Which of the following facts about dynamic updates is correct?
A. Antivirus updates are released daily. Application and Threat updates are released weekly.
B. Application and Antivirus updates are released weekly. Threat and "Threat and URL Filtering" updates are released weekly.
C. Application and Threat updates are released daily. Antivirus and URL Filtering updates are released weekly.
D. Threat and URL Filtering updates are released daily. Application and Antivirus updates are released weekly.
When configuring a Security Policy Rule based on FQDN Address Objects, which of the following statements is True?
A. The firewall resolves the FQDN first when the policy is committed, and resolves the FQDN again each time Security Profiles are evaluated.
B. The firewall resolves the FQDN first when the policy is committed, and resolves the FQDN again at DNS TTL expiration.
C. In order to create FQDN-based objects, you need to manually define a list of associated IP addresses.
With IKE, each device is identified to the other by a Peer ID. In most cases, this is just the public IP address of the device. In situations where the public ID is not static, this value can be replaced with a domain name or other text value
A. True
B. False
A "Continue" action can be configured on which of the following Security Profiles?
A. URL Filtering and File Blocking
B. URL Filtering only
C. URL Filtering, File Blocking, and Data Filtering
D. URL Filtering and Anti-virus
An interface in tap mode can transmit packets on the wire.
A. True
B. False
As the Palo Alto Networks administrator, you have enabled Application Block pages. Afterward, some users do not receive web-based feedback for all denied applications. Why would this be?
A. Some users are accessing the Palo Alto Networks firewall through a virtual system that does not have Application Block pages enabled.
B. Application Block Pages will only be displayed when Captive Portal is configured
C. Some Application ID's are set with a Session Timeout value that is too low.
D. Application Block Pages will only be displayed when users attempt to access a denied web-based application.
Taking into account only the information in the screenshot above, answer the following question. Which applications will be allowed on their standard ports? (Select all correct answers.)
A. BitTorrent
B. Gnutella
C. Skype
D. SSH
For non-Microsoft clients, what Captive Portal method is supported?
A. NTLM Auth
B. User Agent
C. Local Database
D. Web Form Captive Portal
When Destination Network Address Translation is being performed, the destination in the corresponding Security Policy Rule should use:
A. The PostNAT destination zone and PostNAT IP address.
B. The PreNAT destination zone and PreNAT IP address.
C. The PreNAT destination zone and PostNAT IP address.
D. The PostNAT destination zone and PreNAT IP address.
In PANOS 6.0 and later, which of these items may be used as match criterion in a PolicyBased Forwarding Rule? (Choose 3.)
A. Source User
B. Source Zone
C. Destination Zone
D. Application
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ACE exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.