8/19/2019 ACE Exam V3 with notes

1/18

ACE Exam 

Question 1 of 50. 

Which statement below is True?

 

PAN-OS uses BrightCloud for URL Filtering, replacing PAN-DB

PAN-OS uses PAN-DB for URL Filtering, replacing BrightCloud

PAN-OS uses PAN-DB as the default URL Filtering data!ase, !ut also supports BrightCloud

PAN-OS uses BrightCloud as its default URL Filtering data!ase, !ut also supports PAN-DB

Question 2 of 50. 

A "Continue" action can be configured on which of the following ecurit! rofiles?

 

URL Filtering and File Bloc"ing

URL Filtering onl#

URL Filtering, File Bloc"ing, and Data Filtering

URL Filtering and Anti-$irus

Question # of 50. 

A Config $oc% ma! be remo&ed b! which of the following users? 'elect all correct answers.(

 An# ad%inistrator  

De$ice ad%inistrators 

&he ad%inistrator 'ho set it 

Superusers 

Question ) of 50. 

When an interface is in Ta* mode and a olic!+s action is set to ,bloc%- the interface will send a TC reset.

8/19/2019 ACE Exam V3 with notes

2/18

&rue False

 

Question 5 of 50. 

/sing the A in A3 4.1 Wildire subscribers can u*load u* to how man! sam*les *er da!?

 

())

()

*)))

*)

Question 4 of 50. 

Which statement about config loc%s is True?

 

 A config loc" can !e re%o$ed onl# !# a superuser

 A config loc" can !e re%o$ed onl# !# the ad%inistrator 'ho set it

 A config loc" can onl# !e re%o$ed !# the ad%inistrator 'ho set it or !# a superuser

 A config loc" 'ill e+pire after hours, unless it 'as set !# a superuser

Question 6 of 50. 

Can multi*le administrator accounts be configured on a single firewall?

.es No

 

Question 7 of 50. 

n which of the following can /ser8 be used to *ro&ide a match condition?

 

8/19/2019 ACE Exam V3 with notes

3/18

Securit# Policies

NA& Policies

/one Protection Policies

&hreat Profiles

Question 9 of 50. 

Will an e:*orted configuration contain ;anagement nterface settings?

.es No

 

Question 10 of 50. 

Which of the following must be enabled in order for /ser8 to function?

 

Securit# Policies %ust ha$e the User-0D option ena!led

User-0D %ust !e ena!led for the source 1one of the traffic that is to !e identified

Capti$e Portal Policies %ust !e ena!led

Capti$e Portal %ust !e ena!led

Question 11 of 50. 

Which of the following interface t!*es can ha&e an address assigned to it?

 

La#er 2

La#er

&ap

3irtual 4ire

Question 12 of 50. 

8/19/2019 ACE Exam V3 with notes

4/18

Which of the following most accuratel! describes 8!namic in a ource AT configuration?

 

 A single 0P address is used, and the source port nu%!er is changed

&he ne+t a$aila!le 0P address in the configured pool is used, !ut the source port nu%!er is unchanged

&he ne+t a$aila!le address in the configured pool is used, and the source port nu%!er is changed

 A single 0P address is used, and the source port nu%!er is unchanged

Question 1# of 50. 

8/19/2019 ACE Exam V3 with notes

5/18

&he Pre-NA& destination 1one and Post-NA& 0P addresses

&he Post-NA& destination 1one and Post-NA& 0P addresses

Question 14 of 50. 

When configuring a ecurit! olic! >ule based on Q8 Address 3b@ects which of the following statementsis True?

 

&he fire'all resol$es the F=DN first 'hen the polic# is co%%itted, and resol$es the F=DN again each ti%eSecurit# Profiles are e$aluated

0n order to create F=DN-!ased o!>ects, #ou need to %anuall# define a list of associated 0P addresses

&he fire'all resol$es the F=DN first 'hen the polic# is co%%itted, and resol$es the F=DN again at DNS &&Le+piration

Question 16 of 50. 

When configuring a 8ecr!*tion olic! >ule which of the following are a&ailable as matching criteria in therule? 'Choose # answers.(

URL Categor# 

Ser$ice 

Source User  

 Application 

Source /one 

Question 17 of 50. 

Without a Wildire subscri*tion which of the following files can be submitted b! the irewall to the hostedWildire &irtualied sandbo:?

