ACE Exam Questions
172 real ACE exam questions with expert-verified answers and explanations. Page 1 of 4.
- Question #1
A Security policy rule displayed in italic font indicates which condition?
- Question #2
An Antivirus Security Profile specifies Actions and WildFire Actions. WildFire Actions enable you to configure the firewall to perform which operation?
- Question #3
An Interface Management Profile can be attached to which two interface types? (Choose two.)
- Question #4
AppID running on a firewall identifies applications using which three methods? (Choose three.)
- Question #5
Application block pages can be enabled for which applications?
- Question #6
Because a firewall examines every packet in a session, a firewall can detect application ________?
- Question #7
Finding URLs matched to the notresolved URL category in the URL Filtering log file might indicate that you should take which action?
- Question #8
For which firewall feature should you create forward trust and forward untrust certificates?
- Question #9
If a DNS sinkhole is configured, any sinkhole actions indicating a potentially infected host are recorded in which log type?
- Question #10
If there is an HA configuration mismatch between firewalls during peer negotiation, which state will the passive firewall enter?
- Question #11
In a destination NAT configuration, which option accurately completes the following sentence? A Security policy rule should be written to match the ____.
- Question #12
In a Security Profile, which action does a firewall take when the profiles action is configured as Reset Server? (Choose two.)
- Question #13
In an HA configuration, which three components are synchronized between the pair of firewalls? (Choose three.)
- Question #14
In an HA configuration, which three functions are associated with the HA1 Control Link? (Choose three.)
- Question #15
On a firewall that has 32 Ethernet ports and is configured with a dynamic IP and port (DIPP) NAT oversubscription rate of 2x, what is the maximum number of concurrent sessions supp...
- Question #16
The Threat log records events from which three Security Profiles? (Choose three.)
- Question #17
The UserID feature is enabled per ________?
- Question #18
The WildFire Portal website supports which three operations? (Choose three.)
- Question #19
What are the two separate planes that make up the PAN-OS architecture? (Choose two.)
- Question #21
What are two benefits of attaching a Decryption Profile to a Decryption policy nodecrypt rule? (Choose two.)
- Question #22
What is a characteristic of Dynamic Admin Roles?
- Question #23
What is the result of performing a firewall Commit operation?
- Question #24
Where does a GlobalProtect client connect to first when trying to connect to the network?
- Question #25
Which action in a File Blocking Security Profile results in the user being prompted to verify a file transfer?
- Question #26
Which condition must exist before a firewall's inbound interface can process traffic?
- Question #27
Which feature is a dynamic grouping of applications used in Security policy rules?
- Question #28
Which four actions can be applied to traffic matching a URL Filtering Security Profile? (Choose four.)
- Question #29
Which interface type does NOT require any configuration changes to adjacent network devices?
- Question #30
Which interface type is NOT assigned to a security zone?
- Question #31
Which statement describes a function provided by an Interface Management Profile?
- Question #32
Which three are valid configuration options in a WildFire Analysis Profile? (Choose three.)
- Question #33
Which three interface types can control or shape network traffic? (Choose three.)
- Question #34
Which three MGT port configuration settings are required in order to access the WebUl? (Choose three.)
- Question #35
Which three network modes are supported by active/passive HA? (Choose three.)
- Question #36
Which three statements are true regarding sessions on the firewall? (Choose three.)
- Question #37
Which two file types can be sent to WildFire for analysis if a firewall has only a standard subscription service? (Choose two.)
- Question #38
Which two User-ID methods are used to verify known IP addresstouser mappings? (Choose two.)
- Question #39
Which user mapping method is recommended for a highly mobile user base?
- Question #40
Which UserID user mapping method is recommended for environments where users frequently change IP addresses?
- Question #41
In an HA configuration, which two failure detection methods rely on ICMP ping? (Choose two.)
- Question #42
Which two user mapping methods are supported by the User-ID integrated agent? (Choose two.)
- Question #43
SSL Inbound Inspection requires that the firewall be configured with which two components? (Choose two.)
- Question #44
When SSL traffic passes through the firewall, which component is evaluated first?
- Question #45
Which statement describes the Export named configuration snapshot operation?
- Question #46
Which statement is true about a URL Filtering Profile continue password?
- Question #47
Which three components can be sent to WildFire for analysis? (Choose three.)
- Question #48
Which type of content update does NOT have to be scheduled for download on the firewall?
- Question #49
The firewall acts as a proxy for which two types of traffic? (Choose two.)
- Question #50
What is a use case for deploying Palo Alto Networks NGFW in the public cloud?
- Question #51
In a Destination NAT configuration, the Translated Address field may be populated with either an IP address or an Address Object.