8/19/2019 ACE Exam V3 with notes
1/18
ACE Exam
Question 1 of 50.
Which statement below is True?
PAN-OS uses BrightCloud for URL Filtering, replacing PAN-DB
PAN-OS uses PAN-DB for URL Filtering, replacing BrightCloud
PAN-OS uses PAN-DB as the default URL Filtering data!ase, !ut also supports BrightCloud
PAN-OS uses BrightCloud as its default URL Filtering data!ase, !ut also supports PAN-DB
Question 2 of 50.
A "Continue" action can be configured on which of the following ecurit! rofiles?
URL Filtering and File Bloc"ing
URL Filtering onl#
URL Filtering, File Bloc"ing, and Data Filtering
URL Filtering and Anti-$irus
Question # of 50.
A Config $oc% ma! be remo&ed b! which of the following users? 'elect all correct answers.(
An# ad%inistrator
De$ice ad%inistrators
&he ad%inistrator 'ho set it
Superusers
Question ) of 50.
When an interface is in Ta* mode and a olic!+s action is set to ,bloc%- the interface will send a TC reset.
8/19/2019 ACE Exam V3 with notes
2/18
&rue False
Question 5 of 50.
/sing the A in A3 4.1 Wildire subscribers can u*load u* to how man! sam*les *er da!?
())
()
*)))
*)
Question 4 of 50.
Which statement about config loc%s is True?
A config loc" can !e re%o$ed onl# !# a superuser
A config loc" can !e re%o$ed onl# !# the ad%inistrator 'ho set it
A config loc" can onl# !e re%o$ed !# the ad%inistrator 'ho set it or !# a superuser
A config loc" 'ill e+pire after hours, unless it 'as set !# a superuser
Question 6 of 50.
Can multi*le administrator accounts be configured on a single firewall?
.es No
Question 7 of 50.
n which of the following can /ser8 be used to *ro&ide a match condition?
8/19/2019 ACE Exam V3 with notes
3/18
Securit# Policies
NA& Policies
/one Protection Policies
&hreat Profiles
Question 9 of 50.
Will an e:*orted configuration contain ;anagement nterface settings?
.es No
Question 10 of 50.
Which of the following must be enabled in order for /ser8 to function?
Securit# Policies %ust ha$e the User-0D option ena!led
User-0D %ust !e ena!led for the source 1one of the traffic that is to !e identified
Capti$e Portal Policies %ust !e ena!led
Capti$e Portal %ust !e ena!led
Question 11 of 50.
Which of the following interface t!*es can ha&e an address assigned to it?
La#er 2
La#er
&ap
3irtual 4ire
Question 12 of 50.
8/19/2019 ACE Exam V3 with notes
4/18
Which of the following most accuratel! describes 8!namic in a ource AT configuration?
A single 0P address is used, and the source port nu%!er is changed
&he ne+t a$aila!le 0P address in the configured pool is used, !ut the source port nu%!er is unchanged
&he ne+t a$aila!le address in the configured pool is used, and the source port nu%!er is changed
A single 0P address is used, and the source port nu%!er is unchanged
Question 1# of 50.
8/19/2019 ACE Exam V3 with notes
5/18
&he Pre-NA& destination 1one and Post-NA& 0P addresses
&he Post-NA& destination 1one and Post-NA& 0P addresses
Question 14 of 50.
When configuring a ecurit! olic! >ule based on Q8 Address 3b@ects which of the following statementsis True?
&he fire'all resol$es the F=DN first 'hen the polic# is co%%itted, and resol$es the F=DN again each ti%eSecurit# Profiles are e$aluated
0n order to create F=DN-!ased o!>ects, #ou need to %anuall# define a list of associated 0P addresses
&he fire'all resol$es the F=DN first 'hen the polic# is co%%itted, and resol$es the F=DN again at DNS &&Le+piration
Question 16 of 50.
When configuring a 8ecr!*tion olic! >ule which of the following are a&ailable as matching criteria in therule? 'Choose # answers.(
URL Categor#
Ser$ice
Source User
Application
Source /one
Question 17 of 50.
Without a Wildire subscri*tion which of the following files can be submitted b! the irewall to the hostedWildire &irtualied sandbo:?
