Documents

Test (Recovered)

Description
Test - Accredited Configuration Engineer (ACE) Exam PAN-OS 5.0 Version Exam Question 1 of 50. If the Forward Proxy Ready shows “no” when running the command show system setting ssl-decrypt setting, what is most likely the cause? SSL forward proxy certificate is not generated n Web interface certificate is not generated n Forward proxy license is not enabled on the box n SSL decryption rule is not created Mark for follow up Question 2 of 50. When adding an application in a Policy-based Forward
Categories
Published
of 20
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
  Test - Accredited Configuration Engineer (ACE) Exam - PAN-OS 5.0 Version   Exam   Question 1 of 50.   If the Forward Proxy Ready shows “no” when running the command show system setting ssl -decrypt setting, what is most likely the cause?   SSL forward proxy certificate is not generated n Web interface certificate is not generated n Forward proxy license is not enabled on the box n SSL decryption rule is not created Mark for follow up   Question 2 of 50.   When adding an application in a Policy-based Forwarding rule, only a subset of the entire App-ID database is represented. Why would this be? Policy-based forwarding can only indentify certain applications at this stage of the packet flow, as the majority of applications are only identified once the session is created. s Policy-based forwarding rules require that a companion Security policy rule, allowing the needed  Application traffic, must first be created. The license for the Application ID database is no longer valid.  A custom application must first be defined before it can be added to a Policy-based forwarding rule. Mark for follow up   Question 3 of 50.   What option should be configured when using User Identification?   Enable User Identification per Zone Enable User Identification per Security Rule Enable User Identification per interface None of the above Mark for follow up      Question 4 of 50.   What needs to be done prior to committing a configuration in Panorama after making a change via the CLI or web interface on a device?   No additional actions required s Synchronize the configuration between the device and Panorama n Make the same change again via Panorama n Re-import the configuration from the device into Panorama n Mark for follow up   Question 5 of 50.   Which local interface cannot be assigned to the IKE gateway?   Tunnel L3 VLAN Loopback Mark for follow up   Question 6 of 50.   To allow the PAN device to resolve internal and external DNS host names for reporting and for security policies, an administrator can do the following:   Create a DNS Proxy Object with a default DNS Server for external resolution and a DNS server for internal domain. Then, in the device settings, point to this proxy object for DNS resolution. In the device settings define internal hosts via a static list. In the device settings set the Primary DNS server to an external server and the secondary to an internal server. Create a DNS Proxy Object with a default DNS Server for external resolution and a DNS server for internal domain. Then, in the device settings, select the proxy object as the Primary DNS and create a custom security rule which references that object for Mark for follow up   Question 7 of 50.   With PAN-OS 5.0, how can a common NTP value be pushed to a cluster of firewalls?   Via a Panorama Template s Via a shared object in Panorama n Via a Panorama Device Group    Via a Device Group object in Panorama Mark for follow up   Question 8 of 50.   Which of the following Global Protect features requires a separate license?   Use of dynamic selection between multiple Gateways Use of a Portal to allow users to connect  Allowing users to connect Manual Gateway Selection Mark for follow up   Question 9 of 50.   Which of the following represents HTTP traffic events that can be used to identify potential Botnets? Traffic from users that browse to IP addresses instead of fully-qualified domain names, downloading W32.Welchia.Worm from a Windows share, traffic to domains that have been registered in the last 30 days, downloading executable files from unknown URL's n Traffic from users that browse to IP addresses instead of fully-qualified domain names, traffic to domains that have been registered in the last 60 days, downloading executable files from unknown URL's Traffic from users that browse to IP addresses instead of fully-qualified domain names, traffic to domains that have been registered in the last 60 days, downloading executable files from unknown URL's, IRC-based Command and Control traffic n Traffic from users that browse to IP addresses instead of fully-qualified domain names, traffic to domains that have been registered in the last 30 days, Mark for follow up   Question 10 of 50.   For correct routing to SSL VPN clients to occur, the following must be configured:   Network Address Translation must be enabled for the SSL VPN client IP pool n  A dynamic routing protocol between the Palo Alto Networks device and the next-hop gateway to advertise the SSL VPN client IP pool n  A static route on the next-hop gateway of the SSL VPN client IP pool with a destination of the Palo Alto Networks device n No routing needs to be configured - the PAN device automatically responds to ARP requests for the SSL VPN client IP pool s Mark for follow up   Question 11 of 50.   Which option allows an administrator to segrate Panorama and Syslog traffic, so that the Management  Interface is not employed when sending these types of traffic?   Custom entries in the Virtual Router, pointing to the IP addresses of the Panorama and Syslog devices. Define a Loopback interface for the Panorama and Syslog Devices On the Device tab in the Web UI, create custom server profiles for Syslog and Panorama Service Route Configuration Mark for follow up   Question 12 of 50.   What new functionality is provided in PAN-OS 5.0 by Palo Alto Networks URL Filtering Database (PAN-DB)?   The Log Container Page Only option can be employed in a URL-Filtering policy to reduce the number of logging events. URL-Filtering can now be employed as a match condition in Security policy IP-Based Threat Exceptions can now be driven by custom URL categories Daily database downloads for updates are no longer required as devices stay in-sync with the cloud. Mark for follow up   Question 13 of 50.   For non-Microsoft clients, what Captive Portal method is supported?   NTLM Auth User Agent Local Database Web Form Captive Portal Mark for follow up   Question 14 of 50.   In order to route traffic between layer 3 interfaces on the PAN firewall you need:   VLAN Vwire Security Profile Virtual Router Mark for follow up  
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks