Exam Details
Exam Code
:ACEExam Name
:Accredited Configuration Engineer (ACE) PAN-OS 8.0Certification
:ACEVendor
:Palo Alto NetworksTotal Questions
:222 Q&AsLast Updated
:May 09, 2024
Palo Alto Networks ACE ACE Questions & Answers
-
Question 11:
Which of the following facts about dynamic updates is correct?
A. Antivirus updates are released daily. Application and Threat updates are released weekly.
B. Application and Antivirus updates are released weekly. Threat and "Threat and URL Filtering" updates are released weekly.
C. Application and Threat updates are released daily. Antivirus and URL Filtering updates are released weekly.
D. Threat and URL Filtering updates are released daily. Application and Antivirus updates are released weekly.
-
Question 12:
When configuring a Security Policy Rule based on FQDN Address Objects, which of the following statements is True?
A. The firewall resolves the FQDN first when the policy is committed, and resolves the FQDN again each time Security Profiles are evaluated.
B. The firewall resolves the FQDN first when the policy is committed, and resolves the FQDN again at DNS TTL expiration.
C. In order to create FQDN-based objects, you need to manually define a list of associated IP addresses.
-
Question 13:
With IKE, each device is identified to the other by a Peer ID. In most cases, this is just the public IP address of the device. In situations where the public ID is not static, this value can be replaced with a domain name or other text value
A. True
B. False
-
Question 14:
A "Continue" action can be configured on which of the following Security Profiles?
A. URL Filtering and File Blocking
B. URL Filtering only
C. URL Filtering, File Blocking, and Data Filtering
D. URL Filtering and Anti-virus
-
Question 15:
An interface in tap mode can transmit packets on the wire.
A. True
B. False
-
Question 16:
As the Palo Alto Networks administrator, you have enabled Application Block pages. Afterward, some users do not receive web-based feedback for all denied applications. Why would this be?
A. Some users are accessing the Palo Alto Networks firewall through a virtual system that does not have Application Block pages enabled.
B. Application Block Pages will only be displayed when Captive Portal is configured
C. Some Application ID's are set with a Session Timeout value that is too low.
D. Application Block Pages will only be displayed when users attempt to access a denied web-based application.
-
Question 17:
Taking into account only the information in the screenshot above, answer the following question. Which applications will be allowed on their standard ports? (Select all correct answers.)
A. BitTorrent
B. Gnutella
C. Skype
D. SSH
-
Question 18:
For non-Microsoft clients, what Captive Portal method is supported?
A. NTLM Auth
B. User Agent
C. Local Database
D. Web Form Captive Portal
-
Question 19:
When Destination Network Address Translation is being performed, the destination in the corresponding Security Policy Rule should use:
A. The PostNAT destination zone and PostNAT IP address.
B. The PreNAT destination zone and PreNAT IP address.
C. The PreNAT destination zone and PostNAT IP address.
D. The PostNAT destination zone and PreNAT IP address.
-
Question 20:
In PANOS 6.0 and later, which of these items may be used as match criterion in a PolicyBased Forwarding Rule? (Choose 3.)
A. Source User
B. Source Zone
C. Destination Zone
D. Application
Related Exams:
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ACE exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.