ACE Exam
Question 1 of 50. Which statement below is Tru True? e? PAN-OS uses BrightCloud for URL Filtering, replacing PAN-DB PAN-OS PAN-OS uses PAN-DB PAN-DB for URL Filtering, replacing BrightCloud PAN-OS PA N-OS uses PAN-DB as the default URL Filtering data!ase, !ut also supports BrightCloud PAN-OS PAN-OS uses BrightCloud as its default URL Filtering data!ase, !ut also supports PAN-DB PAN-DB
Question 2 of 50. A "Continue" action can be configured on which of the following ecurit! rofiles? URL Filtering and File Bloc"ing URL Filtering onl# URL Filtering, File Bloc"ing, and Data Filtering URL Filtering and Anti-$irus
Question # of 50. A Config $oc% ma! be remo&ed b! which of the following users? 'elect all correct answers.( An# ad%inistrator ad%inistrator De$ice ad%inistrators &he ad%inistrator 'ho set it Superusers
Question ) of 50. When an interface is in Ta Ta* * mode and a olic!+s action is set to ,bloc%- the interface will send a TC reset.
&rue
False
Question 5 of 50. /sing the A in A3 4.1 Wildire subscribers can u*load u* to how man! sam*les *er da!? ()) () *))) *)
Question 4 of 50. Which statement about config loc%s is True? A config loc" can !e re%o$ed onl# !# a superuser A config loc" can !e re%o$ed onl# !# the ad%inistrator 'ho set it A config loc" can onl# !e re%o$ed !# the ad%inistrator 'ho set it or !# a superuser A config loc" 'ill e+pire after hours, unless it 'as set !# a superuser
Question 6 of 50. Can multi*le administrator accounts be configured on a single firewall? .es
No
Question 7 of 50. n which of the following can /ser8 be used to *ro&ide a match condition?
Securit# Policies NA& Policies /one Protection Policies &hreat Profiles
Question 9 of 50. Will an e:*orted configuration contain ;anagement nterface settings? .es
No
Question 10 of 50. Which of the following must be enabled in order for /ser8 to function? Securit# Policies %ust ha$e the User-0D option ena!led User-0D %ust !e ena!led for the source 1one of the traffic that is to !e identified Capti$e Portal Policies %ust !e ena!led Capti$e Portal %ust !e ena!led
Question 11 of 50. Which of the following interface t!*es can ha&e an address assigned to it? La#er 2 La#er &ap 3irtual 4ire
Question 12 of 50.
Which of the following most accuratel! describes 8!namic in a ource AT configuration? A single 0P address is used, and the source port nu%!er is changed &he ne+t a$aila!le 0P address in the configured pool is used, !ut the source port nu%!er is unchanged &he ne+t a$aila!le address in the configured pool is used, and the source port nu%!er is changed A single 0P address is used, and the source port nu%!er is unchanged
Question 1# of 50. ules" in the ecurit! olic! window will Displa# rules that caused a $alidation error to occur at the ti%e a Co%%it 'as perfor%ed 5ighlight all rules that ha$e not %atched traffic since the rule 'as created or since the last re!oot of the fire'all 5ighlight all rules that did not %atch traffic 'ithin an ad%inistrator-specified ti%e period &e%poraril# disa!le rules that ha$e not %atched traffic since the rule 'as created or since the last re!oot of the fire'all
Question 1) of 50. Which of the following statements is 3T True about alo Alto etwor%s firewalls? S#ste% defaults %a# !e restored !# perfor%ing a factor# reset in 6aintenance 6ode &he default Ad%in account %a# !e disa!led or deleted 0nitial configuration %a# !e acco%plished thru the 67& interface or the Console port B# default the 67& Port8s 0P Address is *9*:;**<
Question 15 of 50. When 8estination etwor% Address Translation is being *erformed the destination in the corres*onding ecurit! olic! >ule should use &he Pre-NA& destination 1one and Pre-NA& 0P addresses &he Post-NA& destination 1one and Pre-NA& 0P addresses
