Labour Day Sale - Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 575363r9

Welcome To DumpsPedia
  1. Home
  2. Paloalto Networks
  4. ACE
  5. Accredited Configuration Engineer (ACE) PANOS 8.0 Version Questions and Answers

ACE Sample Questions Answers

Questions 4

What option should be configured when using User-ID

Options:

A.

Enable User-ID per zone

B.

Enable User-ID per interface

C.

Enable User-ID per Security Policy

D.

None of the above

Buy Now
Questions 5

A Config Lock may be removed by which of the following users? (Select all correct answers.)

Options:

A.

The administrator who set it

B.

Device administrators

C.

Any administrator

D.

Superusers

Buy Now
Questions 6

Which of the following most accurately describes Dynamic IP in a Source NAT configuration?

Options:

A.

The next available address in the configured pool is used, and the source port number is changed.

B.

A single IP address is used, and the source port number is unchanged.

C.

A single IP address is used, and the source port number is changed.

D.

The next available IP address in the configured pool is used, but the source port number is unchanged.

Buy Now
Questions 7

What is the function of the GlobalProtect Portal?

Options:

A.

To maintain the list of Global Protect Gateways and specify HIP data that the agent should report.

B.

To loadbalance

C.

GlobalProtect client connections to GlobalProtect Gateways.

D.

To maintain the list of remote GlobalProtect Portals and the list of categories for checking the client machine.

E.

To provide redundancy for tunneled connections through the GlobalProtect Gateways.

Buy Now
Questions 8

For non-Microsoft clients, what Captive Portal method is supported?

Options:

A.

NTLM Auth

B.

User Agent

C.

Local Database

D.

Web Form Captive Portal

Buy Now
Questions 9

What are two sources of information for determining whether the firewall has been successful in communicating with an external UserID Agent?

Options:

A.

System Logs and the indicator light under the UserID Agent settings in the firewall.

B.

Traffic Logs and Authentication Logs.

C.

System Logs and an indicator light on the chassis.

D.

System Logs and Authentication Logs.

Buy Now
Questions 10

Which one of the options describes the sequence of the GlobalProtect agent connecting to a Gateway?

Options:

A.

The agent connects to the portal, obtains a list of the Gateways, and connects to the Gateway with the fastest SSL connect time

B.

The agent connects to the portal and randomly establishes connect to the first available Gateway

C.

The agent connects to the portal, obtains a list of the Gateways, and connects to the Gateway with the fastest PING response time

D.

The agent connects to the closest Gateway and sends the HIP report to the portal

Buy Now
Questions 11

In an HA configuration, which three functions are associated with the HA1 Control Link? (Choose three.)

Options:

A.

exchanging hellos

B.

exchanging heartbeats

C.

synchronizing sessions

D.

synchronizing configuration

Buy Now
Questions 12

What is the result of performing a firewall Commit operation?

Options:

A.

The candidate configuration becomes the saved configuration.

B.

The candidate configuration becomes the running configuration.

C.

The loaded configuration becomes the candidate configuration.

D.

The saved configuration becomes the loaded configuration.

Buy Now
Questions 13

The Threat log records events from which three Security Profiles? (Choose three.)

Options:

A.

Vulnerability Protection

B.

Antivirus

C.

URL Filtering

D.

WildFire Analysis

E.

File Blocking

F.

Anti­Spyware

Buy Now
Questions 14

Which statement accurately reflects the functionality of using regions as objects in Security policies?

Options:

A.

Predefined regions are provided for countries, not but not for cities. The administrator can set up custom regions, including latitude and longitude, to specify the geographic position of that particular region.

B.

The administrator can set up custom regions, including latitude and longitude, to specify the geographic position of that particular region. These custom regions can be used in the "Source User" field of the Security Policies.

C.

Regions cannot be used in the "Source User" field of the Security Policies, unless the administrator has set up custom regions.

D.

The administrator can set up custom regions, including latitude and longitude, to specify the geographic position of that particular region. Both predefined regions and custom regions can be used in the "Source User" field.

Buy Now
Questions 15

Which of the following describes the sequence of the Global Protect agent connecting to a Gateway?

Options:

A.

The Agent connects to the Portal obtains a list of Gateways, and connects to the Gateway with the fastest SSL response time

B.

The agent connects to the closest Gateway and sends the HIP report to the portal

C.

The agent connects to the portal, obtains a list of gateways, and connects to the gateway with the fastest PING response time

D.

