Descripción: Test Accredited Configuration Engineer (ACE) Exam PANOS 8.0 Version...
Description
14/05/2017
Realize Your Potential: paloaltonetworks
Test Accredited Configuration Engineer (ACE) Exam PANOS 8.0 Version ACE 8.0
Question 1 of 40. A Server Profile enables a firewall to locate which server type? a server with firewall software updates a server with firewall threat updates a server with remote user accounts a server with an available VPN connection Mark for follow up
Question 2 of 40. An Antivirus Security Profile specifies Actions and WildFire Actions. Wildfire Actions enable you to configure the firewall to perform which operation? Upload traffic to WildFire when a virus is suspected. Download new antivirus signatures from WildFire. Delete packet data when a virus is suspected. Block traffic when a WildFire virus signature is detected. Mark for follow up
Question 3 of 40. An Interface Management Profile can be attached to which two interface types? (Choose two.) Layer 3 Layer 2 Tap Virtual Wire Loopback Mark for follow up
Question 4 of 40. AppID running on a firewall identifies applications using which three methods? (Choose three.) Program heuristics WildFire lookups PANDB lookups Known protocol decoders Application signatures Mark for follow up
Question 5 of 40. https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=6296516fbf5b4c19bb9a5223178f76d8&evalLvl=5&redirect_url=%2fphnx%2fdriver… 1/9
14/05/2017
Realize Your Potential: paloaltonetworks
Application block pages can be enabled for which applications? nonTCP/IP webbased any MGT portbased Mark for follow up
Question 6 of 40. Finding URLs matched to the notresolved URL category in the URL Filtering log file might indicate that you should take which action? Redownload the URL seed database. Validate connectivity to the PANDB cloud. Validate your Security policy rules. Reboot the firewall. Mark for follow up
Question 7 of 40. For which firewall feature should you create forward trust and forward untrust certificates? SSL Inbound Inspection decryption SSL clientside certificate checking SSL forward proxy decryption SSH decryption Mark for follow up
Question 8 of 40. If a DNS sinkhole is configured, any sinkhole actions indicating a potentially infected host are recorded in which log type? Data Filtering WildFire Submissions Threat Traffic Mark for follow up
Question 9 of 40. If there is an HA configuration mismatch between firewalls during peer negotiation, which state will the passive firewall enter? PASSIVE NONFUNCTIONAL ACTIVE INITIAL Mark for follow up
Question 10 of 40. https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=6296516fbf5b4c19bb9a5223178f76d8&evalLvl=5&redirect_url=%2fphnx%2fdriver… 2/9
14/05/2017
Realize Your Potential: paloaltonetworks
In a Security Profile, which action does a firewall take when the profiles action is configured as Reset Server? (Choose two.) For UDP sessions, the connection is reset. For UDP sessions, the connection is dropped. The client is reset. The traffic responder is reset. Mark for follow up
Question 11 of 40. In an HA configuration, which three components are synchronized between the pair of firewalls? (Choose three.) policies networks objects logs Mark for follow up
Question 12 of 40. In an HA configuration, which three functions are associated with the HA1 Control Link? (Choose three.) synchronizing sessions synchronizing configuration exchanging heartbeats exchanging hellos Mark for follow up
Question 13 of 40. In an HA configuration, which two failure detection methods rely on ICMP ping? (Choose two.) heartbeats path groups link groups hellos Mark for follow up
Question 14 of 40. The UserID feature is enabled per __________? UserID agent firewall security zone firewall interface firewall Mark for follow up
Question 15 of 40. https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=6296516fbf5b4c19bb9a5223178f76d8&evalLvl=5&redirect_url=%2fphnx%2fdriver… 3/9
14/05/2017
Realize Your Potential: paloaltonetworks
The WildFire Portal website supports which three operations? (Choose three.) report incorrect verdicts upload files to WildFire for analysis request firewall WildFire licenses view WildFire verdicts Mark for follow up
Question 16 of 40. What are the two separate planes that make up the PANOS architecture? (Choose two.) dataplane routing plane HA plane signature processing plane control/management plane Mark for follow up
Question 17 of 40. What are three connection methods for the GlobalProtect agent? (Choose three.) PreLogon Captcha portal UserLogon Ondemand Mark for follow up
Question 18 of 40. What is a characteristic of Dynamic Admin Roles? They can be dynamically created or deleted by a firewall administrator. Role privileges can be dynamically updated with newer software releases. Role privileges can be dynamically updated by a firewall administrator. They can be dynamically modified by external authorization systems. Mark for follow up
Question 19 of 40. What is a use case for deploying Palo Alto Networks NGFW in the public cloud? cost savings through onetime purchase of Palo Alto Networks hardware and subscriptions centralizing your data storage on premise faster WildFire analysis response time extending the corporate data center into the public cloud Mark for follow up
Question 20 of 40. https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=6296516fbf5b4c19bb9a5223178f76d8&evalLvl=5&redirect_url=%2fphnx%2fdriver… 4/9
14/05/2017
Realize Your Potential: paloaltonetworks
