palo alto networks ace practice test

Accredited Configuration Engineer

Last exam update: Dec 06 ,2024
Page 1 out of 15. Viewing questions 1-15 out of 222

Question 1 Topic 2, Exam Pool A

As of PAN-OS 8.0, when configuring a Decryption Policy Rule, which of the following is NOT an available option as matching
criteria in the rule?

  • A. Application
  • B. Source User
  • C. URL Category
  • D. Source Zone
  • E. Service
Mark Question:
Answer:

A

User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 2 Topic 2, Exam Pool A

Which of the following can provide information to a Palo Alto Networks firewall for the purposes of User-ID? (Select all
correct answers.)

  • A. Network Access Control (NAC) device
  • B. Domain Controller
  • C. RIPv2
  • D. SSL Certificates
Mark Question:
Answer:

A B D

User Votes:
A 1 votes
50%
B 1 votes
50%
C
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3 Topic 2, Exam Pool A

In PAN-OS 8.0 which of the available choices serves as an alert warning by defining patterns of suspicious traffic and
network anomalies that may indicate a host has been compromised?

  • A. App-ID Signatures
  • B. Correlation Objects
  • C. Command & Control Signatures
  • D. Correlation Events
  • E. Custom Signatures
Mark Question:
Answer:

E

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 4 Topic 2, Exam Pool A

Which of the following is True of an application filter?

  • A. An application filter automatically adapts when an application moves from one IP address to another.
  • B. An application filter automatically includes a new application when one of the new applications characteristics are included in the filter.
  • C. An application filter specifies the users allowed to access an application.
  • D. An application filter is used by malware to evade detection by firewalls and anti-virus software.
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5 Topic 2, Exam Pool A

You can assign an IP address to an interface in Virtual Wire mode.

  • A. True
  • B. False
Mark Question:
Answer:

B

User Votes:
A
50%
B 1 votes
50%
Discussions
vote your answer:
A
B
0 / 1000

Question 6 Topic 2, Exam Pool A

The "Drive-By Download" protection feature, under File Blocking profiles in Content-ID, provides:

  • A. Increased speed on downloads of file types that are explicitly enabled.
  • B. The ability to use Authentication Profiles, in order to protect against unwanted downloads.
  • C. Password-protected access to specific file downloads for authorized users.
  • D. Protection against unwanted downloads by showing the user a response page indicating that a file is going to be downloaded.
Mark Question:
Answer:

D

User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7 Topic 2, Exam Pool A

Previous to PAN-OS 8.0 the firewall was able to decode up to two levels. With PAN-OS 8.0 the firewall can now decode up
to how many levels?

  • A. Three
  • B. Six
  • C. Five
  • D. Four
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8 Topic 2, Exam Pool A

Which of the following would be a reason to use the PAN-OS XML API to communicate with a Palo Alto Networks firewall?

  • A. To allow the firewall to push User-ID information to a Network Access Control (NAC) device.
  • B. To permit syslogging of User Identification events.
  • C. To pull information from other network resources for User-ID.
Mark Question:
Answer:

A

User Votes:
A
50%
B
50%
C
50%
Discussions
vote your answer:
A
B
C
0 / 1000

Question 9 Topic 2, Exam Pool A

A "Continue" action can be configured on which of the following Security Profiles?

  • A. URL Filtering and File Blocking
  • B. URL Filtering only
  • C. URL Filtering, File Blocking, and Data Filtering
  • D. URL Filtering and Anti-virus
Mark Question:
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10 Topic 2, Exam Pool A

When configuring a Security Policy Rule based on FQDN Address Objects, which of the following statements is True?

  • A. The firewall resolves the FQDN first when the policy is committed, and resolves the FQDN again each time Security Profiles are evaluated.
  • B. The firewall resolves the FQDN first when the policy is committed, and resolves the FQDN again at DNS TTL expiration.
  • C. In order to create FQDN-based objects, you need to manually define a list of associated IP addresses.
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
Discussions
vote your answer:
A
B
C
0 / 1000

Question 11 Topic 2, Exam Pool A

Users may be authenticated sequentially to multiple authentication servers by configuring:

  • A. An Authentication Profile.
  • B. An Authentication Sequence.
  • C. A custom Administrator Profile.
  • D. Multiple RADIUS servers sharing a VSA configuration.
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12 Topic 2, Exam Pool A

Traffic going to a public IP address is being translated by a Palo Alto Networks firewall to an internal servers private IP
address. Which IP address should the Security Policy use as the "Destination IP" in order to allow traffic to the server?

  • A. The firewall’s gateway IP
  • B. The server’s public IP
  • C. The server’s private IP
  • D. The firewall’s MGT IP
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13 Topic 2, Exam Pool A

An interface in Virtual Wire mode must be assigned an IP address.

  • A. True
  • B. False
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
Discussions
vote your answer:
A
B
0 / 1000

Question 14 Topic 2, Exam Pool A

Which of the following services are enabled on the MGT interface by default? (Select all correct answers.)

  • A. HTTPS
  • B. SSH
  • C. Telnet
  • D. HTTP
Mark Question:
Answer:

A B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15 Topic 2, Exam Pool A

Using the API in PAN-OS 6.1, WildFire subscribers can upload up to how many samples per day?

  • A. 500
  • B. 50
  • C. 1000
  • D. 10
Mark Question:
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2