palo alto networks ace practice test

Accredited Configuration Engineer

Last exam update: Nov 07 ,2025
Page 1 out of 15. Viewing questions 1-15 out of 222

Question 1 Topic 1, NEW Questions

A Security policy rule displayed in italic font indicates which condition?

  • A. The rule has been overridden.
  • B. The rule is a clone.
  • C. The rule is disabled.
  • D. The rule is active.
Mark Question:
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2 Topic 1, NEW Questions

An Antivirus Security Profile specifies Actions and WildFire Actions. Wildfire Actions enable you to configure the firewall to
perform which operation?

  • A. Block traffic when a WildFire virus signature is detected.
  • B. Download new antivirus signatures from WildFire.
  • C. Upload traffic to WildFire when a virus is suspected.
  • D. Delete packet data when a virus is suspected.
Mark Question:
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3 Topic 1, NEW Questions

An Interface Management Profile can be attached to which two interface types? (Choose two.)

  • A. Loopback
  • B. Virtual Wire
  • C. Layer 2
  • D. Layer 3
  • E. Tap
Mark Question:
Answer:

A B D

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 4 Topic 1, NEW Questions

AppID running on a firewall identifies applications using which three methods? (Choose three.)

  • A. Application signatures
  • B. Known protocol decoders
  • C. WildFire lookups
  • D. Program heuristics
  • E. PANDB lookups
Mark Question:
Answer:

A B D

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 5 Topic 1, NEW Questions

Application block pages can be enabled for which applications?

  • A. any
  • B. MGT portbased
  • C. nonTCP/IP
  • D. webbased
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6 Topic 1, NEW Questions

Because a firewall examines every packet in a session, a firewall can detect application ________?

  • A. shifts
  • B. groups
  • C. filters
  • D. errors
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7 Topic 1, NEW Questions

Finding URLs matched to the notresolved URL category in the URL Filtering log file might indicate that you should take
which action?

  • A. Reboot the firewall.
  • B. Validate connectivity to the PAN-DB cloud.
  • C. Redownload the URL seed database.
  • D. Validate your Security policy rules.
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8 Topic 1, NEW Questions

For which firewall feature should you create forward trust and forward untrust certificates?

  • A. SSH decryption
  • B. SSL clientside certificate checking
  • C. SSL Inbound Inspection decryption
  • D. SSL forward proxy decryption
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9 Topic 1, NEW Questions

If a DNS sinkhole is configured, any sinkhole actions indicating a potentially infected host are recorded in which log type?

  • A. Traffic
  • B. WildFire Submissions
  • C. Data Filtering
  • D. Threat
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10 Topic 1, NEW Questions

If there is an HA configuration mismatch between firewalls during peer negotiation, which state will the passive firewall
enter?

  • A. INITIAL
  • B. NONFUNCTIONAL
  • C. PASSIVE
  • D. ACTIVE
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11 Topic 1, NEW Questions

In a destination NAT configuration, which option accurately completes the following sentence? A Security policy rule should
be written to match the _______.

  • A. postNAT source and destination addresses, but the preNAT destination zone
  • B. original preNAT source and destination addresses, but the postNAT destination zone
  • C. original preNAT source and destination addresses, and the preNAT destination zone
  • D. postNAT source and destination addresses, and the postNAT destination zone
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12 Topic 1, NEW Questions

In a Security Profile, which action does a firewall take when the profiles action is configured as Reset Server? (Choose
two.)

  • A. The traffic responder is reset.
  • B. The client is reset.
  • C. For UDP sessions, the connection is reset.
  • D. For UDP sessions, the connection is dropped.
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13 Topic 1, NEW Questions

In an HA configuration, which three components are synchronized between the pair of firewalls? (Choose three.)

  • A. logs
  • B. objects
  • C. policies
  • D. networks
Mark Question:
Answer:

B C D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14 Topic 1, NEW Questions

In an HA configuration, which three functions are associated with the HA1 Control Link? (Choose three.)

  • A. exchanging hellos
  • B. exchanging heartbeats
  • C. synchronizing sessions
  • D. synchronizing configuration
Mark Question:
Answer:

A B D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15 Topic 1, NEW Questions

On a firewall that has 32 Ethernet ports and is configured with a dynamic IP and port (DIPP) NAT oversubscription rate of 2x,
what is the maximum number of concurrent sessions supported by each available IP address?

  • A. 32
  • B. 64
  • C. 64K
  • D. 128K
Mark Question:
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2