 6S Office doc

8/19/2019 ACE Exam V3 with notes

6/18

Question 19 of 50. 

When troubleshooting hase 1 of an sec B tunnel which location and log will be most informati&e?

 Responding side, &raffic log

0nitiating side, S#ste% log

0nitiating side, &raffic log

Responding side, S#ste% Log

Question 20 of 50. 

What are the benefits gained when the "

8/19/2019 ACE Exam V3 with notes

7/18

&o per%it s#slogging of User 0dentification e$ents

&o allo' the fire'all to push User-0D infor%ation to a Net'or" Access Control NAC de$ice

&o pull infor%ation fro% other net'or" resources for User-0D

Question 2# of 50. 

An interface in ta* mode can transmit *ac%ets on the wire.

&rue False

 

Question 2) of 50. 

Wildire ma! be used for identif!ing which of the following t!*es of traffic?

 

D5CP

6al'are

R0P$

OSPF

Question 25 of 50. 

What general *ractice best describes how alo Alto etwor%s firewall *olicies are a**lied to a session?

 

6ost specific %atch applied

First %atch applied

Last %atch applied

&he rule 'ith the highest rule nu%!er is applied

Question 24 of 50. 

8/19/2019 ACE Exam V3 with notes

8/18

What will be the user e:*erience when the safe search o*tion is 3T enabled for Doogle search but thefirewall has "afe earch

8/19/2019 ACE Exam V3 with notes

9/18

Question 29 of 50. 

n order to route traffic between $a!er # interfaces on the alo Alto etwor%s firewall !ou need a

 

3irtual Router

3LAN

3irtual 4ire

Securit# Profile

Question #0 of 50. 

What will the user e:*erience when attem*ting to access a bloc%ed hac%ing website through a translation

ser&ice such as Doogle Translate or Fing Translator? 

 A Bloc"edE page response 'hen the URL filtering polic# to !loc" is enforced

 A SuccessE page response 'hen the site is successfull# translated

&he !ro'ser 'ill !e redirected to the original 'e!site address

 An 5&&P ?rror ()2 - Ser$ice una$aila!le %essage

Question #1 of 50. 

Which of the following are methods that =A clusters use to identif! networ% outages?

 

Lin" and Session 6onitors

3R and 3S.S 6onitors

5eart!eat and Session 6onitors

Path and Lin" 6onitoring

Question #2 of 50. 

8/19/2019 ACE Exam V3 with notes

10/18

Ta%ing into account onl! the information in the screenshot abo&e answer the following Euestion. Whicha**lications will be allowed on their standard *orts? 'elect all correct answers.(

7nutella 

Bit&orrent 

S"#pe 

SS5 

Question ## of 50. 

An enter*rise G s!stem is reEuired to de*lo! $ orward ro:! decr!*tion ca*abilities.

&rue False

 

Question #) of 50. 

n A3 4.0 and later which of these items ma! be used as match criterion in a olic!Fased orwarding>ule? 'Choose #.(

Destination /one 

Source /one 

Source User  

Destination Application 

8/19/2019 ACE Exam V3 with notes

11/18

Question #5 of 50. 

n a 8estination AT configuration the Translated Address field ma! be *o*ulated with either an addressor an Address 3b@ect.

&rue False

 

Question #4 of 50. 

Which routing *rotocol is su**orted on the alo Alto etwor%s *latform?

 

B7P

R0P$*

0S0S

RS&P

Question #6 of 50. 

Foth $ decr!*tion and = decr!*tion are disabled b! default.

&rue False

 

Question #7 of 50. 

n A3 4.0 and later rule numbers are

 

Nu%!ers that specif# the order in 'hich securit# policies are e$aluated

Nu%!ers created to !e uniGue identifiers in each fire'allHs polic# data!ase

Nu%!ers on a scale of ) to 99 that specif# priorities 'hen t'o or %ore rules are in conflict

Nu%!ers created to %a"e it easier for users to discuss a co%plicated or difficult seGuence of rules

Question #9 of 50. 

8/19/2019 ACE Exam V3 with notes

12/18

n alo Alto etwor%s terms an a**lication is

 

 A specific progra% detected 'ithin an identified strea% that can !e detected, %onitored, and

8/19/2019 ACE Exam V3 with notes

13/18

Question )# of 50. 

When configuring the firewall for /ser8 what is the ma:imum number of 8omain Controllers that can beconfigured?

