PA ACE-8 1 - Passed80percent

Realize Your Potential: paloaltonetworks

Page 1 of 12

Test - Accredited Configuration Engineer (ACE) Exam - PAN-OS 8.1 Version

ACE 8.1

uestion 1 of !". A Securit# $o%ic# ru%e dis$%a#ed in ita%ic font indicates &'ic' condition The rule is a clone. The rule is disabled. The rule is active. The rule has been overridden.

Mark for follow up

uestion  of !". A Ser*er Profi%e ena+%es a fire&a%% to %ocate &'ic' ser*er t#$e a server with firewall threat updates a server with firewall software updates a server with remote user accounts a server with an available VPN connection

Mark for follow up

uestion , of !". An nterface anagement Profi%e can +e at tac'ed to &'ic' t&o interface t#$es (C'oose t&o.) Layer 2 Virtual Wire  Layer 

Tap  Loopback

Mark for follow up

uestion ! of !". A$$%ication +%oc/ $ages can +e ena+%ed for &'ic' a$$%ications web!based

Realize Your Potential: paloaltonetworks

Page 2 of 12

non!T"P#$P any M%T port!based

Mark for follow up

uestion " of !". 0ecause a fire&a%% examines e*er# $ac/et in a session a fire&a%% can detect a$$%ication 22222222 &roups filters errors shifts

Mark for follow up

uestion 3 of !". 4inding 567s matc'ed to t'e not-reso%*ed 567 categor# in t'e 567 4i%tering %og fi%e mig't indicate t'at #ou s'ou%d ta/e &'ic' action Validate connectivity to the P'N!() cloud. *e!download the +*L seed database. Validate your ,ecurity policy rules. *eboot the firewall.

 Mark for follow up

uestion  of !". 4or &'ic' fire&a%% feature s'ou%d #ou create for&ard trust and for&ard untrust certificates ,,L client!side certificate checkin& ,,L $nbound $nspection decryption ,,L forward pro-y decryption ,, decryption

Mark for follow up

uestion 8 of !".

Realize Your Potential: paloaltonetworks

Page ( of 12

f t'ere is an 9A configuration mismatc' +et&een fire&a%%s during $eer negotiation &'ic' state &i%% t'e $assi*e fire&a%% enter N/N!0+N"T$/N'L P',,$V1  '"T$V1 $N$T$'L

Mark for follow up

uestion : of !". n an 9A configuration &'ic' t'ree com$onents are s#nc'roni;ed +et&een t'e $air of fire&a%%s (C'oose t'ree.)  networks  policies  obects

lo&s

 Mark for follow up

uestion 1< of !". n an 9A configuration &'ic' t'ree functions are associated &it' t'e 9A1 Contro% 7in/ (C'oose t'ree.)  synchroni3in& confi&uration

synchroni3in& sessions  e-chan&in& heartbeats  e-chan&in& hellos

 Mark for follow up

uestion 11 of !". n an 9A configuration &'ic' t&o fai%ure detection met'ods re%# on CP $ing (C'oose t&o.) hellos  heartbeats

link &roups  path &roups

Mark for follow up

uestion 1 of !".

Realize Your Potential: paloaltonetworks

Page ' of 12

On a fire&a%% t'at 'as , Et'ernet $orts and is configured &it' a d#namic P and $ort (=PP) NAT o*ersu+scri$tion rate of x &'at is t'e maximum num+er of concurrent sessions su$$orted +# eac' a*ai%a+%e P address 2 45 456 7286

 Mark for follow up

uestion 1, of !". >'ic' t&o user ma$$ing met'ods are su$$orted +# t'e 5ser-= integrated agent (C'oose t&o.)  WM$ probin&  "lient Probin&

L('P 0ilters Net)$/, Probin&

 Mark for follow up

uestion 1! of !". SS7 n+ound ns$ection re?uires t'at t'e fire&a%% +e configured &it' &'ic' t&o com$onents (C'oose t&o.) client9s client9s public key  server9s private key

client9s di&ital certificate  server9s di&ital certificate

 Mark for follow up

uestion 1" of !". T'e fire&a%% acts as a $rox# for &'ic' t&o t#$es of traffic ( C'oose t&o.)  ,,

Non!,,L ,,L outbound  ,,L $nbound $nspection

Mark for follow up

uestion 13 of !". T'e T'reat %og records e*ents from &'ic' t'ree Securit# Profi%es (C'oose t'ree.)

