Labour Day Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

  1. Home
  2. Aviatrix
  3. Aviatrix Certified Engineer
  4. ACE
  5. Aviatrix Certified Engineer (ACE) program Questions and Answers
Note! The ACE Exam is no longer available.

ACE Aviatrix Certified Engineer (ACE) program Questions and Answers

Questions 4

Which two file types can be sent to WildFire for analysis if a firewall has only a standard subscription service? (Choosetwo.)

Options:

A.

.jar

B.

.exe

C.

.dll

D.

.pdf

Buy Now
Questions 5

For which firewall feature should you create forward trust and forward untrust certificates?

Options:

A.

SSH decryption

B.

SSL client­side certificate checking

C.

SSL Inbound Inspection decryption

D.

SSL forward proxy decryption

Buy Now
Questions 6

Which statement describes a function provided by an Interface Management Profile?

Options:

A.

It determines which external services are accessible by the firewall.

B.

It determines which administrators can manage which interfaces.

C.

It determines which firewall services are accessible from external devices.

D.

It determines the NetFlow and LLDP interface management settings.

Buy Now
Questions 7

Which three interface types can control or shape network traffic? (Choose three.)

Options:

A.

Layer 2

B.

Tap

C.

Virtual Wire

D.

Layer 3

Buy Now
Questions 8

Because a firewall examines every packet in a session, a firewall can detect application ________?

Options:

A.

shifts

B.

groups

C.

filters

D.

errors

Buy Now
Questions 9

What are three connection methods for the GlobalProtect agent? (Choose three.)

Options:

A.

Pre­Logon

B.

Captcha portal

C.

User­Logon

D.

On­demand

Buy Now
Questions 10

Application block pages can be enabled for which applications?

Options:

A.

any

B.

MGT port­based

C.

non­TCP/IP

D.

web­based

Buy Now
Questions 11

The firewall acts as a proxy for which two types of traffic? (Choose two.)

Options:

A.

SSH

B.

Non-SSL

C.

SSL Inbound Inspection

D.

SSL outbound

Buy Now
Questions 12

If a DNS sinkhole is configured, any sinkhole actions indicating a potentially infected host are recorded in which log type?

Options:

A.

Traffic

B.

WildFire Submissions

C.

Data Filtering

D.

Threat

Buy Now
Questions 13

On a firewall that has 32 Ethernet ports and is configured with a dynamic IP and port (DIPP) NAT oversubscription rate of2x, what is the maximum number of concurrent sessions supportedby each available IP address?

Options:

A.

32

B.

64

C.

64K

D.

128K

Buy Now
Questions 14

Which interface type is NOT assigned to a security zone?

Options:

A.

VLAN

B.

HA

C.

Virtual Wire

D.

Layer 3

Buy Now
Questions 15

Which condition must exist before a firewall's in­band interface can process traffic?

Options:

A.

The firewall must not be a loopback interface.

B.

The firewall must be assigned to a security zone.

C.

The firewall must be assigned an IP address.

D.

The firewall must be enabled.

Buy Now
Questions 16

Which user mapping method is recommended for a highly mobile user base?

Options:

A.

GlobalProtect

B.

Server Monitoring

C.

Session Monitoring

D.

Client Probing

Buy Now
Questions 17

Which action in a File Blocking Security Profile results in theuser being prompted to verify afile transfer?

Options:

A.

Block

B.

Continue

C.

Allow

D.

Alert

Buy Now
Questions 18

Which of the following types of protection are available in DoS policy?

Options:

A.

Session Limit, SYN Flood, UDP Flood

B.

Session Limit, Port Scanning, Host Swapping, UDP Flood

C.

Session Limit, SYN Flood, Host Swapping, UDP Flood

D.

Session Limit, SYN Flood, Port Scanning, Host Swapping

Buy Now
Questions 19

Besides selecting the Heartbeat Backup option when creating an ActivePassive

HA Pair, which of the following also prevents "SplitBrain"?

Options:

A.

Creating a custom interface under Service Route Configuration, and assigning this interface as the backup HA2 link.

B.

Under “Packet Forwarding”, selecting the VR Sync checkbox.

C.

Configuring an independent backup HA1 link.

D.

Configuring a backup HA2 link that points to the MGT interface of the other device in the pair.

Buy Now
Questions 20

In PAN-OS8.0, rule numbers were introduced. Rule Numbers are:

Options:

A.