 

*))

()

*)

*()

Question )) of 50. 

Which of the following ser&ices are enabled on the ;DT interface b! default? 'elect all correct answers.(

5&&PS 

SS5 

&elnet 

5&&P 

Question )5 of 50. 

As the alo Alto etwor%s Administrator !ou ha&e enabled A**lication Floc% *ages. Afterwards not%nowing the! are attem*ting to access a bloc%ed webbased a**lication users call the =el* 8es% tocom*lain about networ% connecti&it! issues. What is the cause of the increased number of hel* des% calls?

 

&he fire'all ad%in did not create a custo% response page to notif# potential users that their atte%pt to accessthe 'e!-!ased application is !eing !loc"ed due to co%pan# polic#

&he File Bloc"ing Bloc" Page 'as disa!led

 Application Bloc" Pages 'ill onl# !e displa#ed 'hen Capti$e Portal is configured

So%e App-0D8s are set 'ith a Session &i%eout $alue that is too lo'

Question )4 of 50. 

8/19/2019 ACE Exam V3 with notes

14/18

Considering the information in the screenshot abo&e what is the order of e&aluation for this />$ ilteringrofile?

 

Bloc" List, Allo' List, Custo% Categories, URL Categories BrightCloud or PAN-DB

URL Categories BrightCloud or PAN-DB, Custo% Categories, Bloc" List, Allo' List

 Allo' List, Bloc" List, Custo% Categories, URL Categories BrightCloud or PAN-DB

Bloc" List, Allo' List, URL Categories BrightCloud or PAN-DB, Custo% Categories

Question )6 of 50. 

8/19/2019 ACE Exam V3 with notes

15/18

The screenshot abo&e shows *art of a firewall+s configuration. f *ing traffic can tra&erse this de&ice frome1H2 to e1H1 which of the following statements must be True about this firewall+s configuration? 'elect allcorrect answers.(

&here %ust !e a securit# polic# rule fro% trust 1one to 0nternet 1one that allo's ping 

&here %ust !e a securit# polic# rule fro% 0nternet 1one to trust 1one that allo's ping 

&here %ust !e appropriate routes in the default $irtual router 

&here %ust !e a 6anage%ent Profile that allo's ping &hen assign that 6anage%ent Profile to e*

8/19/2019 ACE Exam V3 with notes

16/18

&hreat and URL Filtering updates are released dail# Application and Anti-$irus updates are released 'ee"l#

Question 50 of 50. 

The "8ri&eF! 8ownload" *rotection feature under ile Floc%ing *rofiles in Content8 *ro&ides

 

&he a!ilit# to use Authentication Profiles, in order to protect against un'anted do'nloads

Protection against un'anted do'nloads !# sho'ing the user a response page indicating that a file is going to!e do'nloaded

0ncreased speed on do'nloads of file t#pes that are e+plicitl# ena!led

Pass'ord-protected access to specific file do'nloads for authori1ed users

;):

Colorcoded tags can be used on all of the items listed below

8/19/2019 ACE Exam V3 with notes

17/18

;)9I

Considering the information in the screenshot abo&e what is the order of e&aluation for this/>$ iltering rofile?

0ncorrect

;I(:

n order to route traffic between $a!er # interfaces on the alo Alto etwor%s firewall !ouneed a

0ncorrect

;I*

n A3 4.0 and later which of these items ma! be used as match criterion in a olic!Fased orwarding >ule? 'Choose #.(

0ncorrect

;I*

n which of the following can /ser8 be used to *ro&ide a match condition? 0ncorrect

;);I

Ta%ing into account onl! the information in the screenshot abo&e answer the followingEuestion. An administrator is using = on *ort #### and FitTorrent on *ort 6666. Whichstatements are True?

0ncorrect

;I**The "8ri&eF! 8ownload" *rotection feature under ile Floc%ing *rofiles in Content8*ro&ides

0ncorrect

;);

The screenshot abo&e shows *art of a firewall+s configuration. f *ing traffic can tra&ersethis de&ice from e1H2 to e1H1 which of the following statements must be True about thisfirewall+s configuration? 'elect all correct answers.(

0ncorrect

;::

What will be the user e:*erience when the safe search o*tion is 3T enabled for Dooglesearch but the firewall has "afe earch

8/19/2019 ACE Exam V3 with notes

18/18