Scribd Logo
Upload

Welcome to Scribd!

  • Real4Test: Real IT Certification Exam Study Materials/braindumps

    Uploaded by

    Michel Almeida
    53 views5 pages
    .

    Original Title

    ACE2

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    .

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    53 views5 pages

    Real4Test: Real IT Certification Exam Study Materials/braindumps

    Uploaded by

    Michel Almeida
    .

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Real4Test

    http://www.real4test.com
    Real IT Certification Exam Study materials/Braindumps
    IT Certification Guaranteed, The Easy Way!

    Exam : ACE

    Title : Accredited Configuration


    Engineer (ACE)

    Vendor : Palo Alto Networks

    Version : DEMO

    1
    IT Certification Guaranteed, The Easy Way!

    NO.1 When configuring Security rules based on FQDN objects, which of the following statements are
    true?
    A. The firewall resolves the FQDN first when the policy is committed, and is refreshed each time
    Security rules are evaluated.
    B. The firewall resolves the FQDN first when the policy is committed, and is refreshed at TTL
    expiration. There is no limit on the number of IP addresses stored for each resolved FQDN.
    C. In order to create FQDN-based objects, you need to manually define a list of associated IP. Up to
    10 IP addresses can be configured for each FQDN entry.
    D. The firewall resolves the FQDN first when the policy is committed, and is refreshed at TTL
    expiration. The resolution of this FQDN stores up to 10 different IP addresses.
    Answer: C

    NO.2 When creating an application filter, which of the following is true?


    A. They are used by malware
    B. Excessive bandwidth may be used as a filter match criteria
    C. They are called dynamic because they automatically adapt to new IP addresses
    D. They are called dynamic because they will automatically include new applications from an
    application signature
    update if the new application's type is included in the filter
    Answer: D

    NO.3 An interface in Virtual Wire mode must be assigned an IP address.


    A. True
    B. False
    Answer: B

    NO.4 Can multiple administrator accounts be configured on a single firewall?


    A. Yes
    B. No
    Answer: A

    NO.5 What is the default DNS Sinkhole address used by Palo Alto Networks Firewall to cut off
    communication?
    A. MGT interface address
    B. Loopback interface address
    C. Any one Layer 3 interface address
    D. Localhost address
    Answer: B

    NO.6

    2
    IT Certification Guaranteed, The Easy Way!

    Taking into account only the information in the screenshot above, answer the following question. An
    administrator is
    using SSH on port 3333 and BitTorrent on port 7777. Which statements are true?
    A. The BitTorrent traffic will be allowed.
    B. The SSH traffic will be allowed.
    C. The SSH traffic will be denied.
    D. The BitTorrent traffic will be denied.
    Answer: B, D

    NO.7 Which of the following interface types can have an IP address assigned to it? (Select all correct
    answers.)
    A. Layer 3
    B. Layer 2
    C. Tap
    D. Virtual Wire
    Answer: A

    NO.8 Taking into account only the information in the screenshot above, answer the following
    question. Which applications
    will be allowed on their standard ports? (Select all correct answers.)

    A. BitTorrent
    B. Gnutella
    C. Skype
    D. SSH
    Answer: AD

    NO.9 With IKE, each device is identified to the other by a Peer ID. In most cases, this is just the public
    IP address of the

    3
    IT Certification Guaranteed, The Easy Way!

    device. In situations where the public ID is not static, this value can be replaced with a domain name
    or other text
    value
    A. True
    B. False
    Answer: A

    NO.10 To allow the PAN device to resolve internal and external DNS host names for reporting and for
    security policies, an
    administrator can do the following:
    A. Create a DNS Proxy Object with a default DNS Server for external resolution and a DNS server for
    internal domain.
    Then, in the device settings, point to this proxy object for DNS resolution.
    B. In the device settings define internal hosts via a static list.
    C. In the device settings set the Primary DNS server to an external server and the secondary to an
    internal server.
    D. Create a DNS Proxy Object with a default DNS Server for external resolution and a DNS server for
    internal domain.
    Then, in the device settings, select the proxy object as the Primary DNS and create a custom security
    rule which
    references that object for
    Answer: A

    NO.11 Which of the following are accurate statements describing the HA3 link in an Active-Active HA
    deployment?
    A. HA3 is used for session synchronization
    B. The HA3 link is used to transfer Layer 7 information
    C. HA3 is used to handle asymmetric routing
    D. HA3 is the control link
    Answer: A

    NO.12 When configuring a Decryption Policy rule, which option allows a firewall administrator to
    control SSHv2 tunneling in
    policies by specifying the SSHtunnel AppID?
    A. SSH Proxy
    B. SSL Forward Proxy
    C. SSL Inbound Inspection
    D. SSL Reverse Proxy
    Answer: A

    You might also like