Dynamic numbers that refer to a security policy’s order and are especially useful when filtering security policies by tags

B.

Numbers referring to when the security policy was created and do not have a bearing on the order of policy enforcement

C.

Static numbers that must be manually re-numbered whenever a new security policy is added

Buy Now
Questions 21

As the Palo Alto Networks administrator, you have enabled Application Block pages. Afterward, some users do not receive web-based feedback for all denied applications. Why would this be?

Options:

A.

Some users are accessing the Palo Alto Networks firewall through a virtual system that does not have Application Block pages enabled.

B.

Application Block Pages will only be displayed when Captive Portal is configured

C.

Some Application ID's are set with a Session Timeout value that is too low.

D.

Application Block Pages will only be displayed when users attempt to access a denied web-based application.

Buy Now
Questions 22

Wildfire may be used for identifying which of the following types of traffic?

Options:

A.

URL content

B.

DHCP

C.

DNS

D.

Viruses

Buy Now
Questions 23

What option should be configured when using User Identification?

Options:

A.

Enable User Identification per Zone

B.

Enable User Identification per Security Rule

C.

Enable User Identification per interface

D.

None of the above

Buy Now
Questions 24

InPAN-OS 8.0which of the available choices serves as an alert warning by defining patterns of suspicious traffic and network anomalies that may indicate a host has been compromised?

Options:

A.

App-ID Signatures

B.

Correlation Objects

C.

Command & Control Signatures

D.

Correlation Events

E.

Custom Signatures

Buy Now
Questions 25

What built-in administrator role allows all rights except for the creation of administrative accounts and virtual systems?

Options:

A.

superuser

B.

vsysadmin

C.

A custom role is required for this level of access

D.

deviceadmin

Buy Now
Questions 26

Select the implicit rules that are applied to traffic that fails to match any administratordefined Security Policies. (Choose all rules that are correct.)

Options:

A.

Intrazone traffic is allowed

B.

Interzone traffic is denied

C.

Intrazone traffic is denied

D.

Interzone traffic is allowed

Buy Now
Questions 27

Subsequent to the installation of new licenses, the firewall must be rebooted

Options:

A.

True

B.

False

Buy Now
Questions 28

Which of the following represents HTTP traffic events that can be used to identify potential Botnets?

Options:

A.

Traffic from users that browse to IP addresses instead of fully-qualified domain names, downloading W32.Welchia.Worm from a Windows share, traffic to domains that have been registered in the last 30 days, downloading executable files from unknown URL's

B.

Traffic from users that browse to IP addresses instead of fully-qualified domain names, traffic to domains that have been registered in the last 60 days, downloading executable files from unknown URL's

C.

Traffic from users that browse to IP addresses instead of fully-qualified domain names, traffic to domains that have been registered in the last 60 days, downloading executable files from unknown URL's, IRC-based Command and Control traffic

D.

Traffic from users that browse to IP addresses instead of fully-qualified domain names, traffic to domains that have been registered in the last 30 days.

Buy Now
Questions 29

Which of the following statements is NOT True regarding a Decryption Mirror interface?

Options:

A.

Requires superuser privilege

B.

Supports SSL outbound

C.

Can be a member of any VSYS

D.

Supports SSL inbound

Buy Now
Questions 30

What option should be configured when using User-ID

Options:

A.

Enable User-ID per zone

B.

Enable User-ID per interface

C.

Enable User-ID per Security Policy

D.

None of the above

Buy Now
Questions 31

A local/enterprise PKI system is required to deploy outbound forward proxy SSL decryption capabilities.

Options:

A.

True

B.

False

Buy Now
Questions 32

Taking into account only the information in the screenshot above, answer the following question. Which applications will be allowed on their standard ports? (Select all correct answers.)

ACE Question 32

Options:

A.

BitTorrent

B.

Gnutella

C.

Skype

D.

SSH

Buy Now
Questions 33

As the Palo Alto Networks administrator responsible for User Identification, you are looking for the simplest method of mapping network users that do not sign into LDAP. Which information source would allow reliable User ID mapping for these users, requiring the least amount of configuration?

Options:

A.

WMI Query

B.

Exchange CAS Security Logs

C.

Captive Portal

D.

Active Directory Security Logs

Buy Now
Exam Code: ACE
Exam Name: Aviatrix Certified Engineer (ACE) program
Last Update: Mar 20, 2024
Questions: 72