Exam Details
Exam Code
:ACEExam Name
:Accredited Configuration Engineer (ACE) PAN-OS 8.0Certification
:ACEVendor
:Palo Alto NetworksTotal Questions
:222 Q&AsLast Updated
:May 05, 2025
Palo Alto Networks ACE ACE Questions & Answers
-
Question 121:
In PANOS 6.0, rule numbers are:
A. Numbers that specify the order in which security policies are evaluated.
B. Numbers created to be unique identifiers in each firewall's policy database.
C. Numbers on a scale of 0 to 99 that specify priorities when two or more rules are in conflict.
D. Numbers created to make it easier for users to discuss a complicated or difficult sequence of rules.
-
Question 122:
In PAN-OS 5.0, which of the following features is supported with regards to IPv6?
A. OSPF
B. NAT64
C. IPSec VPN tunnels
D. None of the above
-
Question 123:
When configuring a Decryption Policy rule, which option allows a firewall administrator to control SSHv2 tunneling in policies by specifying the SSHtunnel AppID?
A. SSH Proxy
B. SSL Forward Proxy
C. SSL Inbound Inspection
D. SSL Reverse Proxy
-
Question 124:
An enterprise PKI system is required to deploy SSL Forward Proxy decryption capabilities.
A. True
B. False
-
Question 125:
Which routing protocol is supported on the Palo Alto Networks platform?
A. BGP
B. RSTP
C. ISIS
D. RIPv1
-
Question 126:
What new functionality is provided in PAN-OS 5.0 by Palo Alto Networks URL Filtering Database (PANDB)?
A. The "Log Container Page Only" option can be employed in a URL-Filtering policy to reduce the number of logging events.
B. URL-Filtering can now be employed as a match condition in Security policy
C. IP-Based Threat Exceptions can now be driven by custom URL categories
D. Daily database downloads for updates are no longer required as devices stay in-sync with the cloud.
-
Question 127:
Which of the following services are enabled on the MGT interface by default? (Select all correct answers.)
A. HTTPS
B. SSH
C. Telnet
D. HTTP
-
Question 128:
Taking into account only the information in the screenshot above, answer the following question. An administrator is pinging 4.4.4.4 and fails to receive a response. What is the most likely reason for the lack of response?
A. The interface is down.
B. There is a Security Policy that prevents ping.
C. There is no Management Profile.
D. There is no route back to the machine originating the ping.
-
Question 129:
Which of the following Global Protect features requires a separate license?
A. Use of dynamic selection between multiple Gateways
B. Use of a Portal to allow users to connect
C. Allowing users to connect
D. Manual Gateway Selection
-
Question 130:
Enabling "Highlight Unsused Rules" in the Security policy window will:
A. Hightlight all rules that did not immmediately match traffic.
B. Hightlight all rules that did not match traffic since the rule was created or since last reboot of the firewall
C. Allows the administrator to troubleshoot rules when a validation error occurs at the time of commit.
D. Allow the administrator to temporarily disable rules that do not match traffic, for testing purposes
Related Exams:
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ACE exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.