&he Pre-NA& destination 1one and Post-NA& 0P addresses &he Post-NA& destination 1one and Post-NA& 0P addresses
Question 14 of 50. When configuring a ecurit! olic! >ule based on Q8 Address 3b@ects which of the following statements is True? &he fire'all resol$es the F=DN first 'hen the polic# is co%%itted, and resol$es the F=DN again each ti%e Securit# Profiles are e$aluated 0n order to create F=DN-!ased o!>ects, #ou need to %anuall# define a list of associated 0P addresses &he fire'all resol$es the F=DN first 'hen the polic# is co%%itted, and resol$es the F=DN again at DNS &&L e+piration
Question 16 of 50. When configuring a 8ecr!*tion olic! >ule which of the following are a&ailable as matching criteria in the rule? 'Choose # answers.( URL Categor# Ser$ice Source User Application Source /one
Question 17 of 50. Without a Wildire subscri*tion which of the following files can be submitted b! the irewall to the hosted Wildire &irtualied sandbo:? 6S Office docar and class onl# P? files onl#
Question 19 of 50. When troubleshooting hase 1 of an sec B tunnel which location and log will be most informati&e? Responding side, &raffic log 0nitiating side, S#ste% log 0nitiating side, &raffic log Responding side, S#ste% Log
Question 20 of 50. What are the benefits gained when the "
Question 21 of 50. Which of the 8!namic /*dates listed below are issued on a dail! basis? 'elect all correct answers.( Applications BrightCloud URL Filtering Applications and &hreats Anti-$irus
Question 22 of 50. Which of the following would be a reason to use the A3 ;$ A to communicate with a alo Alto etwor%s firewall?
&o per%it s#slogging of User 0dentification e$ents &o allo' the fire'all to push User-0D infor%ation to a Net'or" Access Control NAC de$ice &o pull infor%ation fro% other net'or" r esources for User-0D
Question 2# of 50. An interface in ta* mode can transmit *ac%ets on the wire. &rue
False
Question 2) of 50. Wildire ma! be used for identif!ing which of the following t!*es of traffic? D5CP 6al'are R0P$ OSPF
Question 25 of 50. What general *ractice best describes how alo Alto etwor%s firewall *olicies are a**lied to a session? 6ost specific %atch applied First %atch applied Last %atch applied &he rule 'ith the highest rule nu%!er is applied
Question 24 of 50.
What will be the user e:*erience when the safe search o*tion is 3T enabled for Doogle search but the firewall has "afe earch
Question 26 of 50.
Ta%ing into account onl! the information in the screenshot abo&e answer the following Euestion. An administrator is using = on *ort #### and FitTorrent on *ort 6666. Which statements are True? &he SS5 traffic 'ill !e denied &he Bit&orrent traffic 'ill !e allo'ed &he Bit&orrent traffic 'ill !e denied &he SS5 traffic 'ill !e allo'ed
Question 27 of 50. After the installation of the Threat re&ention license the firewall must be rebooted. &rue
False
Question 29 of 50. n order to route traffic between $a!er # interfaces on the alo Alto etwor%s firewall !ou need a 3irtual Router 3LAN 3irtual 4ire Securit# Profile
Question #0 of 50. What will the user e:*erience when attem*ting to access a bloc%ed hac%ing website through a translation ser&ice such as Doogle Translate or Fing Translator? A Bloc"edE page response 'hen the URL filtering polic# to !loc" is enforced A SuccessE page response 'hen the site is successfull# translated &he !ro'ser 'ill !e redirected to the original 'e!site address An 5&&P ?rror ()2 - Ser$ice una$aila!le %essage
Question #1 of 50. Which of the following are methods that =A clusters use to identif! networ% outages? Lin" and Session 6onitors 3R and 3S.S 6onitors 5eart!eat and Session 6onitors Path and Lin" 6onitoring
Question #2 of 50.
