My ACE Final Exam

1/20/2015
EmpoweringPeople:paloaltonetworks
TestAccreditedConfigurationEngineer(ACE)ExamPANOS6.0Version
ACEExam
Question1of50.
InaDestinationNATconfiguration,theTranslatedAddressfieldmaybepopulatedwitheitheranIPaddressoranAddressObject.
True
False
Markforfollowup
Question2of50.
ColorcodedtagscanbeusedonalloftheitemslistedbelowEXCEPT:
AddressObjects
Zones
ServiceGroups
VulnerabilityProfiles
Markforfollowup
Question3of50.
WhichofthefollowingcanprovideinformationtoaPaloAltoNetworksfirewallforthepurposesofUserID?(Selectallcorrectanswers.)
DomainController
SSLCertificates
RIPv2
NetworkAccessControl(NAC)device
Markforfollowup
Question4of50.
WhenyouhavecreatedaSecurityPolicyRulethatallowsFacebook,whatmustyoudotoblockallotherwebbrowsingtraffic?
Createanadditionalrulethatblocksallothertraffic.
Whencreatingthepolicy,ensurethatwebbrowsingisincludedinthesamerule.
EnsurethattheServicecolumnisdefinedas"applicationdefault"forthisSecuritypolicy.Doingthiswillautomaticallyincludetheimplicitwebbrowsingapplicationdependency.
Nothing.YoucandependonPANOStoblockthewebbrowsingtrafficthatisnotneededforFacebookuse.
Markforfollowup
Question5of50.
AsthePaloAltoNetworksAdministratorresponsibleforUserID,youneedtoenablemappingofnetworkusersthatdonotsigninusingLDAP.Whichinformationsourcewouldallow
forreliableUserIDmappingwhilerequiringtheleastefforttoconfigure?
ActiveDirectorySecurityLogs
WMIQuery
CaptivePortal
ExchangeCASSecuritylogs
Markforfollowup
Question6of50.
WhichofthefollowingCANNOTusethesourceuserasamatchcriterion?
PolicyBasedForwarding
SecuirtyPolicies
QoS
DoSProtection
AntivirusProfile
Markforfollowup
Question7of50.
WhichstatementbelowisTrue?
https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=7557e2531f91470fa91ca284f048d2c3&evalLvl=5&redirect_url=%2fphnx%2fdriver.asp
1/8
1/20/2015
PANOSusesBrightCloudasitsdefaultURLFilteringdatabase,butalsosupportsPANDB.
PANOSusesPANDBforURLFiltering,replacingBrightCloud.
PANOSusesBrightCloudforURLFiltering,replacingPANDB.
PANOSusesPANDBasthedefaultURLFilteringdatabase,butalsosupportsBrightCloud.
Markforfollowup
Question8of50.
WhenconfiguringaDecryptionPolicyrule,whichoptionallowsafirewalladministratortocontrolSSHv2tunnelinginpoliciesbyspecifyingtheSSHtunnelAppID?
SSHProxy
SSLForwardProxy
SSLInboundInspection
SSLReverseProxy
Markforfollowup
Question9of50.
WhataretwosourcesofinformationfordeterminingwhetherthefirewallhasbeensuccessfulincommunicatingwithanexternalUserIDAgent?
SystemLogsandtheindicatorlightundertheUserIDAgentsettingsinthefirewall.
TrafficLogsandAuthenticationLogs.
SystemLogsandanindicatorlightonthechassis.
SystemLogsandAuthenticationLogs.
Markforfollowup
Question10of50.
WhatSecurityProfiletypemustbeconfiguredtosendfilestotheWildFirecloud,andwithwhatchoicesfortheactionsetting?
AFileBlockingprofilewithpossibleactionsofForwardorContinueandForward.
ADataFilteringprofilewithpossibleactionsofForwardorContinueandForward.
AVulnerabilityProtectionprofilewiththepossibleactionofForward.
AURLFilteringprofilewiththepossibleactionofForward.
Markforfollowup
Question11of50.
WhenconfiguringUserIDonaPaloAltoNetworksfirewall,whatistheproperproceduretolimitUsermappingstoaparticularDHCPscope?
InthezoneinwhichUserIdentificationisenabled,createaUserIdentificationACLIncludeListusingthesameIPrangesasthoseallocatedintheDHCPscope.
UndertheUserIdentificationsettings,undertheUserMappingtab,selectthe"RestrictUserstoAllocatedIP"checkbox.
