You'd like to schedule a firewall policy to only allow a certain application during a particular time of day. Where can this policy option be configured?
A. Policies > Security > Service
B. Policies > Security > Options
C. Policies > Security > Application
D. Policies > Security > Profile
Which of the following statements is NOT True regarding a Decryption Mirror interface?
A. Requires superuser privilege
B. Supports SSL outbound
C. Can be a member of any VSYS
D. Supports SSL inbound
Which of the following fields is not available in DoS policy?
A. Destination Zone
B. Source Zone
C. Application
D. Service
As the Palo Alto Networks Administrator you have enabled Application Block pages.
Afterwards, not knowing they are attempting to access a blocked webbased application, users call the Help
Desk to complain about network connectivity issues.
What is the cause of the increased number of help desk calls?
A. The File Blocking Block Page was disabled.
B. Some AppID's are set with a Session Timeout value that is too low.
C. The firewall admin did not create a custom response page to notify potential users that their attempt to access the webbased application is being blocked due to policy.
D. Application Block Pages will only be displayed when Captive Portal is configured.
Which of the following would be a reason to use an XML API to communicate with a Palo Alto Networks firewall?
A. So that information can be pulled from other network resources for User-ID
B. To allow the firewall to push UserID information to a Network Access Control (NAC) device.
C. To permit sys logging of User Identification events
Which of the following is NOT a valid option for builtin CLI Admin roles?
A. deviceadmin
B. superuser
C. devicereader
D. read/write
After configuring Captive Portal in Layer 3 mode, users in the Trust Zone are not receiving the Captive Portal authentication page when they launch their web browsers. How can this be corrected?
A. Ensure that all users in the Trust Zone are using NTLM-capable browsers
B. Enable "Response Pages" in the Interface Management Profile that is applied to the L3 Interface in the Trust Zone.
C. Confirm that Captive Portal Timeout value is not set below 2 seconds
D. Enable "Redirect " as the Mode type in the Captive Portal Settings
The following can be configured as a next hop in a Static Route:
A. A Policy-Based Forwarding Rule
B. Virtual System
C. A Dynamic Routing Protocol
D. Virtual Router
A Config Lock may be removed by which of the following users? (Select all correct answers.)
A. The administrator who set it
B. Device administrators
C. Any administrator
D. Superusers
UserID-is enabled in the configuration of ...
A. A Security Profile.
B. An Interface.
C. A Security Policy.
D. A Zone.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ACE exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.