Security policies specify a source interface and a destination interface.
A. True
B. False
When configuring UserID on a Palo Alto Networks firewall, what is the proper procedure to limit User mappings to a particular DHCP scope?
A. In the zone in which User Identification is enabled, create a User Identification ACL Include List using the same IP ranges as those allocated in the DHCP scope.
B. Under the User Identification settings, under the User Mapping tab, select the "Restrict Users to Allocated IP" checkbox.
C. In the zone in which User Identification is enabled, select the "Restrict Allocated IP" checkbox.
D. In the DHCP settings on the Palo Alto Networks firewall, point the DHCP Relay to the IP address of the UserID agent.
Which of the following types of protection are available in DoS policy?
A. Session Limit, SYN Flood, UDP Flood
B. Session Limit, Port Scanning, Host Swapping, UDP Flood
C. Session Limit, SYN Flood, Host Swapping, UDP Flood
D. Session Limit, SYN Flood, Port Scanning, Host Swapping
When creating an application filter, which of the following is true?
A. They are used by malware
B. Excessive bandwidth may be used as a filter match criteria
C. They are called dynamic because they automatically adapt to new IP addresses
D. They are called dynamic because they will automatically include new applications from an application
E. signature update if the new application's type is included in the filter
"What is the result of an Administrator submitting a WildFire report's verdict back to Palo Alto Networks as "Incorrect"?
A. The signature will be updated for False positive and False negative files in the next AV signature update.
B. The signature will be updated for False positive and False negative files in the next Application signature update.
C. You will receive an email to disable the signature manually.
D. You will receive an update within 15 minutes.
What is the name of the debug save file for IPSec VPN tunnels?
A. set vpn all up
B. test vpn ike-sa
C. request vpn IPsec-sa test
D. Ikemgr.pcap
What is the correct policy to most effectively block Skype?
A. Allow Skype, block Skype-probe
B. Allow Skype-probe, block Skype
C. Block Skype-probe, block Skype
D. Block Skype
When configuring Security rules based on FQDN objects, which of the following statements are true?
A. The firewall resolves the FQDN first when the policy is committed, and is refreshed each time Security rules are evaluated.
B. The firewall resolves the FQDN first when the policy is committed, and is refreshed at TTL expiration. There is no limit on the number of IP addresses stored for each resolved FQDN.
C. In order to create FQDN-based objects, you need to manually define a list of associated IP. Up to 10 IP addresses can be configured for each FQDN entry.
D. The firewall resolves the FQDN first when the policy is committed, and is refreshed at TTL expiration. The resolution of this FQDN stores up to 10 different IP addresses.
Which of the following interface types can have an IP address assigned to it? (Select all correct answers.)
A. Layer 3
B. Layer 2
C. Tap
D. Virtual Wire
When configuring a Decryption Policy, which of the following are available as matching criteria in a policy? (Choose 3)
A. Source Zone
B. Source User
C. Service
D. URL-Category
E. Application
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ACE exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.