InthezoneinwhichUserIdentificationisenabled,selectthe"RestrictAllocatedIP"checkbox.
IntheDHCPsettingsonthePaloAltoNetworksfirewall,pointtheDHCPRelaytotheIPaddressoftheUserIDagent.
Markforfollowup
Question12of50.
AConfigLockmayberemovedbywhichofthefollowingusers?(Selectallcorrectanswers.)
Theadministratorwhosetit
Deviceadministrators
Anyadministrator
Superusers
Markforfollowup
Question13of50.
AftertheinstallationofanewversionofPANOS,thefirewallmustberebooted.
True
False
Markforfollowup
Question14of50.
WhenconfiguringaDecryptionPolicyRule,whichofthefollowingareavailableasmatchingcriteriaintherule?(Choose3answers.)
SourceZone
2/8
1/20/2015
URLCategory
Application
Service
SourceUser
Markforfollowup
Question15of50.
AftertheinstallationoftheThreatPreventionlicense,thefirewallmustberebooted.
True
False
Markforfollowup
Question16of50.
WhatisthefunctionoftheGlobalProtectPortal?
TomaintainthelistofGlobalProtectGatewaysandspecifyHIPdatathattheagentshouldreport.
ToloadbalanceGlobalProtectclientconnectionstoGlobalProtectGateways.
TomaintainthelistofremoteGlobalProtectPortalsandthelistofcategoriesforcheckingtheclientmachine.
ToprovideredundancyfortunneledconnectionsthroughtheGlobalProtectGateways.
Markforfollowup
Question17of50.
WhichmodewillallowausertochoosewhentheywishtoconnecttotheGlobalProtectNetwork?
AlwaysOnmode
Optionalmode
SingleSignOnmode
OnDemandmode
Markforfollowup
Question18of50.
AftertheinstallationofanewApplicationandThreatdatabase,thefirewallmustberebooted.
True
False
Markforfollowup
Question19of50.
Takingintoaccountonlytheinformationinthescreenshotabove,answerthefollowingquestion:Aspanportoraswitchisconnectedtoe1/4,buttherearenotrafficlogs.Whichofthe
followingconditionsmostlikelyexplainsthisbehavior?
Theinterfaceisnotassignedavirtualrouter.
TheinterfaceisnotassignedanIPaddress.
Theinterfaceisnotup.
Thereisnozoneassignedtotheinterface.
Markforfollowup
Question20of50.
WhichofthefollowingplatformssupportstheDecryptionPortMirrorfunction?
3/8
1/20/2015
PA3000
VMSeries100
PA2000
PA4000
Markforfollowup
Question21of50.
AnenterprisePKIsystemisrequiredtodeploySSLForwardProxydecryptioncapabilities.
True
False
Markforfollowup
Question22of50.
UserIDisenabledintheconfigurationof
ASecurityProfile.
AnInterface.
ASecurityPolicy.
AZone.
Markforfollowup
Question23of50.
WhichofthefollowinginterfacetypescanhaveanIPaddressassignedtoit?(Selectallcorrectanswers.)
Layer3
Layer2
Tap
VirtualWire
Markforfollowup
Question24of50.
AsthePaloAltoNetworksAdministratoryouhaveenabledApplicationBlockpages.Afterwards,notknowingtheyareattemptingtoaccessablockedwebbasedapplication,users
calltheHelpDesktocomplainaboutnetworkconnectivityissues.Whatisthecauseoftheincreasednumberofhelpdeskcalls?
TheFileBlockingBlockPagewasdisabled.
SomeAppID'saresetwithaSessionTimeoutvaluethatistoolow.
Thefirewalladmindidnotcreateacustomresponsepagetonotifypotentialusersthattheirattempttoaccessthewebbasedapplicationisbeingblockedduetopolicy.
ApplicationBlockPageswillonlybedisplayedwhenCaptivePortalisconfigured.
Markforfollowup
Question25of50.
Securitypoliciesspecifyasourceinterfaceandadestinationinterface.
True
False
Markforfollowup
Question26of50.
SelecttheimplicitrulesthatareappliedtotrafficthatfailstomatchanyadministratordefinedSecurityPolicies.(Chooseallrulesthatarecorrect.)
Intrazonetrafficisallowed
Interzonetrafficisdenied
