DumpLeader Ensure Success with Money back Guarantee
http://www.dumpleader.com Advance your career with IT Cert!
IT Certification Guaranteed, The Easy Way!
Exam
:
ACE
Title
:
Accredited Configuration Engineer (ACE)
Vendor
:
Palo Alto Networks
Version
:
DEMO
1
IT Certification Guaranteed, The Easy Way!
NO.1 When configuring Security rules based on FQDN objects, which of the following statements are true? A. The firewall resolves the FQDN first when the policy is committed, and is refreshed each time Security rules are evaluated. B. The firewall resolves the FQDN first when the policy is committed, and is refreshed at TTL expiration. There is no limit on the number of IP addresses stored for each resolved FQDN. C. In order to create FQDN-based objects, you need to manually define a list of associated IP. Up to 10 IP addresses can be configured for each FQDN entry. D. The firewall resolves the FQDN first when the policy is committed, and is refreshed at TTL expiration. The resolution of this FQDN stores up to 10 different IP addresses. Answer: C NO.2 When creating an application filter, which of the following is true? A. They are used by malware B. Excessive bandwidth may be used as a filter match criteria C. They are called dynamic because they automatically adapt to new IP addresses D. They are called dynamic because they will automatically include new applications from an application signature update if the new application's type is included in the filter Answer: D NO.3 An interface in Virtual Wire mode must be assigned an IP address. A. True B. False Answer: B NO.4 Can multiple administrator accounts be configured on a single firewall? A. Yes B. No Answer: A NO.5 What is the default DNS Sinkhole address used by Palo Alto Networks Firewall to cut off communication? A. MGT interface address B. Loopback interface address C. Any one Layer 3 interface address D. Localhost address Answer: B NO.6
2
IT Certification Guaranteed, The Easy Way!
Taking into account only the information in the screenshot above, answer the following question. An administrator is using SSH on port 3333 and BitTorrent on port 7777. Which statements are true? A. The BitTorrent traffic will be allowed. B. The SSH traffic will be allowed. C. The SSH traffic will be denied. D. The BitTorrent traffic will be denied. Answer: B, D NO.7 Which of the following interface types can have an IP address assigned to it? (Select all correct answers.) A. Layer 3 B. Layer 2 C. Tap D. Virtual Wire Answer: A NO.8 Taking into account only the information in the screenshot above, answer the following question. Which applications will be allowed on their standard ports? (Select all correct answers.)
A. BitTorrent B. Gnutella C. Skype D. SSH Answer: AD NO.9 With IKE, each device is identified to the other by a Peer ID. In most cases, this is just the public IP address of the 3
IT Certification Guaranteed, The Easy Way!
device. In situations where the public ID is not static, this value can be replaced with a domain name or other text value A. True B. False Answer: A NO.10 To allow the PAN device to resolve internal and external DNS host names for reporting and for security policies, an administrator can do the following: A. Create a DNS Proxy Object with a default DNS Server for external resolution and a DNS server for internal domain. Then, in the device settings, point to this proxy object for DNS resolution. B. In the device settings define internal hosts via a static list. C. In the device settings set the Primary DNS server to an external server and the secondary to an internal server. D. Create a DNS Proxy Object with a default DNS Server for external resolution and a DNS server for internal domain. Then, in the device settings, select the proxy object as the Primary DNS and create a custom security rule which references that object for Answer: A NO.11 Which of the following are accurate statements describing the HA3 link in an Active-Active HA deployment? A. HA3 is used for session synchronization B. The HA3 link is used to transfer Layer 7 information C. HA3 is used to handle asymmetric routing D. HA3 is the control link Answer: A NO.12 When configuring a Decryption Policy rule, which option allows a firewall administrator to control SSHv2 tunneling in policies by specifying the SSHtunnel AppID? A. SSH Proxy B. SSL Forward Proxy C. SSL Inbound Inspection D. SSL Reverse Proxy Answer: A
