[Free] Download New Updated (February 2016) Palo Alto Networks ACE Practice Tests 11-20

Ensurepass

QUESTION 11

With IKE, each device is identified to the other by a Peer ID. In most cases, this is just the public IP address of the device. In situations where the public ID is not static, this value can be replaced with a domain name or other text value

 

A.

True

B.

False

 

Correct Answer: A

 

 

QUESTION 12

Can multiple administrator accounts be configured on a single firewall?

 

A.

Yes

B.

No

 

Correct Answer: A

 

 

QUESTION 13

You’d like to schedule a firewall policy to only allow a certain application during a particular time of day. Where can this policy option be configured?

 

A.

Policies > Security > Service

B.

Policies > Security > Options

C.

Policies > Security > Application

D.

Policies
> Security > Profile

 

Correct Answer: D

 

 

QUESTION 14

Subsequent to the installation of new licenses, the firewall must be rebooted

 

A.

True

B.

False

 

Correct Answer: B

QUESTION 15

When adding an application in a Policy-based Forwarding rule, only a subset of the entire App-ID database is represented. Why would this be?

 

A.

< p class="MsoNormal" style="margin: 0cm 0cm 0pt; line-height: normal; text-autospace: ; mso-layout-grid-align: none" align="left">Policy-based forwarding can only indentify certain applications at this stage of the packet flow, as the majority of applications are only identified once the session is created.

B.

Policy-based forwarding rules require that a companion Security policy rule, allowing the needed Application traffic, must first be created.

C.

The license for the Application ID database is no longer valid.

D.

A custom application must first be defined before it can be added to a Policy-based forwarding rule.

 

Correct Answer: A

 

 

QUESTION 16

For non-Microsoft clients, what Captive Portal method is supported?

 

A.

NTLM Auth

B.

User Agent

C.

Local Database

D.

Web Form Captive Portal

 

Correct Answer: D

 

 

QUESTION 17

To create a custom signature object for an Application Override Policy, which of the following fields are mandatory?

 

A.

Category

B.

Regular Expressions

C.

Ports

D.

Characteristics

 

Correct Answer: D

 

 

QUESTION 18

What is the default DNS Sinkhole address used by Palo Alto Networks Firewall to cut off communication?

 

A.

MGT interface address

B.

Loopback interface address

C.

Any one Layer 3 interface address

D.

Localhost address

 

Correct Answer: B

 

 

 

 

 

QUESTION 19

Which best describes how Palo Alto Networks firewall rules are applied to a session?

 

A.

last match applied

B.

first match applied

C.

all matches applied

D.

most specific match applied

 

Correct Answer: B

 

 

QUESTION 20

Administrative Alarms can be enabled for which of the following except?

 

A.

Certificate Expirations

B.

Security Violation Thresholds

C.

Security Policy Tags

D.

Traffic Log capacity

 

Correct Answer: A

 

Free VCE & PDF File for Palo Alto Networks ACE Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in ACE Practice Tests (February 2016) and tagged , , , . Bookmark the permalink.