Realize Your Potential: paloaltonetworks

Page 5 of 12

  'ntivirus  Vulnerability Protection  +*L 0ilterin&

Wild0ire 'nalysis 0ile )lockin&  'nti!,pyware

Mark for follow up

uestion 1 of !". T'e >i%d4ire Porta% &e+site su$$orts &'ic' t'ree o$erations (C'oose t'ree.) re:uest firewall Wild0ire licenses  view Wild0ire verdicts  upload files to Wild0ire for analysis  report incorrect verdicts

Mark for follow up

uestion 18 of !". >'at are t&o +enefits of attac'ing a =ecr#$tion Profi%e to a =ecr#$tion $o%ic# no-decr#$t ru%e (C'oose t&o.) acceptable protocol checkin&  e-pired certificate checkin&  untrusted certificate checkin&

+*L cate&ory match checkin&

Mark for follow up

uestion 1: of !". >'at is a c'aracteristic of =#namic Admin 6o%es *ole privile&es can be dynamically updated by a firewall administrator. They can be dynamically modified by e-ternal authori3ation systems. *ole privile&es can be dynamically updated with newer software releases. They can be dynamically created or deleted by a firewall administrator.

Mark for follow up

uestion < of !".

Realize Your Potential: paloaltonetworks

Page , of 12

>'at is a use case for de$%o#ing Pa%o A%to Net&or/s N@4> in t'e $u+%ic c%oud faster Wild0ire analysis response time e-tendin& the corporate data center into the public cloud centrali3in& your data stora&e on premise cost savin&s throu&h one!time purchase of Palo 'lto Networks hardware and subscriptions

Mark for follow up

uestion 1 of !". >'at is t'e resu%t of $erforming a fire&a%% Commit o$eration The loaded confi&uration becomes the candidate confi&uration. The saved confi&uration becomes the loaded confi&uration. The candidate confi&uration becomes the runnin& confi&uration. The candidate confi&uration becomes the saved confi&uration.

Mark for follow up

uestion  of !". >'ere does a @%o+a%Protect c%ient connect to first &'en tr#ing to connect to t'e net&or/  '( a&ent %lobalProtect Portal +ser!$( a&ent %lobalProtect %ateway

Mark for follow up

uestion , of !". >'ic' action in a 4i%e 0%oc/ing Securit# Profi%e resu%ts in t'e user +eing $rom$ted to *erif# a fi%e transfer )lock  'lert "ontinue  'llow

Mark for follow up

uestion ! of !".

Realize Your Potential: paloaltonetworks

>'ic' condition must exist +efore a fire&a%%s in-+and interface can $rocess traffic The firewall must be assi&ned to a security 3one. The firewall must not be a loopback interface. The firewall must be enabled. The firewall must be assi&ned an $P address.

 Mark for follow up

uestion " of !". >'ic' feature is a d#namic grou$ing of a$$%ications used in Securit# $o%ic# ru%es dependent applications implicit applications application filter application &roup

Mark for follow up

uestion 3 of !". >'ic' interface t#$e does NOT re?uire an# configuration c'anges to adBacent net&or/ de*ices Virtual Wire Layer  Tap Layer 2

Mark for follow up

uestion  of !". >'ic' interface t#$e is NOT assigned to a securit# ;one Virtual Wire Layer  ' VL'N

Mark for follow up

Page ) of 12

Realize Your Potential: paloaltonetworks

uestion 8 of !". >'ic' statement descri+es a function $ro*ided +# a n nterface anagement Profi%e $t determines which firewall services are accessible from e-ternal devices. $t determines the Net0low and LL(P interface mana&ement settin&s. $t determines which administrators can mana&e which interfaces. $t determines which e-ternal services are accessible by the firewall.

