Accredited Configuration Engineer (ACE) Exam - PAN-OS 7.0 Version

Please download to get full document.

View again

of 12
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Information Report
Category:

Documents

Published:

Views: 2 | Pages: 12

Extension: PDF | Download: 0

Share
Related documents
Description
Accredited Configuration Engineer (ACE) Exam - PAN-OS 7.0 Version
Tags
Transcript
  Test - Accredited Configuration Engineer (ACE) Exam - PAN-OS 7.0 Version ACE Exam Question 1 of 50. Which pre-defined Admin Role has all rights except the rights to create administrative accounts and virtual systems? Superuser Device Administrator vsysadmin A custom admin role must be created for this specific combination of rights.Mark for follow up Question 2 of 50. After the installation of a new version of PAN-OS, the firewall must be rebooted. TrueFalseMark for follow up Question 3 of 50. Palo Alto Networks firewalls support the use of both Dynamic (built-in user roles) and Role-Based (customized user roles) for Administrator Accounts. TrueFalseMark for follow up Question 4 of 50. What is the default DNS sinkhole address used by the Palo Alto Networks Firewall to cut off communication? The default gateway of the firewall.The local loopback address.The MGT interface address. Any layer 3 interface address specified by the firewall administrator.Mark for follow up Question 5 of 50. Users may be authenticated sequentially to multiple authentication servers by configuring:  An Authentication Profile. An Authentication Sequence. A custom Administrator Profile.Multiple RADIUS servers sharing a VSA configuration.Mark for follow up Question 6 of 50. What are the benefits gained when the Enable Passive DNS Monitoring checkbox is chosen on the firewall? (Select all correct answers.) Improved malware detection in WildFire.Improved PAN-DB malware detection.Improved DNS-based C&C signatures.Improved BrightCloud malware detection.Mark for follow up Question 7 of 50. In PAN-OS 7.0 which of the available choices serves as an alert warning by defining patterns of suspicious traffic and network anomalies that may indicate a host has beencompromised? Realize Your Potential: paloaltonetworkshttps://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=e...1 of 88/8/2016 3:35 PM  Custom Signatures App-ID SignaturesCorrelation EventsCorrelation ObjectsCommand & Control SignaturesMark for follow up Question 8 of 50. Which of the following must be enabled in order for User-ID to function? Captive Portal Policies must be enabled.Security Policies must have the User-ID option enabled.Captive Portal must be enabled.User-ID must be enabled for the source zone of the traffic that is to be identified.Mark for follow up Question 9 of 50. In which of the following can User-ID be used to provide a match condition? Security PoliciesNAT PoliciesZone Protection PoliciesThreat ProfilesMark for follow up Question 10 of 50. In PAN-OS 6.0 and later, which of these items may be used as match criterion in a Policy-Based Forwarding Rule? (Choose 3.) Source User Destination ZoneSource ZoneDestination ApplicationMark for follow up Question 11 of 50. The Drive-By Download protection feature, under File Blocking profiles in Content-ID, provides: Protection against unwanted downloads by showing the user a response page indicating that a file is going to be downloaded.Increased speed on downloads of file types that are explicitly enabled.Password-protected access to specific file downloads for authorized users.The ability to use Authentication Profiles, in order to protect against unwanted downloads.Mark for follow up Question 12 of 50. Color-coded tags can be used on all of the items listed below EXCEPT: Vulnerability Profiles Address ObjectsZonesService GroupsMark for follow up Question 13 of 50. When employing the BrightCloud URL filtering database in a Palo Alto Networks firewall, the order of evaluation within a profile is: Block list, Allow list, Custom Categories, Cache files, Local URL DB file.Block list, Custom Categories, Cache files, Predefined categories, Dynamic URL filtering, Allow list. Realize Your Potential: paloaltonetworkshttps://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=e...2 of 88/8/2016 3:35 PM  Block list, Custom Categories, Predefined categories, Dynamic URL filtering, Allow list, Cache files.Dynamic URL filtering, Block list, Allow list, Cache files, Custom categories, Predefined categories.Mark for follow up Question 14 of 50. Can multiple administrator accounts be configured on a single firewall? YesNoMark for follow up Question 15 of 50. As the Palo Alto Networks Administrator responsible for User-ID, you need to enable mapping of network users that do not sign-in using LDAP. Which information source wouldallow for reliable User-ID mapping while requiring the least effort to configure?  Active Directory Security LogsExchange CAS Security logsWMI QueryCaptive PortalMark for follow up Question 16 of 50. User-ID is enabled in the configuration of …  An Interface. A Zone. A Security Policy. A Security Profile. Mark for follow up Question 17 of 50. In order to route traffic between Layer 3 interfaces on the Palo Alto Networks firewall, you need a: Virtual Router VLANVirtual WireSecurity ProfileMark for follow up Question 18 of 50. An interface in tap mode can transmit packets on the wire. TrueFalseMark for follow up Question 19 of 50. Which of the following is a routing protocol supported in a Palo Alto Networks firewall? EIGRPRIPv2ISISIGRPMark for follow up Question 20 of 50. WildFire may be used for identifying which of the following types of traffic? RIPv2 Realize Your Potential: paloaltonetworkshttps://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=e...3 of 88/8/2016 3:35 PM  MalwareDHCPOSPFMark for follow up Question 21 of 50. True or False: The PAN-DB URL Filtering Service is offered as both a Private Cloud solution and a Public Cloud solution. TrueFalseMark for follow up Question 22 of 50. With IKE Phase 1, each device is identified to the other by a Peer ID. In most cases, the Peer ID is just the public IP address of the device. In situations where the public IP address isnot static, the Peer ID can be a text value. TrueFalseMark for follow up Question 23 of 50. A Config Lock may be removed by which of the following users? (Select all correct answers.) The administrator who set it Any administrator Device administratorsSuperusersMark for follow up Question 24 of 50. What will be the user experience when the safe search option is NOT enabled for Google search but the firewall has Safe Search Enforcement Enabled?  A block page will be presented with instructions on how to set the strict Safe Search option for the Google search.The Firewall will enforce Safe Search if the URL filtering license is still valid. A task bar pop-up message will be presented to enable Safe Search.The user will be redirected to a different search site that is specified by the firewall administrator.Mark for follow up Question 25 of 50. True or False: The WildFire Analysis Profile can only be configured to send unknown files to the WildFire Public Cloud only. TrueFalseMark for follow up Question 26 of 50. As the Palo Alto Networks Administrator you have enabled Application Block pages. Afterwards, not knowing they are attempting to access a blocked web-based application, userscall the Help Desk to complain about network connectivity issues. What is the cause of the increased number of help desk calls? The firewall admin did not create a custom response page to notify potential users that their attempt to access the web-based application is being blocked due to company policy.Some App-ID's are set with a Session Timeout value that is too low.The File Blocking Block Page was disabled. Application Block Pages will only be displayed when Captive Portal is configured.Mark for follow up Question 27 of 50. A Continue action can be configured on which of the following Security Profiles? URL Filtering and File BlockingURL Filtering onlyURL Filtering, File Blocking, and Data Filtering Realize Your Potential: paloaltonetworkshttps://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=e... of 88/8/2016 3:35 PM
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks
SAVE OUR EARTH

We need your sign to support Project to invent "SMART AND CONTROLLABLE REFLECTIVE BALLOONS" to cover the Sun and Save Our Earth.

More details...

Sign Now!

We are very appreciated for your Prompt Action!

x