ACE Exam Questions

Color-coded tags can be used on all of the items listed below EXCEPT:

Which of the following can provide information to a Palo Alto Networks firewall for the purposes of UserID? (Select all correct answers.)

When you have created a Security Policy Rule that allows Facebook, what must you do to block all other web browsing traffic?

As the Palo Alto Networks Administrator responsible for UserID, you need to enable mapping of network users that do not signin using LDAP. Which information source would allow for...

Which of the following CANNOT use the source user as a match criterion?

Which statement below is True?

When configuring a Decryption Policy rule, which option allows a firewall administrator to control SSHv2 tunneling in policies by specifying the SSHtunnel AppID?

What are two sources of information for determining whether the firewall has been successful in communicating with an external UserID Agent?

What Security Profile type must be configured to send files to the Wildfire cloud, and with what choices for the action setting?

When configuring UserID on a Palo Alto Networks firewall, what is the proper procedure to limit User mappings to a particular DHCP scope?

A Config Lock may be removed by which of the following users? (Select all correct answers.)

After the installation of a new version of PANOS, the firewall must be rebooted.

When configuring a Decryption Policy Rule, which of the following are available as matching criteria in the rule? (Choose 3 answers.)

After the installation of the Threat Prevention license, the firewall must be rebooted.

What is the function of the GlobalProtect Portal?

Which mode will allow a user to choose when they wish to connect to the Global Protect Network?

After the installation of a new Application and Threat database, the firewall must be rebooted.

Taking into account only the information in the screenshot above, answer the following question: A span port or a switch is connected to eth4, but there are no traffic logs. Which...

Which of the following platforms supports the Decryption Port Mirror function?

An enterprise PKI system is required to deploy SSL Forward Proxy decryption capabilities.

UserID-is enabled in the configuration of ...

Which of the following interface types can have an IP address assigned to it? (Select all correct answers.)

As the Palo Alto Networks Administrator you have enabled Application Block pages. Afterwards, not knowing they are attempting to access a blocked webbased application, users call t...

Security policies specify a source interface and a destination interface.

Select the implicit rules that are applied to traffic that fails to match any administratordefined Security Policies. (Choose all rules that are correct.)

Besides selecting the Heartbeat Backup option when creating an ActivePassive HA Pair, which of the following also prevents "SplitBrain"?

Which of the following statements is NOT True regarding a Decryption Mirror interface?

Which of the following are necessary components of a GlobalProtect solution?

Which feature can be configured to block sessions that the firewall cannot decrypt?

How do you reduce the amount of information recorded in the URL Content Filtering Logs?

Taking into account only the information in the screenshot above, answer the following question. An administrator is using SSH on port 3333 and BitTorrent on port 7777. Which state...

Which of the following statements is NOT True about Palo Alto Networks firewalls?

When using remote authentication for users (LDAP, RADIUS, Active Directory, etc.), what must be done to allow a user to authenticate through multiple methods?

If the Forward Proxy Ready shows "no" when running the command show system setting ssl-decrypt setting, what is most likely the cause?

What option should be configured when using User Identification?

What needs to be done prior to committing a configuration in Panorama after making a change via the CLI or web interface on a device?

Which local interface cannot be assigned to the IKE gateway?

To allow the PAN device to resolve internal and external DNS host names for reporting and for security policies, an administrator can do the following:

With PAN-OS 5.0, how can a common NTP value be pushed to a cluster of firewalls?

Which of the following Global Protect features requires a separate license?

Which of the following represents HTTP traffic events that can be used to identify potential Botnets?

For correct routing to SSL VPN clients to occur, the following must be configured:

Which option allows an administrator to segregate Panorama and Syslog traffic, so that the Management interface is not employed when sending these types of traffic?

Which of the following must be configured when deploying User-ID to obtain information from an 802.1x authenticator?

Which of the following options may be enabled to reduce system overhead when using Content ID?

When creating an application filter, which of the following is true?

Which fields can be altered in the default Vulnerability profile?

When a user logs in via Captive Portal, their user information can be checked against:

A "Continue" action can be configured on the following Security Profiles:

As the Palo Alto Networks administrator, you have enabled Application Block pages. Afterward, some users do not receive web-based feedback for all denied applications. Why would th...