[Free] Download New Updated (February 2016) Palo Alto Networks ACE Practice Tests 31-40

Ensurepass

QUESTION 31

When configuring Security rules based on FQDN objects, which of the following statements are true?

 

A.

The firewall resolves the FQDN first when the policy is committed, and is refreshed each time Security rules are evaluated.

B.

The firewall resolves the FQDN first when the policy is committed, and is refreshed at TTL expiration. There is no limit on the number of IP addresses stored for each resolved FQDN.

C.

In order to create FQDN-based objects, you need to manually define a list of associated IP. Up to 10 IP addresses can be configured for each FQDN entry.

D.

The firewall resolves the FQDN first when the policy is committed, and is refreshed at TTL expiration. The resolution of this FQDN stores up to 10 different IP addresses.

 

Correct Answer: C

 

 

QUESTION 32

Which of the following interfaces types will have a MAC address?

 

A.

Layer 3

B.

Tap

C.

Vwire

D.

Layer 2

 

Correct Answer: D

 

 

QUESTION 33

Which fields can be altered in the default Vulnerability Protection Profile?

&nb
sp;

A.

Category

B.

Severity

C.

None

D.

Both A and B

 

Correct Answer: C

 

 

QUESTION 34

When a Palo Alto Networks firewall is forwarding traffic through interfaces configured for L2 mode, security policies can be set to match on multicast IP addresses.

 

A.

True

B.

False

 

Correct Answer: B

 

 

QUESTION 35

With PAN-OS 5.0, how can a common NTP value be pushed to a cluster of firewalls?

 

A.

Via a Panorama Template

B.

Via a shared object in Panorama

C.

Via a Panorama Device Group

D.

Via a Device Group object in Panorama

 

Correct Answer: B

 

 

 

QUESTION 36

When Network Address Translation has been performed on traffic, Destination Zones in Security rules should be based on:

 

A.

Post-NAT addresses

B.

The same zones used in the NAT rules

C.

Pre-NAT addresses

D.

None of the above

 

Correct Answer: A

 

 

QUESTION 37

Palo Alto Networks firewalls support the use of both Dynamic (built-in user roles) and Role- Based (customized user roles)

 

A.

True

B.

False

 

Correct Answer: A

 

 

QUESTION 38

Which of the following types of protection are available in DoS policy?

 

A.

Session Limit, SYN Flood, UDP Flood

B.

Session Limit, Port Scanning, Host Swapping, UDP Flood

C.

Session Limit, SYN Flood, Host Swapping, UDP Flood

D.

Session Limit, SYN Flood, Port Scanning, Host Swapping

 

Correct Answer: A

 

 

QUESTION 39

The “Disable Server Return Inspection” option on a security profile:

 

A.

Can only be configured in Tap Mode

B.

Should only be enabled on security policies allowing traffic to a trusted server.

C.

Does not perform higher-level inspection of traffic from the side that originated the TCP SYN packet

D.

Only performs inspection of traffic from the side that originated the TCP SYN-ACK packet

 

Correct Answer: B

 

 

QUESTION 40

What option should be configured when using User-ID

 

A.

Enable User-ID per zone

B.

Enable User-ID per interface

C.

Enable User-ID per Security Policy

D.

None of the above

 

Correct Answer: C

 

Free VCE & PDF File for Palo Alto Networks ACE Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in ACE Practice Tests (February 2016) and tagged , , , . Bookmark the permalink.