[Free] Download New Updated (February 2016) Palo Alto Networks ACE Practice Tests 1-10

Ensurepass

QUESTION 1

What are two sources of information for determining if the firewall has been successful in communicating with an external User-ID Agent?

 

A.

System Logs and the indicator light under the User-ID Agent settings in the firewall

B.

There’s only one location – System Logs

C.

There’s only one location – Traffic Logs

D.

System Logs and indicator light on the chassis

 

Correct Answer: A

 

 

QUESTION 2

Traffic going to a public IP address is being translated by your PANW firewall to your web server’s private IP. Which IP should the Security Policy use as the “Destination IP” in order to allow traffic to the server.

 

A.

The server’s public IP

B.

The firewall’s gateway IP

C.

The server’s private IP

D.

The firewall’s MGT IP

 

Correct Answer: A

 

 

QUESTION 3

In Active/Active HA environments, redundancy for the HA3 interface can be achieved by

 

A.

Configuring a corresponding HA4 interface

B.

Configuring HA3 as an Aggregate Ethernet bundle

C.

Configuring multiple HA3 interfaces

D.

Configuring HA3 in a redundant group

 

Correct Answer: B

 

 

QUESTION 4

When an interface is in Tap mode and a policy action is set to block, the interface will send a TCP reset.

 

A.

True

B.

False

 

Correct Answer: B

 

 

QUESTION 5

WildFire Analysis Reports are available for the following Operating Systems (select all that apply)

 

A.

Windows XP

B.

Windows 7

C.

Windows 8

D.

Mac OS-X

Correct Answer: ABC

 

 

QUESTION 6

A user complains that they are no longer able to access a needed work application after you have implemented vulnerability and anti-spyware profiles. The user’s application uses a unique port. What is the most efficient way to allow the user access to this application?

 

A.

Utilize an Application Override Rule, referencing the custom port utilzed by this application. Application Override rules bypass all Layer 7 inspection, thereby allowing access to this application.

B.

In the Threat log, locate the event which is blocking access to the user’s application and create a IP-based exemption for this user.

C.

In the vulnerability and anti-spyware profiles, create an application exemption for the user’s application.

D.

Create a custom Security rule for this user to access the required application. Do not apply vulnerability and anti-spyware profiles to this rule.

 

Correct Answer: B

 

 

QUESTION 7

Which of the following are accurate statements describing the HA3 link in an Active-Active HA deployment?

 

A.

HA3 is used for session synchronization

B.

The HA3 link is used to transfer Layer 7 information

C.

HA3 is used to handle asymmetric routing

D.

HA3 is the control link

 

Correct Answer: A

 

 

QUESTION 8

Enabling “Highlight Unsused Rules” in the Security policy window will:

 

A.

Hightlight all rules that did not immmediately match traffic.

B.

Hightlight all rules that did not match traffic since the rule was created or since last reboot of the firewall

C.

Allows the administrator to troubleshoot rules when a validation error occurs at the time of commit.

D.

Allow the administrator to temporarily disable rules that do not match traffic, for testing purposes

 

Correct Answer: B

 

 

QUESTION 9

What is the default setting for ‘Action’ in a Decryption Policy’s rule?

 

A.

No-decrypt

B.

Decrypt

C.

Any

D.

None

Correct Answer: D

 

 

QUESTION 1
0

When a user logs in via Captive Portal, their user information can be checked against:

 

A.

Terminal Server Agent

B.

Security Logs

C.

XML API

D.

Radius

 

Correct Answer: D

 

Free VCE & PDF File for Palo Alto Networks ACE Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in ACE Practice Tests (February 2016) and tagged , , , . Bookmark the permalink.