Mark for follow up

uestion : of !". >'ic' statement descri+es t'e Ex$ort named configuration sna$s'ot o$eration The candidate confi&uration is transferred from memory to the firewall9s firewall9s stora&e device. The runnin& confi&uration is transferred from memory to the firewall9s firewall9s stora&e device.  ' saved confi&uration confi&uration is transferred to to an e-ternal hosts hosts stora&e device.  ' copy of the confi&uration is uploaded uploaded to the cloud as a backup.

Mark for follow up

uestion ,< of !". >'ic' statement is true a+out a 567 4i%tering Profi%e continue $ass&ord There is a password per website. There is a password per session. There is a password per firewall administrator account. There is a sin≤ per! firewall password.

Mark for follow up

uestion ,1 of !". >'ic' t'ree are *a%id configuration o$tions in a >i%d4ire Ana%#sis Profi%e (C'oose t'ree.)  file types  direction

ma-imum file si3e  application

Mark for follow up

Page 8 of 12

Realize Your Potential: paloaltonetworks

Page - of 12

uestion , of !". >'ic' t'ree com$onents can +e sent to >i%d4ire for ana%#sis (C'oose t'ree.) M%T interface traffic  email attachments  files traversin& the firewall  +*L links found in email

Mark for follow up

uestion ,, of !". >'ic' t'ree interface t#$es can contro% or s'a$e net&or/ traffic (C'oose t'ree.)  Layer 2

Tap  Virtual Wire  Layer 

Mark for follow up

uestion ,! of !". >'ic' t'ree @T $ort configuration settings are re?uired in order to access t'e >e+5 (C'oose t'ree.) ostname  Netmask  (efault &ateway  $P address

Mark for follow up

uestion ," of !". >'ic' t'ree net&or/ modes are su$$orted +# acti*e$assi*e 9A (C'oose t'ree.)  Layer 2  Tap

Virtual Wire  Layer 

 Mark for follow up

uestion ,3 of !".

Realize Your Potential: paloaltonetworks

Page 10 of 12

>'ic' t'ree statements are true regarding sessions on t'e fire&a%% (C'oose t'ree.) The only session information tracked in the session lo&s are the five!tuples.  *eturn traffic is allowed.  ,essions are always matched to a ,ecurity policy rule.  Network packets are always matched to a session.

Mark for follow up

uestion , of !". >'ic' t&o fi%e t#$es can +e sent to >i%d4ire for ana%#sis if a fire&a%% 'as on%# a standard su+scri$tion ser*ice (C'oose t&o.) .pdf  .ar   .dll  .e-e

Mark for follow up

uestion ,8 of !". >'ic' t&o 5ser-= met'ods are used to *erif# /no&n P address-to-user ma$$ings (C'oose t&o.) "aptive Portal "lient Probin&  ,ession Monitorin&  ,erver Monitorin&

Mark for follow up

uestion ,: of !". >'ic' 5ser-= user ma$$ing met'od is recommended f or en*ironments &'ere users fre?uent%# c'ange P addresses "aptive Portal "lient Probin& ,ession Monitorin& ,erver Monitorin&

Mark for follow up

uestion !< of !".

Realize Your Potential: paloaltonetworks

Page 11 of 12

>'ic' fi%e must +e do&n%oaded from t'e fire&a%% to create a 9eatma$ and 0est Practices Assessment re$ort stats dump file >>  P'!?2>>  P'!2>>

VM!,eries  P'!@>>>

Mark for follow up

uestion !, of !". >'ic' V-Series mode% &as introduced &it' t'e re%ease of PAN-OSD 8.1 VM!?> Lite VM!2>> Lite VM!>> Lite VM!7>> Lite

Realize Your Potential: paloaltonetworks

Page 12 of 12

Mark for follow up

uestion !! of !". >'ic' c%oud com$uting ser*ice mode% &i%% ena+%e an a$$%ication de*e%o$er to de*e%o$ manage and t est t'eir a$$%ications &it'out t'e ex$ense of $urc'asing e?ui$ment code as a service software as a service infrastructure as a service platform as a service

Mark for follow up

uestion !" of !". >'ic' essentia% c%oud c'aracteristic is designed for a$$%ications t'at &i%% +e re?uired to run on a%% $%atforms inc%uding smart$'ones ta+%ets and %a$to$s rapid elasticity broad network access on!demand self service measured services

Mark for follow up

Save / Return Later

Sum Su mmary