ACE Exam Questions

Wildfire may be used for identifying which of the following types of traffic?

When Network Address Translation has been performed on traffic, Destination Zones in Security rules should be based on:

In Active/Active HA environments, redundancy for the HA3 interface can be achieved by

An Outbound SSL forward-proxy decryption rule cannot be created using which type of zone?

When a Palo Alto Networks firewall is forwarding traffic through interfaces configured for L2 mode, security policies can be set to match on multicast IP addresses.

In an Anti-Virus profile, changing the action to "Block" for IMAP or POP decoders will result in the following:

After configuring Captive Portal in Layer 3 mode, users in the Trust Zone are not receiving the Captive Portal authentication page when they launch their web browsers. How can this...

The "Disable Server Return Inspection" option on a security profile:

A user complains that they are no longer able to access a needed work application after you have implemented vulnerability and anti-spyware profiles. The user's application uses a...

You'd like to schedule a firewall policy to only allow a certain application during a particular time of day. Where can this policy be configured?

What is the size limitation of files manually uploaded to WildFire

Enabling "Highlight Unused Rules" in the Security policy window will:

Which statement accurately reflects the functionality of using regions as objects in Security Policies?

When employing the Brightcloud URL filtering database on the Palo Alto Networks firewalls, the order of checking within a profile is:

The following can be configured as a next hop in a Static Route:

In PAN-OS 5.0, how is Wildfire enabled?

Traffic going to a public IP address is being translated by your PANW firewall to your web server's private IP. Which IP should the Security Policy use as the "Destination IP" in o...

You have decided to implement a Virtual Wire Subinterface. Which options can be used to classify traffic?

When allowing an Application in a Security policy on a PAN-OS 5.0 device, would a dependency Application need to also be enabled if the application does not employ HTTP, SSL, MSRPC...

Users can be authenticated serially to multiple authentication servers by configuring:

When creating a Security Policy to allow Facebook in PAN-OS 5.0, how can you be sure that no other web-browsing traffic is permitted?

When configuring Security rules based on FQDN objects, which of the following statements are true?

When troubleshooting Phase 1 of an IPSec VPN tunnel, what location will have the most informative logs?

Configuring a pair of devices into an Active/Active HA pair provides support for:

Which of the dynamic Updates listed below are issued on a daily basis?

Select the implicit rules enforced on traffic failing to match any user defined Security Policies:

Palo Alto Networks firewalls support the use of both Dynamic (built-in user roles) and Role-Based (customized user roles)

In PAN-OS 6.0, rule numbers were introduced. Rule Numbers are:

Which of the following is NOT a valid option for built-in CLI access roles?

Which of the following objects cannot use User-ID as a match criteria?

Subsequent to the installation of new licenses, the firewall must be rebooted

When an interface is in Tap mode and a policy action is set to block, the interface will send a TCP reset.

The "Drive-By Download" protection feature, under File Blocking profiles in Content-ID, provides:

Which of the following would be a reason to use an XML API to communicate with a Palo Alto Networks firewall?

Which link is used by an Active-Passive cluster to synchronize session information?

Which of the following describes the sequence of the Global Protect agent connecting to a Gateway?

Taking into account an information in the screenshot above, answer the following question. In order for ping traffic to traverse this device from e1/2 to e1/1, what else needs to b...

What is the default DNS Sinkhole address used by Palo Alto Networks Firewall to cut off communication?

When configuring Admin Roles for Web UI access, what are the available access levels?

Which of the following interfaces types will have a MAC address?

Wildfire Analysis Reports are available for the following Operating Systems (select all that apply)

What option should be configured when using User-ID

What is the default setting for 'Action' in a Decryption Policy's rule?

With IKE, each device is identified to the other by a Peer ID. In most cases, this is just the public IP address of the device. In situations where the public ID is not static, thi...

When configuring a Decryption Policy, which of the following are available as matching criteria in a policy? (Choose 3)

Which of the following are methods HA clusters use to identify network outages?

As a Palo Alto Networks firewall administrator, you have made unwanted changes to the Candidate configuration. These changes may be undone by Device > Setup > Operations > Configur...

When employing the BrightCloud URL filtering database in a Palo Alto Networks firewall, the order of evaluation within a profile is:

When Destination Network Address Translation is being performed, the destination in the corresponding Security Policy Rule should use:

Taking into account only the information in the screenshot above, answer the following question. Which applications will be allowed on their standard ports? (Select all correct ans...