Ta%ing into account onl! the information in the screenshot abo&e answer the following Euestion. Which a**lications will be allowed on their standard *orts? 'elect all correct answers.( 7nutella Bit&orrent S"#pe SS5
Question ## of 50. An enter*rise G s!stem is reEuired to de*lo! $ orward ro:! decr!*tion ca*abilities. &rue
False
Question #) of 50. n A3 4.0 and later which of these items ma! be used as match criterion in a olic!Fased orwarding >ule? 'Choose #.( Destination /one Source /one Source User Destination Application
Question #5 of 50. n a 8estination AT configuration the Translated Address field ma! be *o*ulated with either an address or an Address 3b@ect. &rue
False
Question #4 of 50. Which routing *rotocol is su**orted on the alo Alto etwor%s *latform? B7P R0P$* 0S0S RS&P
Question #6 of 50. Foth $ decr!*tion and = decr!*tion are disabled b! default. &rue
False
Question #7 of 50. n A3 4.0 and later rule numbers are Nu%!ers that specif# the order in 'hich securit# policies are e$aluated Nu%!ers created to !e uniGue identifiers in each fire'allHs polic# data!ase Nu%!ers on a scale of ) to 99 that specif# priorities 'hen t'o or %ore rules are in conflict Nu%!ers created to %a"e it easier for users to discuss a co%plicated or difficult seGuence of rules
Question #9 of 50.
n alo Alto etwor%s terms an a**lication is A specific progra% detected 'ithin an identified strea% that can !e detected, %onitored, and
6ar" for follo' up
Question )0 of 50. Colorcoded tags can be used on all of the items listed below <C<T /ones 3ulnera!ilit# Profiles Address O!>ects Ser$ice 7roups
Question )1 of 50. With G< hase 1 each de&ice is identified to the other b! a eer 8. n most cases the eer 8 is @ust the *ublic address of the de&ice. n situations where the *ublic address is not static the eer 8 can be a te:t &alue. &rue
False
Question )2 of 50. When em*lo!ing the FrightCloud />$ filtering database in a alo Alto etwor%s firewall the order of e&aluation within a *rofile is Bloc" list, Custo% Categories, Predefined categories, D#na%ic URL filtering, Allo' list, Cache files Bloc" list, Allo' list, Custo% Categories, Cache files, Local URL DB file Bloc" list, Custo% Categories, Cache files, Predefined categories, D#na%ic URL filtering, Allo' list D#na%ic URL filtering, Bloc" list, Allo' list, Cache files, Custo% categories, Predefined categories
Question )# of 50. When configuring the firewall for /ser8 what is the ma:imum number of 8omain Controllers that can be configured? *)) () *) *()
Question )) of 50. Which of the following ser&ices are enabled on the ;DT interface b! default? 'elect all correct answers.( 5&&PS SS5 &elnet 5&&P
Question )5 of 50. As the alo Alto etwor%s Administrator !ou ha&e enabled A**lication Floc% *ages. Afterwards not %nowing the! are attem*ting to access a bloc%ed webbased a**lication users call the =el* 8es% to com*lain about networ% connecti&it! issues. What is the cause of the increased number of hel* des% calls? &he fire'all ad%in did not create a custo% response page to notif# potential users that their atte%pt to access the 'e!-!ased application is !eing !loc"ed due to co%pan# polic# &he File Bloc"ing Bloc" Page 'as disa!led Application Bloc" Pages 'ill onl# !e displa#ed 'hen Capti$e Portal is configured So%e App-0D8s are set 'ith a Session &i%eout $alue that is too lo'
Question )4 of 50.