The agent connects to the portal and randomly establishes a connection to the first available gateway

Buy Now
Questions 16

Which fields can be altered in the default Vulnerability Protection Profile?

Options:

A.

Category

B.

Severity

C.

None

Buy Now
Questions 17

As ofPAN-OS 8.0, when configuring a Decryption Policy Rule, which of the following is NOT an available option as matching criteria in the rule?

Options:

A.

Application

B.

Source User

C.

URL Category

D.

Source Zone

E.

Service

Buy Now
Questions 18

Palo Alto Networks firewalls support the use of both Dynamic (built-in user roles) and Role-Based (customized user roles)

Options:

A.

True

B.

False

Buy Now
Questions 19

What is the name of the debug save file for IPSec VPN tunnels?

Options:

A.

set vpn all up

B.

test vpn ike-sa

C.

request vpn IPsec-sa test

D.

Ikemgr.pcap

Buy Now
Questions 20

When configuring Admin Roles for Web UI access, what are the available access levels?

Options:

A.

Enable and Disable only

B.

None, Superuser, Device Administrator

C.

Allow and Deny only

D.

Enable, Read-Only and Disable

Buy Now
Questions 21

Which of the following would be a reason to use the PAN-OS XML API to communicate with a Palo Alto Networks firewall?

Options:

A.

To allow the firewall to push User-ID information to a Network Access Control (NAC) device.

B.

To permit syslogging of User Identification events.

C.

To pull information from other network resources for User-ID.

Buy Now
Questions 22

Which of the following statements is NOT True about Palo Alto Networks firewalls?

Options:

A.

The Admin account may be disabled.

B.

System defaults may be restored by performing a factory reset in Maintenance Mode.

C.

The Admin account may not be disabled.

D.

Initial configuration may be accomplished thru the MGT interface or the Console port.

Buy Now
Questions 23

Which two User-ID methods are used to verify known IP address­to­user mappings? (Choosetwo.)

Options:

A.

Client Probing

B.

Server Monitoring

C.

Session Monitoring

D.

Captive Portal

Buy Now
Questions 24

Which interface type is NOT assigned to a security zone?

Options:

A.

VLAN

B.

HA

C.

Virtual Wire

D.

Layer 3

Buy Now
Questions 25

Which interface type does NOT require any configuration changes to adjacent network devices?

Options:

A.

Layer 2

B.

Tap

C.

Virtual Wire

D.

Layer 3

Buy Now
Questions 26

If there is an HA configuration mismatch between firewalls during peer negotiation, whichstate will the passive firewallenter?

Options:

A.

INITIAL

B.

NON­FUNCTIONAL

C.

PASSIVE

D.

ACTIVE

Buy Now
Questions 27

Which three components can be sent to WildFire for analysis? (Choose three.)

Options:

A.

URL links found in email

B.

files traversing the firewall

C.

MGT interface traffic

D.

email attachments

Buy Now
Questions 28

An Interface Management Profile can be attached to which two interface types? (Choose two.)

Options:

A.

Loopback

B.

Virtual Wire

C.

Layer 2

D.

Layer 3

E.

Tap

Buy Now
Questions 29

Which statement describes a function provided by an Interface Management Profile?

Options:

A.

It determines which external services are accessible by the firewall.

B.

It determines which administrators can manage which interfaces.

C.

It determines which firewall services are accessible from external devices.

D.

It determines the NetFlow and LLDP interface management settings.

Buy Now
Questions 30

If a DNS sinkhole is configured, any sinkhole actions indicating a potentially infected host are recorded in which log type?

Options:

A.

Traffic

B.

WildFire Submissions

C.

Data Filtering

D.

Threat

Buy Now
Questions 31

Which two file types can be sent to WildFire for analysis if a firewall has only a standard subscription service? (Choosetwo.)

Options:

A.

.jar

B.

.exe

C.

.dll

D.

.pdf

Buy Now
Questions 32

Which three are valid configuration options in a WildFire Analysis Profile? (Choose three.)

Options:

A.

file types

B.

direction

C.

maximum file size

D.

application

Buy Now
Questions 33

Which two user mapping methods are supported by the User-ID integrated agent? (Choose two.)

Options:

A.

LDAP Filters

B.

WMI probing

C.

NetBIOS Probing

D.

Client Probing

Buy Now
Status:
Expired
Exam Code: ACE
Exam Name: Accredited Configuration Engineer (ACE) PANOS 8.0 Version
Last Update: Mar 14, 2024
Questions: 222
$64  $159.99
$48  $119.99
$40  $99.99
buy now ACE