Intrazonetrafficisdenied
Interzonetrafficisallowed
Markforfollowup
Question27of50.
BesidesselectingtheHeartbeatBackupoptionwhencreatinganActivePassiveHAPair,whichofthefollowingalsoprevents"SplitBrain"?
CreatingacustominterfaceunderServiceRouteConfiguration,andassigningthisinterfaceasthebackupHA2link.
UnderPacketForwarding,selectingtheVRSynccheckbox.
ConfiguringanindependentbackupHA1link.
4/8
1/20/2015
ConfiguringabackupHA2linkthatpointstotheMGTinterfaceoftheotherdeviceinthepair.
Markforfollowup
Question28of50.
WhichofthefollowingstatementsisNOTTrueregardingaDecryptionMirrorinterface?
Requiressuperuserprivilege
SupportsSSLoutbound
CanbeamemberofanyVSYS
SupportsSSLinbound
Markforfollowup
Question29of50.
Consideringtheinformationinthescreenshotabove,whatistheorderofevaluationforthisURLFilteringProfile?
URLCategories(BrightCloudorPANDB),CustomCategories,BlockList,AllowList.
BlockList,AllowList,URLCategories(BrightCloudorPANDB),CustomCategories.
BlockList,AllowList,CustomCategories,URLCategories(BrightCloudorPANDB).
AllowList,BlockList,CustomCategories,URLCategories(BrightCloudorPANDB).
Markforfollowup
Question30of50.
Aninterfaceintapmodecantransmitpacketsonthewire.
True
False
Markforfollowup
Question31of50.
WhichofthefollowingisNOTavalidoptionforbuiltinCLIAdminroles?
deviceadmin
superuser
devicereader
read/write
Markforfollowup
Question32of50.
WhichoftheDynamicUpdateslistedbelowareissuedonadailybasis?(Selectallcorrectanswers.)
Applications
BrightCloudURLFiltering
ApplicationsandThreats
5/8
1/20/2015
Antivirus
Markforfollowup
Question33of50.
InPANOS6.0andlater,whichoftheseitemsmaybeusedasmatchcriterioninaPolicyBasedForwardingRule?(Choose3.)
SourceUser
SourceZone
DestinationZone
Application
Markforfollowup
Question34of50.
Whatisthemaximumfilesizeof.EXEfilesuploadedfromthefirewalltoWildFire?
Always2megabytes.
Always10megabytes.
Configurableupto2megabytes.
Configurableupto10megabytes.
Markforfollowup
Question35of50.
WhichofthefollowingmostaccuratelydescribesDynamicIPinaSourceNATconfiguration?
Thenextavailableaddressintheconfiguredpoolisused,andthesourceportnumberischanged.
AsingleIPaddressisused,andthesourceportnumberisunchanged.
AsingleIPaddressisused,andthesourceportnumberischanged.
ThenextavailableIPaddressintheconfiguredpoolisused,butthesourceportnumberisunchanged.
Markforfollowup
Question36of50.
AlloftheinterfacesonaPaloAltoNetworksdevicemustbeofthesameinterfacetype.
True
False
Markforfollowup
Question37of50.
WithIKEPhase1,eachdeviceisidentifiedtotheotherbyaPeerID.Inmostcases,thePeerIDisjustthepublicIPaddressofthedevice.InsituationswherethepublicIPaddressis
notstatic,thePeerIDcanbeatextvalue.
True
False
Markforfollowup
Question38of50.
Whichofthefollowingfactsaboutdynamicupdatesiscorrect?
Antivirusupdatesarereleaseddaily.ApplicationandThreatupdatesarereleasedweekly.
ApplicationandAntivirusupdatesarereleasedweekly.ThreatandThreatandURLFilteringupdatesarereleasedweekly.
ApplicationandThreatupdatesarereleaseddaily.AntivirusandURLFilteringupdatesarereleasedweekly.
ThreatandURLFilteringupdatesarereleaseddaily.ApplicationandAntivirusupdatesarereleasedweekly.
Markforfollowup
Question39of50.
WhatistheresultofanAdministratorsubmittingaWildFirereportsverdictbacktoPaloAltoNetworksasIncorrect?
ThesignaturewillbeupdatedforFalsepositiveandFalsenegativefilesinthenextAVsignatureupdate.
ThesignaturewillbeupdatedforFalsepositiveandFalsenegativefilesinthenextApplicationsignatureupdate.
Youwillreceiveanemailtodisablethesignaturemanually.
Youwillreceiveanupdatewithin15minutes.
Markforfollowup
6/8
1/20/2015
Question40of50.
WhenconfiguringthefirewallforUserID,whatisthemaximumnumberofDomainControllersthatcanbeconfigured?
100
50
10
150
Markforfollowup
Question41of50.
InaPaloAltoNetworksfirewall,everyinterfaceinusemustbeassignedtoazoneinordertoprocesstraffic.
True
False
Markforfollowup
Question42of50.
Takingintoaccountonlytheinformationinthescreenshotabove,answerthefollowingquestion.Anadministratorispinging4.4.4.4andfailstoreceivearesponse.Whatisthemost
likelyreasonforthelackofresponse?
Theinterfaceisdown.
ThereisaSecurityPolicythatpreventsping.
ThereisnoManagementProfile.
Thereisnoroutebacktothemachineoriginatingtheping.
Markforfollowup
Question43of50.
WhichtypeoflicenseisrequiredtoperformDecryptionPortMirroring?
AfreePANPADecryptlicense
AsubscriptionbasedSSLPortlicense
AClientDecryptionlicense
AsubscriptionbasedPANPADecryptlicense
Markforfollowup
Question44of50.
InwhichofthefollowingcanUserIDbeusedtoprovideamatchcondition?(Selectallcorrectanswers.)
SecurityPolicies
NATPolicies
ZoneProtectionPolicies
ThreatProfiles
Markforfollowup
Question45of50.
WhichofthefollowingarenecessarycomponentsofaGlobalProtectsolution?
GlobalProtectGateway,GlobalProtectAgent,GlobalProtectPortal
GlobalProtectGateway,GlobalProtectAgent,GlobalProtectServer
GlobalProtectGateway,GlobalProtectNetConnect,GlobalProtectAgent,GlobalProtectPortal,GlobalProtectServer
7/8
1/20/2015
GlobalProtectNetConnect,GlobalProtectAgent,GlobalProtectPortal,GlobalProtectServer
Markforfollowup
Question46of50.
Whichfeaturecanbeconfiguredtoblocksessionsthatthefirewallcannotdecrypt?
DecryptionProfileinDecryptionPolicy
DecryptionProfileinSecurityProfile
DecryptionProfileinPBF
DecryptionProfileinSecurityPolicy
Markforfollowup
Question47of50.
HowdoyoureducetheamountofinformationrecordedintheURLContentFilteringLogs?
Enable"Logcontainerpageonly".
DisableURLpacketcaptures.
EnableURLlogcaching.
EnableDSRI.
Markforfollowup
Question48of50.
Takingintoaccountonlytheinformationinthescreenshotabove,answerthefollowingquestion.AnadministratorisusingSSHonport3333andBitTorrentonport7777.Which
statementsareTrue?
TheBitTorrenttrafficwillbeallowed.
TheSSHtrafficwillbeallowed.
TheSSHtrafficwillbedenied.
TheBitTorrenttrafficwillbedenied.
Markforfollowup
Question49of50.
WhichofthefollowingstatementsisNOTTrueaboutPaloAltoNetworksfirewalls?
TheAdminaccountmaybedisabled.
SystemdefaultsmayberestoredbyperformingafactoryresetinMaintenanceMode.
TheAdminaccountmaynotbedisabled.
InitialconfigurationmaybeaccomplishedthrutheMGTinterfaceortheConsoleport.
Markforfollowup
Question50of50.
Whenusingremoteauthenticationforusers(LDAP,RADIUS,ActiveDirectory,etc.),whatmustbedonetoallowausertoauthenticatethroughmultiplemethods?
CreateanAuthenticationSequence,dictatingtheorderofauthenticationprofiles.
Createmultipleauthenticationprofilesforthesameuser.
Thiscannotbedone.Asingleusercanonlyuseoneauthenticationtype.
Thiscannotbedone.Althoughmultipleauthenticationmethodsexist,afirewallmustchooseasingle,globalauthenticationtypeandallusersmustusethismethod.
Markforfollowup
Save/ReturnLater
Summary
8/8

My ACE Final Exam

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

My ACE Final Exam

Transféré par

Droits d'auteur :

Formats disponibles

1/20/2015

Vous aimerez peut-être aussi