palo-alto-networks ace practice test

Accredited Configuration Engineer


Question 1 Topic 2, Exam Pool A

As of PAN-OS 8.0, when configuring a Decryption Policy Rule, which of the following is NOT an available option as matching
criteria in the rule?

  • A. Application
  • B. Source User
  • C. URL Category
  • D. Source Zone
  • E. Service
Answer:

A

Discussions

Question 2 Topic 2, Exam Pool A

Which of the following can provide information to a Palo Alto Networks firewall for the purposes of User-ID? (Select all
correct answers.)

  • A. Network Access Control (NAC) device
  • B. Domain Controller
  • C. RIPv2
  • D. SSL Certificates
Answer:

A B D

Discussions

Question 3 Topic 2, Exam Pool A

In PAN-OS 8.0 which of the available choices serves as an alert warning by defining patterns of suspicious traffic and
network anomalies that may indicate a host has been compromised?

  • A. App-ID Signatures
  • B. Correlation Objects
  • C. Command & Control Signatures
  • D. Correlation Events
  • E. Custom Signatures
Answer:

E

Discussions

Question 4 Topic 2, Exam Pool A

Which of the following is True of an application filter?

  • A. An application filter automatically adapts when an application moves from one IP address to another.
  • B. An application filter automatically includes a new application when one of the new applications characteristics are included in the filter.
  • C. An application filter specifies the users allowed to access an application.
  • D. An application filter is used by malware to evade detection by firewalls and anti-virus software.
Answer:

B

Discussions

Question 5 Topic 2, Exam Pool A

You can assign an IP address to an interface in Virtual Wire mode.

  • A. True
  • B. False
Answer:

B

Discussions

Question 6 Topic 2, Exam Pool A

The "Drive-By Download" protection feature, under File Blocking profiles in Content-ID, provides:

  • A. Increased speed on downloads of file types that are explicitly enabled.
  • B. The ability to use Authentication Profiles, in order to protect against unwanted downloads.
  • C. Password-protected access to specific file downloads for authorized users.
  • D. Protection against unwanted downloads by showing the user a response page indicating that a file is going to be downloaded.
Answer:

D

Discussions

Question 7 Topic 2, Exam Pool A

Previous to PAN-OS 8.0 the firewall was able to decode up to two levels. With PAN-OS 8.0 the firewall can now decode up
to how many levels?

  • A. Three
  • B. Six
  • C. Five
  • D. Four
Answer:

D

Discussions

Question 8 Topic 2, Exam Pool A

Which of the following would be a reason to use the PAN-OS XML API to communicate with a Palo Alto Networks firewall?

  • A. To allow the firewall to push User-ID information to a Network Access Control (NAC) device.
  • B. To permit syslogging of User Identification events.
  • C. To pull information from other network resources for User-ID.
Answer:

A

Discussions

Question 9 Topic 2, Exam Pool A

A "Continue" action can be configured on which of the following Security Profiles?

  • A. URL Filtering and File Blocking
  • B. URL Filtering only
  • C. URL Filtering, File Blocking, and Data Filtering
  • D. URL Filtering and Anti-virus
Answer:

A

Discussions

Question 10 Topic 2, Exam Pool A

When configuring a Security Policy Rule based on FQDN Address Objects, which of the following statements is True?

  • A. The firewall resolves the FQDN first when the policy is committed, and resolves the FQDN again each time Security Profiles are evaluated.
  • B. The firewall resolves the FQDN first when the policy is committed, and resolves the FQDN again at DNS TTL expiration.
  • C. In order to create FQDN-based objects, you need to manually define a list of associated IP addresses.
Answer:

B

Discussions
To page 2