6S Office doc
8/19/2019 ACE Exam V3 with notes
6/18
Question 19 of 50.
When troubleshooting hase 1 of an sec B tunnel which location and log will be most informati&e?
Responding side, &raffic log
0nitiating side, S#ste% log
0nitiating side, &raffic log
Responding side, S#ste% Log
Question 20 of 50.
What are the benefits gained when the "
8/19/2019 ACE Exam V3 with notes
7/18
&o per%it s#slogging of User 0dentification e$ents
&o allo' the fire'all to push User-0D infor%ation to a Net'or" Access Control NAC de$ice
&o pull infor%ation fro% other net'or" resources for User-0D
Question 2# of 50.
An interface in ta* mode can transmit *ac%ets on the wire.
&rue False
Question 2) of 50.
Wildire ma! be used for identif!ing which of the following t!*es of traffic?
D5CP
6al'are
R0P$
OSPF
Question 25 of 50.
What general *ractice best describes how alo Alto etwor%s firewall *olicies are a**lied to a session?
6ost specific %atch applied
First %atch applied
Last %atch applied
&he rule 'ith the highest rule nu%!er is applied
Question 24 of 50.
8/19/2019 ACE Exam V3 with notes
8/18
What will be the user e:*erience when the safe search o*tion is 3T enabled for Doogle search but thefirewall has "afe earch
8/19/2019 ACE Exam V3 with notes
9/18
Question 29 of 50.
n order to route traffic between $a!er # interfaces on the alo Alto etwor%s firewall !ou need a
3irtual Router
3LAN
3irtual 4ire
Securit# Profile
Question #0 of 50.
What will the user e:*erience when attem*ting to access a bloc%ed hac%ing website through a translation
ser&ice such as Doogle Translate or Fing Translator?
A Bloc"edE page response 'hen the URL filtering polic# to !loc" is enforced
A SuccessE page response 'hen the site is successfull# translated
&he !ro'ser 'ill !e redirected to the original 'e!site address
An 5&&P ?rror ()2 - Ser$ice una$aila!le %essage
Question #1 of 50.
Which of the following are methods that =A clusters use to identif! networ% outages?
Lin" and Session 6onitors
3R and 3S.S 6onitors
5eart!eat and Session 6onitors
Path and Lin" 6onitoring
Question #2 of 50.
8/19/2019 ACE Exam V3 with notes
10/18
Ta%ing into account onl! the information in the screenshot abo&e answer the following Euestion. Whicha**lications will be allowed on their standard *orts? 'elect all correct answers.(
7nutella
Bit&orrent
S"#pe
SS5
Question ## of 50.
An enter*rise G s!stem is reEuired to de*lo! $ orward ro:! decr!*tion ca*abilities.
&rue False
Question #) of 50.
n A3 4.0 and later which of these items ma! be used as match criterion in a olic!Fased orwarding>ule? 'Choose #.(
Destination /one
Source /one
Source User
Destination Application
8/19/2019 ACE Exam V3 with notes
11/18
Question #5 of 50.
n a 8estination AT configuration the Translated Address field ma! be *o*ulated with either an addressor an Address 3b@ect.
&rue False
Question #4 of 50.
Which routing *rotocol is su**orted on the alo Alto etwor%s *latform?
B7P
R0P$*
0S0S
RS&P
Question #6 of 50.
Foth $ decr!*tion and = decr!*tion are disabled b! default.
&rue False
Question #7 of 50.
n A3 4.0 and later rule numbers are
Nu%!ers that specif# the order in 'hich securit# policies are e$aluated
Nu%!ers created to !e uniGue identifiers in each fire'allHs polic# data!ase
Nu%!ers on a scale of ) to 99 that specif# priorities 'hen t'o or %ore rules are in conflict
Nu%!ers created to %a"e it easier for users to discuss a co%plicated or difficult seGuence of rules
Question #9 of 50.
8/19/2019 ACE Exam V3 with notes
12/18
n alo Alto etwor%s terms an a**lication is
A specific progra% detected 'ithin an identified strea% that can !e detected, %onitored, and
8/19/2019 ACE Exam V3 with notes
13/18
Question )# of 50.
When configuring the firewall for /ser8 what is the ma:imum number of 8omain Controllers that can beconfigured?
