Accredited Configuration Engineer v1.0 (ACE)

Page:    1 / 12   
Total 175 questions

Which option allows an administrator to segrate Panorama and Syslog traffic, so that the Management Interface is not employed when sending these types of traffic?

  • A. Custom entries in the Virtual Router, pointing to the IP addresses of the Panorama and Syslog devices.
  • B. Define a Loopback interface for the Panorama and Syslog Devices
  • C. On the Device tab in the Web UI, create custom server profiles for Syslog and Panorama
  • D. Service Route Configuration


Answer : D

What new functionality is provided in PAN-OS 5.0 by Palo Alto Networks URL Filtering Database (PAN-DB)?

  • A. The "Log Container Page Only" option can be employed in a URL-Filtering policy to reduce the number of logging events.
  • B. URL-Filtering can now be employed as a match condition in Security policy
  • C. IP-Based Threat Exceptions can now be driven by custom URL categories
  • D. Daily database downloads for updates are no longer required as devices stay in-sync with the cloud.


Answer : D

For non-Microsoft clients, what Captive Portal method is supported?

  • A. NTLM Auth
  • B. User Agent
  • C. Local Database
  • D. Web Form Captive Portal


Answer : D

In order to route traffic between layer 3 interfaces on the PAN firewall you need:

  • A. VLAN
  • B. Vwire
  • C. Security Profile
  • D. Virtual Router


Answer : A

What built-in administrator role allows all rights except for the creation of administrative accounts and virtual systems?

  • A. superuser
  • B. vsysadmin
  • C. A custom role is required for this level of access
  • D. deviceadmin


Answer : D

What is the name of the debug save file for IPSec VPN tunnels?

  • A. set vpn all up
  • B. test vpn ike-sa
  • C. request vpn IPsec-sa test
  • D. Ikemgr.pcap


Answer : D

To create a custom signature object for an Application Override Policy, which of the following fields are mandatory?

  • A. Category
  • B. Regular Expressions
  • C. Ports
  • D. Characteristics


Answer : D

Which routing protocol is supported on the Palo Alto Networks platform?

  • A. BGP
  • B. RSTP
  • C. ISIS
  • D. RIPv1


Answer : D

What happens at the point of Threat Prevention license expiration?

  • A. Threat Prevention no longer updated; existing database still effective
  • B. Threat Prevention is no longer used; applicable traffic is allowed
  • C. Threat Prevention no longer used; applicable traffic is blocked
  • D. Threat Prevention no longer used; traffic is allowed or blocked by configuration per Security Rule


Answer : A

Administrative Alarms can be enabled for which of the following except?

  • A. Certificate Expirations
  • B. Security Violation Thresholds
  • C. Security Policy Tags
  • D. Traffic Log capacity


Answer : A

Which of the following types of protection are available in DoS policy?

  • A. Session Limit, SYN Flood, UDP Flood
  • B. Session Limit, Port Scanning, Host Swapping, UDP Flood
  • C. Session Limit, SYN Flood, Host Swapping, UDP Flood
  • D. Session Limit, SYN Flood, Port Scanning, Host Swapping


Answer : A

Which one of the options describes the sequence of the GlobalProtect agent connecting to a Gateway?

  • A. The agent connects to the portal, obtains a list of the Gateways, and connects to the Gateway with the fastest SSL connect time
  • B. The agent connects to the portal and randomly establishes connect to the first available Gateway
  • C. The agent connects to the portal, obtains a list of the Gateways, and connects to the Gateway with the fastest PING response time
  • D. The agent connects to the closest Gateway and sends the HIP report to the portal


Answer : C

A local/enterprise PKI system is required to deploy outbound forward proxy SSL decryption capabilities.

  • A. True
  • B. False


Answer : B

To properly configure DOS protection to limit the number of sessions individually from specific source IPs you would configure a DOS Protection rule with the following characteristics:

  • A. Action: Protect, Classified Profile with "Resources Protection" configured, and Classified Address with "source-ip-only" configured
  • B. Action: Deny, Aggregate Profile with "Resources Protection" configured
  • C. Action: Protect, Aggregate Profile with "Resources Protection" configured
  • D. Action: Deny, Classified Profile with "Resources Protection" configured, and Classified Address with "source-ip-only" configured


Answer : A

When setting up GlobalProtect, what is the job of the GlobalProtect Portal?

  • A. To maintain the list of remote GlobalProtect Portals and list of categories for checking the client machine
  • B. To maintain the list of GlobalProtect Gateways and list of categories for checking the client machine
  • C. To load balance GlobalProtect client connections to GlobalProtect Gateways
  • D. None of the above


Answer : B

Page:    1 / 12   
Total 175 questions