After the installation of a new version of PANOS, the firewall must be rebooted.
A. True
B. False
When an interface is in Tap mode and a policy action is set to block, the interface will send a TCP reset.
A. True
B. False
Where does a GlobalProtect client connect to first when trying to connect to the network?
A. AD agent
B. User-ID agent
C. GlobalProtect Gateway
D. GlobalProtect Portal
What is the default DNS Sinkhole address used by Palo Alto Networks Firewall to cut off communication?
A. MGT interface address
B. Loopback interface address
C. Any one Layer 3 interface address
D. Localhost address
What Security Profile type must be configured to send files to the WildFire cloud, and with what choices for the action setting?
A. A File Blocking profile with possible actions of "Forward" or "Continue and Forward".
B. A Data Filtering profile with possible actions of "Forward" or "Continue and Forward".
C. A Vulnerability Protection profile with the possible action of "Forward".
D. A URL Filtering profile with the possible action of "Forward".
As a Palo Alto Networks firewall administrator, you have made unwanted changes to the Candidate configuration. These changes may be undone by Device > Setup > Operations >
Configuration Management>....and then what operation?
A. Revert to Running Configuration
B. Revert to last Saved Configuration
C. Load Configuration Version
D. Import Named Configuration Snapshot
When you have created a Security Policy Rule that allows Facebook, what must you do to block all other webbrowsing traffic?
A. Create an additional rule that blocks all other traffic.
B. When creating the policy, ensure that webbrowsing is included in the same rule.
C. Ensure that the Service column is defined as "applicationdefault" for this Security policy. Doing this will automatically include the implicit webbrowsing application dependency.
D. Nothing. You can depend on PANOS to block the webbrowsing traffic that is not needed for Facebook use.
What are two sources of information for determining if the firewall has been successful in communicating with an external User-ID Agent?
A. System Logs and the indicator light under the User-ID Agent settings in the firewall
B. There's only one location - System Logs
C. There's only one location - Traffic Logs
D. System Logs and indicator light on the chassis
To allow the PAN device to resolve internal and external DNS host names for reporting and for security policies, an administrator can do the following:
A. Create a DNS Proxy Object with a default DNS Server for external resolution and a DNS server for internal domain. Then, in the device settings, point to this proxy object for DNS resolution.
B. In the device settings define internal hosts via a static list.
C. In the device settings set the Primary DNS server to an external server and the secondary to an internal server.
D. Create a DNS Proxy Object with a default DNS Server for external resolution and a DNS server for internal domain. Then, in the device settings, select the proxy object as the Primary DNS and create a custom security rule which references that object for
When a Palo Alto Networks firewall is forwarding traffic through interfaces configured for L2 mode, security policies can be set to match on multicast IP addresses.
A. True
B. False
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ACE exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.