*))
()
*)
*()
Question )) of 50.
Which of the following ser&ices are enabled on the ;DT interface b! default? 'elect all correct answers.(
5&&PS
SS5
&elnet
5&&P
Question )5 of 50.
As the alo Alto etwor%s Administrator !ou ha&e enabled A**lication Floc% *ages. Afterwards not%nowing the! are attem*ting to access a bloc%ed webbased a**lication users call the =el* 8es% tocom*lain about networ% connecti&it! issues. What is the cause of the increased number of hel* des% calls?
&he fire'all ad%in did not create a custo% response page to notif# potential users that their atte%pt to accessthe 'e!-!ased application is !eing !loc"ed due to co%pan# polic#
&he File Bloc"ing Bloc" Page 'as disa!led
Application Bloc" Pages 'ill onl# !e displa#ed 'hen Capti$e Portal is configured
So%e App-0D8s are set 'ith a Session &i%eout $alue that is too lo'
Question )4 of 50.
8/19/2019 ACE Exam V3 with notes
14/18
Considering the information in the screenshot abo&e what is the order of e&aluation for this />$ ilteringrofile?
Bloc" List, Allo' List, Custo% Categories, URL Categories BrightCloud or PAN-DB
URL Categories BrightCloud or PAN-DB, Custo% Categories, Bloc" List, Allo' List
Allo' List, Bloc" List, Custo% Categories, URL Categories BrightCloud or PAN-DB
Bloc" List, Allo' List, URL Categories BrightCloud or PAN-DB, Custo% Categories
Question )6 of 50.
8/19/2019 ACE Exam V3 with notes
15/18
The screenshot abo&e shows *art of a firewall+s configuration. f *ing traffic can tra&erse this de&ice frome1H2 to e1H1 which of the following statements must be True about this firewall+s configuration? 'elect allcorrect answers.(
&here %ust !e a securit# polic# rule fro% trust 1one to 0nternet 1one that allo's ping
&here %ust !e a securit# polic# rule fro% 0nternet 1one to trust 1one that allo's ping
&here %ust !e appropriate routes in the default $irtual router
&here %ust !e a 6anage%ent Profile that allo's ping &hen assign that 6anage%ent Profile to e*
8/19/2019 ACE Exam V3 with notes
16/18
&hreat and URL Filtering updates are released dail# Application and Anti-$irus updates are released 'ee"l#
Question 50 of 50.
The "8ri&eF! 8ownload" *rotection feature under ile Floc%ing *rofiles in Content8 *ro&ides
&he a!ilit# to use Authentication Profiles, in order to protect against un'anted do'nloads
Protection against un'anted do'nloads !# sho'ing the user a response page indicating that a file is going to!e do'nloaded
0ncreased speed on do'nloads of file t#pes that are e+plicitl# ena!led
Pass'ord-protected access to specific file do'nloads for authori1ed users
;):
Colorcoded tags can be used on all of the items listed below
8/19/2019 ACE Exam V3 with notes
17/18
;)9I
Considering the information in the screenshot abo&e what is the order of e&aluation for this/>$ iltering rofile?
0ncorrect
;I(:
n order to route traffic between $a!er # interfaces on the alo Alto etwor%s firewall !ouneed a
0ncorrect
;I*
n A3 4.0 and later which of these items ma! be used as match criterion in a olic!Fased orwarding >ule? 'Choose #.(
0ncorrect
;I*
n which of the following can /ser8 be used to *ro&ide a match condition? 0ncorrect
;);I
Ta%ing into account onl! the information in the screenshot abo&e answer the followingEuestion. An administrator is using = on *ort #### and FitTorrent on *ort 6666. Whichstatements are True?
0ncorrect
;I**The "8ri&eF! 8ownload" *rotection feature under ile Floc%ing *rofiles in Content8*ro&ides
0ncorrect
;);
The screenshot abo&e shows *art of a firewall+s configuration. f *ing traffic can tra&ersethis de&ice from e1H2 to e1H1 which of the following statements must be True about thisfirewall+s configuration? 'elect all correct answers.(
0ncorrect
;::
What will be the user e:*erience when the safe search o*tion is 3T enabled for Dooglesearch but the firewall has "afe earch
8/19/2019 ACE Exam V3 with notes
18/18