60 likes | 112 Views
CertsChief products pass your IT Certification Exam with 100% money back guaranteed. Using Confirmed test practice questions and preparation material from CertsChief. Please visit at: http://www.certschief.com
E N D
http://www.certschief.comCertification Preparation Material Palo Alto Networks ACE Accredited Configuration Engineer (ACE) Demo Product - For More Information - Visit: http://www.certschief.com/exam/ACE/ Edition = DEMO ProductFull Version Features: 90 Days Free Updates 30 Days Money Back Guarantee Instant Download Once Purchased 24/7 Online Chat Support Page | 1 http://www.certschief.com/exam/ACE/
http://www.certschief.comCertification Preparation Material Version: 8.0 Question: 1 In a Destination NAT configuration, the Translated Address field may be populated with either an IP address or an Address Object. A. True B. False Answer: A Question: 2 Color-coded tags can be used on all of the items listed below EXCEPT: A. Address Objects B. Zones C. Service Groups D. Vulnerability Profiles Answer: D Question: 3 Which of the following can provide information to a Palo Alto Networks firewall for the purposes of UserID? (Select all correct answers.) A. Domain Controller B. SSL Certificates C. RIPv2 D. Network Access Control (NAC) device Answer: A, B, D Question: 4 When you have created a Security Policy Rule that allows Facebook, what must you do to block all other web browsing traffic? A. Create an additional rule that blocks all other traffic. B. When creating the policy, ensure that webbrowsing is included in the same rule. C. Ensure that the Service column is defined as "applicationdefault" for this Security policy. Doing this will automatically include the implicit webbrowsing application dependency. D. Nothing. You can depend on PANOS to block the webbrowsing traffic that is not needed for Facebook use. Answer: D Question: 5 Page | 2 http://www.certschief.com/exam/ACE/
http://www.certschief.comCertification Preparation Material As the Palo Alto Networks Administrator responsible for UserID, you need to enable mapping of network users that do not signin using LDAP. Which information source would allow for reliable UserID mapping while requiring the least effort to configure? A. Active Directory Security Logs B. WMI Query C. Captive Portal D. Exchange CAS Security logs Answer: A Question: 6 Which of the following CANNOT use the source user as a match criterion? A. Policy Based Forwarding B. Secuirty Policies C. QoS D. DoS Protection E. Antivirus Profile Answer: E Question: 7 Which statement below is True? A. PANOS uses BrightCloud as its default URL Filtering database, but also supports PANDB. B. PANOS uses PANDB for URL Filtering, replacing BrightCloud. C. PANOS uses BrightCloud for URL Filtering, replacing PANDB. D. PANOS uses PANDB as the default URL Filtering database, but also supports BrightCloud. Answer: D Question: 8 When configuring a Decryption Policy rule, which option allows a firewall administrator to control SSHv2 tunneling in policies by specifying the SSHtunnel AppID? A. SSH Proxy B. SSL Forward Proxy C. SSL Inbound Inspection D. SSL Reverse Proxy Answer: A Question: 9 What are two sources of information for determining whether the firewall has been successful in communicating with an external UserID Agent? A. System Logs and the indicator light under the UserID Agent settings in the firewall. B. Traffic Logs and Authentication Logs. Page | 3 http://www.certschief.com/exam/ACE/
http://www.certschief.comCertification Preparation Material C. System Logs and an indicator light on the chassis. D. System Logs and Authentication Logs. Answer: A Question: 10 What Security Profile type must be configured to send files to the WildFire cloud, and with what choices for the action setting? A. A File Blocking profile with possible actions of “Forward” or “Continue and Forward”. B. A Data Filtering profile with possible actions of “Forward” or “Continue and Forward”. C. A Vulnerability Protection profile with the possible action of “Forward”. D. A URL Filtering profile with the possible action of “Forward”. Answer: A Question: 11 When configuring UserID on a Palo Alto Networks firewall, what is the proper procedure to limit User mappings to a particular DHCP scope? A. In the zone in which User Identification is enabled, create a User Identification ACL Include List using the same IP ranges as those allocated in the DHCP scope. B. Under the User Identification settings, under the User Mapping tab, select the "Restrict Users to Allocated IP" checkbox. C. In the zone in which User Identification is enabled, select the "Restrict Allocated IP" checkbox. D. In the DHCP settings on the Palo Alto Networks firewall, point the DHCP Relay to the IP address of the UserID agent. Answer: A Question: 12 A Config Lock may be removed by which of the following users? (Select all correct answers.) A. The administrator who set it B. Device administrators C. Any administrator D. Superusers Answer: A, D Question: 13 After the installation of a new version of PANOS, the firewall must be rebooted. A. True B. False Answer: A Page | 4 http://www.certschief.com/exam/ACE/
http://www.certschief.comCertification Preparation Material Question: 14 When configuring a Decryption Policy Rule, which of the following are available as matching criteria in the rule? (Choose 3 answers.) A. Source Zone B. URL Category C. Application D. Service E. Source User Answer: A, B, E Question: 15 After the installation of the Threat Prevention license, the firewall must be rebooted. A. True B. False Answer: B Page | 5 http://www.certschief.com/exam/ACE/
http://www.certschief.comCertification Preparation Material Demo Product - For More Information - Visit: http://www.certschief.com/exam/ACE/ 20% Discount Coupon Code: 20off2016 Page | 6 http://www.certschief.com/exam/ACE/