examen ace 84%
DESCRIPTION
Examen ACE de Palo Alto con un 84% de aciertos.TRANSCRIPT
IDQuestionCorrect
6781A "Continue" action can be configured on which of the following Security Profiles?Correct
7947After the installation of a new version of PAN-OS, the firewall must be rebooted.Correct
7948After the installation of the Threat Prevention license, the firewall must be rebooted.Correct
7941All of the interfaces on a Palo Alto Networks device must be of the same interface type.Correct
6791An enterprise PKI system is required to deploy SSL Forward Proxy decryption capabilities.Correct
7942An interface in tap mode can transmit packets on the wire.Correct
7943An interface in Virtual Wire mode must be assigned an IP address.Correct
7979As the Palo Alto Networks Administrator responsible for User-ID, you need to enable mapping of network users that do not sign-in using LDAP. Which information source would allow for reliable User-ID mapping while requiring the least effort to configure?Correct
7984As the Palo Alto Networks Administrator you have enabled Application Block pages. Afterwards, not knowing they are attempting to access a blocked web-based application, users call the Help Desk to complain about network connectivity issues. What is the cause of the increased number of help desk calls?Correct
7989Besides selecting the Heartbeat Backup option when creating an Active-Passive HA Pair, which of the following also prevents "Split-Brain"?Correct
7994Can multiple administrator accounts be configured on a single firewall?Correct
8097Considering the information in the screenshot above, what is the order of evaluation for this URL Filtering Profile?Correct
8067Enabling "Highlight Unused Rules" in the Security Policy window will:Correct
8767How do you reduce the amount of information recorded in the URL Content Filtering Logs?Correct
8756In order to route traffic between Layer 3 interfaces on the Palo Alto Networks firewall, you need a:Correct
8751In Palo Alto Networks terms, an application is:Incorrect
8746In PAN-OS 6.0, rule numbers are:Correct
7944Palo Alto Networks firewalls support the use of both Dynamic (built-in user roles) and Role-Based (customized user roles) for Administrator Accounts.Correct
7945Security policies specify a source interface and a destination interface.Incorrect
7959Select the implicit rules that are applied to traffic that fails to match any administrator-defined Security Policies. (Choose all rules that are correct.)Correct
IDQuestionCorrect
8077Taking into account only the information in the screenshot above, answer the following question. An administrator is pinging 4.4.4.4 and fails to receive a response. What is the most likely reason for the lack of response?Correct
8072Taking into account only the information in the screenshot above, answer the following question: A span port or a switch is connected to e1/4, but there are no traffic logs. Which of the following conditions most likely explains this behavior?Correct
8706The following can be configured as a next hop in a static route:Correct
8082The screenshot above shows part of a firewalls configuration. If ping traffic can traverse this device from e1/2 to e1/1, which of the following statements must be True about this firewalls configuration? (Select all correct answers.)Correct
8696Users may be authenticated sequentially to multiple authentication servers by configuring:Correct
8686What are two sources of information for determining whether the firewall has been successful in communicating with an external User-ID Agent?Correct
8581What general practice best describes how Palo Alto Networks firewall policies are applied to a session?Correct
8656What is the maximum file size of .EXE files uploaded from the firewall to WildFire?Correct
8646What will be the user experience when the safe search option is NOT enabled for Google search but the firewall has "Safe Search Enforcement" Enabled?Correct
7949When an interface is in Tap mode and a Policys action is set to block, the interface will send a TCP reset.Correct
8630When configuring a Decryption Policy Rule, which of the following are available as matching criteria in the rule? (Choose 3 answers.)Incorrect
8636When configuring a Decryption Policy rule, which option allows a firewall administrator to control SSHv2 tunneling in policies by specifying the SSH-tunnel App-ID?Correct
8621When configuring a Security Policy Rule based on FQDN Address Objects, which of the following statements is True?Correct
8616When configuring the firewall for User-ID, what is the maximum number of Domain Controllers that can be configured?Correct
8591When Destination Network Address Translation is being performed, the destination in the corresponding Security Policy Rule should use:Correct
7964When using Config Audit, the color yellow indicates which of the following?Correct
8576Which feature can be configured to block sessions that the firewall cannot decrypt?Correct
8561Which of the Dynamic Updates listed below are issued on a daily basis? (Select all correct answers.)Correct
8541Which of the following can provide information to a Palo Alto Networks firewall for the purposes of User-ID? (Select all correct answers.)Incorrect
8490Which of the following facts about dynamic updates is correct?Correct
8531Which of the following interface types can have an IP address assigned to it?Correct
8526Which of the following is NOT a valid option for built-in CLI Admin roles?Incorrect
8471Which of the following search engines are supported by the "Safe Search Enforcement" option? (Select all correct answers.)Correct
8495Which of the following services are enabled on the MGT interface by default? (Select all correct answers.)Correct
8466Which pre-defined Admin Role has all rights except the rights to create administrative accounts and virtual systems?Correct
8461Which routing protocol is supported on the Palo Alto Networks platform?Correct
8420Which statement below is True?Incorrect
8449Which type of license is required to perform Decryption Port Mirroring?Incorrect
8438Without a WildFire subscription, which of the following files can be submitted by the Firewall to the hosted WildFire virtualized sandbox?Correct
7951You can assign an IP address to an interface in Virtual Wire mode.Incorrect