is a c'aracteristic of =#namic Admin 6o%es *ole privile&es can be dynamically updated by a firewall administrator. They can be dynamically modified by e-ternal authori3ation systems. *ole privile&es can be dynamically updated with newer software releases. They can be dynamically created or deleted by a firewall administrator.
Mark for follow up
uestion < of !".
Realize Your Potential: paloaltonetworks
Page , of 12
>'at is a use case for de$%o#ing Pa%o A%to Net&or/s N@4> in t'e $u+%ic c%oud faster Wild0ire analysis response time e-tendin& the corporate data center into the public cloud centrali3in& your data stora&e on premise cost savin&s throu&h one!time purchase of Palo 'lto Networks hardware and subscriptions
Mark for follow up
uestion 1 of !". >'at is t'e resu%t of $erforming a fire&a%% Commit o$eration The loaded confi&uration becomes the candidate confi&uration. The saved confi&uration becomes the loaded confi&uration. The candidate confi&uration becomes the runnin& confi&uration. The candidate confi&uration becomes the saved confi&uration.
Mark for follow up
uestion of !". >'ere does a @%o+a%Protect c%ient connect to first &'en tr#ing to connect to t'e net&or/ '( a&ent %lobalProtect Portal +ser!$( a&ent %lobalProtect %ateway
Mark for follow up
uestion , of !". >'ic' action in a 4i%e 0%oc/ing Securit# Profi%e resu%ts in t'e user +eing $rom$ted to *erif# a fi%e transfer )lock 'lert "ontinue 'llow
Mark for follow up
uestion ! of !".
Realize Your Potential: paloaltonetworks
>'ic' condition must exist +efore a fire&a%%s in-+and interface can $rocess traffic The firewall must be assi&ned to a security 3one. The firewall must not be a loopback interface. The firewall must be enabled. The firewall must be assi&ned an $P address.
Mark for follow up
uestion " of !". >'ic' feature is a d#namic grou$ing of a$$%ications used in Securit# $o%ic# ru%es dependent applications implicit applications application filter application &roup
Mark for follow up
uestion 3 of !". >'ic' interface t#$e does NOT re?uire an# configuration c'anges to adBacent net&or/ de*ices Virtual Wire Layer Tap Layer 2
Mark for follow up
uestion of !". >'ic' interface t#$e is NOT assigned to a securit# ;one Virtual Wire Layer ' VL'N
Mark for follow up
Page ) of 12
Realize Your Potential: paloaltonetworks
uestion 8 of !". >'ic' statement descri+es a function $ro*ided +# a n nterface anagement Profi%e $t determines which firewall services are accessible from e-ternal devices. $t determines the Net0low and LL(P interface mana&ement settin&s. $t determines which administrators can mana&e which interfaces. $t determines which e-ternal services are accessible by the firewall.
Mark for follow up
uestion : of !". >'ic' statement descri+es t'e Ex$ort named configuration sna$s'ot o$eration The candidate confi&uration is transferred from memory to the firewall9s firewall9s stora&e device. The runnin& confi&uration is transferred from memory to the firewall9s firewall9s stora&e device. ' saved confi&uration confi&uration is transferred to to an e-ternal hosts hosts stora&e device. ' copy of the confi&uration is uploaded uploaded to the cloud as a backup.
Mark for follow up
uestion ,< of !". >'ic' statement is true a+out a 567 4i%tering Profi%e continue $ass&ord There is a password per website. There is a password per session. There is a password per firewall administrator account. There is a sin≤ per! firewall password.
Mark for follow up
uestion ,1 of !". >'ic' t'ree are *a%id configuration o$tions in a >i%d4ire Ana%#sis Profi%e (C'oose t'ree.) file types direction
ma-imum file si3e application
Mark for follow up
Page 8 of 12
Realize Your Potential: paloaltonetworks
Page - of 12
uestion , of !". >'ic' t'ree com$onents can +e sent to >i%d4ire for ana%#sis (C'oose t'ree.) M%T interface traffic email attachments files traversin& the firewall +*L links found in email
Mark for follow up
uestion ,, of !". >'ic' t'ree interface t#$es can contro% or s'a$e net&or/ traffic (C'oose t'ree.) Layer 2
Tap Virtual Wire Layer
Mark for follow up
uestion ,! of !". >'ic' t'ree @T $ort configuration settings are re?uired in order to access t'e >e+5 (C'oose t'ree.) ostname Netmask (efault &ateway $P address
Mark for follow up
uestion ," of !". >'ic' t'ree net&or/ modes are su$$orted +# acti*e$assi*e 9A (C'oose t'ree.) Layer 2 Tap
Virtual Wire Layer
Mark for follow up
uestion ,3 of !".
Realize Your Potential: paloaltonetworks
Page 10 of 12
>'ic' t'ree statements are true regarding sessions on t'e fire&a%% (C'oose t'ree.) The only session information tracked in the session lo&s are the five!tuples. *eturn traffic is allowed. ,essions are always matched to a ,ecurity policy rule. Network packets are always matched to a session.
Mark for follow up
uestion , of !". >'ic' t&o fi%e t#$es can +e sent to >i%d4ire for ana%#sis if a fire&a%% 'as on%# a standard su+scri$tion ser*ice (C'oose t&o.) .pdf .ar .dll .e-e
Mark for follow up
uestion ,8 of !". >'ic' t&o 5ser-= met'ods are used to *erif# /no&n P address-to-user ma$$ings (C'oose t&o.) "aptive Portal "lient Probin& ,ession Monitorin& ,erver Monitorin&
Mark for follow up
uestion ,: of !". >'ic' 5ser-= user ma$$ing met'od is recommended f or en*ironments &'ere users fre?uent%# c'ange P addresses "aptive Portal "lient Probin& ,ession Monitorin& ,erver Monitorin&
Mark for follow up
uestion !< of !".
Realize Your Potential: paloaltonetworks
Page 11 of 12
>'ic' fi%e must +e do&n%oaded from t'e fire&a%% to create a 9eatma$ and 0est Practices Assessment re$ort stats dump file >> P'!?2>> P'!2>>
VM!,eries P'!@>>>
Mark for follow up
uestion !, of !". >'ic' V-Series mode% &as introduced &it' t'e re%ease of PAN-OSD 8.1 VM!?> Lite VM!2>> Lite VM!>> Lite VM!7>> Lite
Realize Your Potential: paloaltonetworks
Page 12 of 12
Mark for follow up
uestion !! of !". >'ic' c%oud com$uting ser*ice mode% &i%% ena+%e an a$$%ication de*e%o$er to de*e%o$ manage and t est t'eir a$$%ications &it'out t'e ex$ense of $urc'asing e?ui$ment code as a service software as a service infrastructure as a service platform as a service
Mark for follow up
uestion !" of !". >'ic' essentia% c%oud c'aracteristic is designed for a$$%ications t'at &i%% +e re?uired to run on a%% $%atforms inc%uding smart$'ones ta+%ets and %a$to$s rapid elasticity broad network access on!demand self service measured services
Mark for follow up
Save / Return Later
Sum Su mmary
View more...
Comments