Considering the information in the screenshot abo&e what is the order of e&aluation for this />$ iltering rofile? Bloc" List, Allo' List, Custo% Categories, URL Categories BrightCloud or PAN-DB URL Categories BrightCloud or PAN-DB, Custo% Categories, Bloc" List, Allo' List Allo' List, Bloc" List, Custo% Categories, URL Categories BrightCloud or PAN-DB Bloc" List, Allo' List, URL Categories BrightCloud or PAN-DB, Custo% Categories
Question )6 of 50.
The screenshot abo&e shows *art of a firewall+s configuration. f *ing traffic can tra&erse this de&ice from e1H2 to e1H1 which of the following statements must be True about this firewall+s configuration? 'elect all correct answers.( &here %ust !e a securit# polic# rule fro% trust 1one to 0nternet 1one that allo's ping &here %ust !e a securit# polic# rule fro% 0nternet 1one to trust 1one that allo's ping &here %ust !e appropriate routes in the default $irtual router &here %ust !e a 6anage%ent Profile that allo's ping &hen assign that 6anage%ent Profile to e*<* and e*<
Question )7 of 50. What is the default 8 sin%hole address used b! the alo Alto etwor%s irewall to cut off communication? &he local loop!ac" address &he default gate'a# of the fire'all &he 67& interface address An# la#er 2 interface address specified !# the fire'all ad%inistrator
Question )9 of 50. Which of the following facts about d!namic u*dates is correct? Anti-$irus updates are released dail# Application and &hreat updates are released 'ee"l# Application and Anti-$irus updates are released 'ee"l# &hreat and &hreat and URL FilteringE updates are released 'ee"l# Application and &hreat updates are released dail# Anti-$irus and URL Filtering updates are released 'ee"l#
&hreat and URL Filtering updates are released dail# Application and Anti-$irus updates are released 'ee"l#
Question 50 of 50. The "8ri&eF! 8ownload" *rotection feature under ile Floc%ing *rofiles in Content8 *ro&ides &he a!ilit# to use Authentication Profiles, in order to protect against un'anted do 'nloads Protection against un'anted do'nloads !# sho'ing the user a response page indicating that a file is going to !e do'nloaded 0ncreased speed on do'nloads of file t#pes that are e+plicitl# ena!led Pass'ord-protected access to specific file do'nloads for authori1ed users
;):
Colorcoded tags can be used on all of the items listed below <C<T
0ncorrect
;)9 I
Considering the information in the screenshot abo&e what is the order of e&aluation for this 0ncorrect />$ iltering rofile?
;I( :
n order to route traffic between $a!er # interfaces on the alo Alto etwor%s firewall !ou need a
0ncorrect
;I *
n A3 4.0 and later which of these items ma! be used as match criterion in a olic! Fased orwarding >ule? 'Choose #.(
0ncorrect
;I *
n which of the following can /ser8 be used to *ro&ide a match condition?
0ncorrect
;); I
Ta%ing into account onl! the information in the screenshot abo&e answer the following Euestion. An administrator is using = on *ort #### and FitTorrent on *ort 6666. Which statements are True?
0ncorrect
;I**
The "8ri&eF! 8ownload" *rotection feature under ile Floc%ing *rofiles in Content8 *ro&ides
0ncorrect
;);
The screenshot abo&e shows *art of a firewall+s configuration. f *ing traffic can tra&erse this de&ice from e1H2 to e1H1 which of the following statements must be True about this firewall+s configuration? 'elect all correct answers.(
0ncorrect
;: :
What will be the user e:*erience when the safe search o*tion is 3T enabled for Doogle search but the firewall has "afe earch
0ncorrect
;: *
When configuring a ecurit! olic! >ule based on Q8 Address 3b@ects which of the following statements is True?
0ncorrect
;(9 *
When 8estination etwor% Address Translation is being *erformed the destination in the corres*onding ecurit! olic! >ule should use
0ncorrect
;( *
Which of the following most accuratel! describes 8!namic in a ource AT configuration?
0ncorrect
;I :
Which of the following would be a reason to use the A3 ;$ A to communicate with a alo Alto etwor%s firewall?
0ncorrect