What is the result of performing a firewall Commit operation? The candidate configuration becomes the saved configuration. The candidate configuration becomes the running configuration. The loaded configuration becomes the candidate configuration. The saved configuration becomes the loaded configuration. Mark for follow up
Question 21 of 40. When SSL traffic passes through the firewall, which component is evaluated first? Decryption exclusions list Security policy Decryption policy Decryption Profile Mark for follow up
Question 22 of 40. Where does a GlobalProtect client connect to first when trying to connect to the network? UserID agent GlobalProtect Portal AD agent GlobalProtect Gateway Mark for follow up
Question 23 of 40. Which condition must exist before a firewall's inband interface can process traffic? The firewall must be assigned to a security zone. The firewall must be enabled. The firewall must not be a loopback interface. The firewall must be assigned an IP address. Mark for follow up
Question 24 of 40. Which feature is a dynamic grouping of applications used in Security policy rules? dependent applications application filter implicit applications application group Mark for follow up
Question 25 of 40. Which four actions can be applied to traffic matching a URL Filtering Security Profile? (Choose four.) https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=6296516fbf5b4c19bb9a5223178f76d8&evalLvl=5&redirect_url=%2fphnx%2fdriver… 5/9
14/05/2017
Realize Your Potential: paloaltonetworks
Continue Alert Reset Client Reset Server Override Block Mark for follow up
Question 26 of 40. Which interface type does NOT require any configuration changes to adjacent network devices? Virtual Wire Tap Layer 3 Layer 2 Mark for follow up
Question 27 of 40. Which interface type is NOT assigned to a security zone? Virtual Wire HA Layer 3 VLAN Mark for follow up
Question 28 of 40. Which statement describes a function provided by an Interface Management Profile? It determines which firewall services are accessible from external devices. It determines which external services are accessible by the firewall. It determines the NetFlow and LLDP interface management settings. It determines which administrators can manage which interfaces. Mark for follow up
Question 29 of 40. Which statement describes the Export named configuration snapshot operation? The candidate configuration is transferred from memory to the firewall's storage device. A copy of the configuration is uploaded to the cloud as a backup. The running configuration is transferred from memory to the firewall's storage device. A saved configuration is transferred to an external hosts storage device. Mark for follow up
Question 30 of 40. https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=6296516fbf5b4c19bb9a5223178f76d8&evalLvl=5&redirect_url=%2fphnx%2fdriver… 6/9
14/05/2017
Realize Your Potential: paloaltonetworks
Which statement is true about a URL Filtering Profile continue password? There is a password per firewall administrator account. There is a password per website. There is a single, perfirewall password. There is a password per session. Mark for follow up
Question 31 of 40. Which three are valid configuration options in a WildFire Analysis Profile? (Choose three.) maximum file size file types application direction Mark for follow up
Question 32 of 40. Which three components can be sent to WildFire for analysis? (Choose three.) files traversing the firewall MGT interface traffic URL links found in email email attachments Mark for follow up
Question 33 of 40. Which three interface types can control or shape network traffic? (Choose three.) Virtual Wire Layer 2 Layer 3 Tap Mark for follow up
Question 34 of 40. Which three MGT port configuration settings are required in order to access the WebUI? (Choose three.) Default gateway Hostname IP address Netmask Mark for follow up
Question 35 of 40. Which three network modes are supported by active/passive HA? (Choose three.) https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=6296516fbf5b4c19bb9a5223178f76d8&evalLvl=5&redirect_url=%2fphnx%2fdriver… 7/9
14/05/2017
Realize Your Potential: paloaltonetworks
Layer 2 Tap Layer 3 Virtual Wire Mark for follow up
Question 36 of 40. Which three statements are true regarding sessions on the firewall? (Choose three.) The only session information tracked in the session logs are the fivetuples. Return traffic is allowed. Network packets are always matched to a session. Sessions are always matched to a Security policy rule. Mark for follow up
Question 37 of 40. Which two UserID methods are used to verify known IP addresstouser mappings? (Choose two.) Captive Portal Client Probing Server Monitoring Session Monitoring Mark for follow up
Question 38 of 40. Which type of content update does NOT have to be scheduled for download on the firewall? WildFire antivirus signatures PANDB updates dynamic update threat signatures dynamic update antivirus signatures Mark for follow up
Question 39 of 40. Which user mapping method is recommended for a highly mobile user base? Client Probing GlobalProtect Server Monitoring Session Monitoring Mark for follow up
Question 40 of 40. Which UserID user mapping method is recommended for environments where users frequently change IP addresses? https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=6296516fbf5b4c19bb9a5223178f76d8&evalLvl=5&redirect_url=%2fphnx%2fdriver… 8/9
14/05/2017
Realize Your Potential: paloaltonetworks
Captive Portal Client Probing Server Monitoring Session Monitoring Mark for follow up
Thank you for interesting in our services. We are a non-profit group that run this website to share documents. We need your help to maintenance this website.