Date post: | 02-Mar-2018 |
Category: |
Documents |
Upload: | sanrioo-jp |
View: | 224 times |
Download: | 0 times |
of 14
7/26/2019 ACE7_exam 1of5
1/14
Test - Accredited Configuration Engineer (ACE) Exam - PAN-OS 7.0 Version
ACE Exam
Question 1 of 50.
Seect t!e im"icit rues t!at are a""ied to traffic t!at fais to matc! an# administrator-defined
Securit# Poicies. (C!oose a rues t!at are correct.)
$ntra-%one traffic is ao&ed
$nter-%one traffic is denied
$ntra-%one traffic is denied
$nter-%one traffic is ao&ed
'ar for foo& u"
Question 2 of 50.
$n order to route traffic et&een *a#er + interfaces on t!e Pao Ato Net&ors fire&a, #ou need a
Virtua outer
V*AN
Virtua /ire
Securit# Profie
'ar for foo& u"
Question 3 of 50.
sing t!e AP$ in PAN-OS 1.2, /id3ire suscriers can u"oad u" to !o& man# sam"es "er da#4
50
20
2000
500
'ar for foo& u"
7/26/2019 ACE7_exam 1of5
2/14
Question 4 of 50.
/id3ire ma# e used for identif#ing &!ic! of t!e foo&ing t#"es of traffic4
$P6
89CP
'a&are
OSP3
'ar for foo& u"
Question 5 of 50.
/it!out a /id3ire suscri"tion, &!ic! of t!e foo&ing fies can e sumitted # t!e 3ire&a to
t!e !osted /id3ire 6irtuai%ed sandox4
'S Office doc:docx, xs:xsx, and ""t:""tx fies on#
P83 fies on#
PE fies on#
PE and ;a6a A""et (
7/26/2019 ACE7_exam 1of5
3/14
=>P
$P62
$S$S
STP
'ar for foo& u"
Question 8 of 50.
/!ic! of t!e foo&ing interface t#"es can !a6e an $P address assigned to it4
*a#er +
*a#er
Ta"
Virtua /ire
'ar for foo& u"
Question 9 of 50.
sers ma# e aut!enticated se?uentia# to muti"e aut!entication ser6ers # configuring
An Aut!entication Se?uence.
'uti"e A8$S ser6ers s!aring a VSA configuration.
A custom Administrator Profie.
An Aut!entication Profie.
'ar for foo& u"
Question 10 of 50.
Taing into account on# t!e information in t!e screens!ot ao6e, ans&er t!e foo&ing ?uestion.
An administrator is "inging @.@.@.@ and fais to recei6e a res"onse. /!at is t!e most ie# reason
for t!e ac of res"onse4
T!e interface is do&n.
T!ere is no route ac to t!e mac!ine originating t!e "ing.
T!ere is no 'anagement Profie.
T!ere is a Securit# Poic# t!at "re6ents "ing.
'ar for foo& u"
7/26/2019 ACE7_exam 1of5
4/14
Question 11 of 50.
/!en an interface is in Ta" mode and a Poic#s action is set to Boc, t!e interface &i send a
TCP reset.
True 3ase
'ar for foo& u"
Question 12 of 50.
/!ic! of t!e 8#namic "dates isted eo& are issued on a dai# asis4 (Seect a correct
ans&ers.)
=rig!tCoud * 3itering
Anti-6irus
A""ications
A""ications and T!reats
'ar for foo& u"
Question 13 of 50.
/!ic! of t!e foo&ing CANNOT use t!e source user as a matc! criterion4
Poic# =ased 3or&arding
Anti-6irus Profie
8oS Protection
Secuirt# Poicies
DoS
'ar for foo& u"
Question 14 of 50.
/!ic! of t!e foo&ing must e enaed in order for ser-$8 to function4
Ca"ti6e Porta must e enaed.
ser-$8 must e enaed for t!e source %one of t!e traffic t!at is to e identified.
Ca"ti6e Porta Poicies must e enaed.
7/26/2019 ACE7_exam 1of5
5/14
Securit# Poicies must !a6e t!e ser-$8 o"tion enaed.
'ar for foo& u"
Question 15 of 50.
T!e screens!ot ao6e s!o&s "art of a fire&as configuration. $f "ing traffic can tra6erse t!is
de6ice from e2: to e2:2, &!ic! of t!e foo&ing statements must e True aout t!is fire&as
configuration4 (Seect a correct ans&ers.)
T!ere must e a securit# "oic# rue from $nternet %one to trust %one t!at ao&s "ing.
T!ere must e a""ro"riate routes in t!e defaut 6irtua router.
T!ere must e a 'anagement Profie t!at ao&s "ing. (T!en assign t!at 'anagement Profie toe2:2 and e2:.)
T!ere must e a securit# "oic# rue from trust %one to $nternet %one t!at ao&s "ing.
'ar for foo& u"
Question 16 of 50.
After t!e instaation of t!e T!reat Pre6ention icense, t!e fire&a must e reooted.True 3ase
'ar for foo& u"
Question 17 of 50.
PAN-OS 7.0 introduced a ne& Securit# Profie t#"e. /!at is t!e name of t!is ne& securit# "rofie
t#"e4
'a&are Ana#sis
3ie Ana#sis
T!reat Ana#sis
/id3ire Ana#sis
'ar for foo& u"
Question 18 of 50.
/!ic! of t!e foo&ing is NOT a 6aid o"tion for uit-in C*$ Admin roes4
7/26/2019 ACE7_exam 1of5
6/14
de6iceadmin
su"eruser
de6icereader
read:&rite
'ar for foo& u"
Question 19 of 50.
$n &!ic! of t!e foo&ing can ser-$8 e used to "ro6ide a matc! condition4
Securit# Poicies
NAT Poicies
one Protection Poicies
T!reat Profies
'ar for foo& u"
Question 20 of 50.
After t!e instaation of a ne& A""ication and T!reat dataase, t!e fire&a must e reooted.
True 3ase
'ar for foo& u"
Question 21 of 50.
ser-$8 is enaed in t!e configuration of F
A Securit# Poic#.
A Securit# Profie.
A one.
An $nterface.
'ar for foo& u"
Question 22 of 50.
Enaing G9ig!ig!t nused uesG in t!e Securit# Poic# &indo& &i
9ig!ig!t a rues t!at did not matc! traffic &it!in an administrator-s"ecified time "eriod.
7/26/2019 ACE7_exam 1of5
7/14
8is"a# rues t!at caused a 6aidation error to occur at t!e time a Commit &as "erformed.
9ig!ig!t a rues t!at !a6e not matc!ed traffic since t!e rue &as created or since t!e ast
reoot of t!e fire&a.
Tem"orari# disae rues t!at !a6e not matc!ed traffic since t!e rue &as created or since t!e
ast reoot of t!e fire&a.
'ar for foo& u"
Question 23 of 50.
/!at is t!e defaut 8NS sin!oe address used # t!e Pao Ato Net&ors 3ire&a to cut off
communication4
T!e defaut gate&a# of t!e fire&a.
An# a#er + interface address s"ecified # t!e fire&a administrator.T!e oca oo"ac address.
T!e '>T interface address.
'ar for foo& u"
Question 24 of 50.
/!at is t!e maximum fie si%e of .EHE fies u"oaded from t!e fire&a to /id3ire4
A&a#s 20 mega#tes.
A&a#s mega#tes.
Configurae u" to 20 mega#tes.
Configurae u" to mega#tes.
'ar for foo& u"
Question 25 of 50.
/!en configuring Admin oes for /e $ access, &!at are t!e a6aiae access e6es4
Enae and 8isae on#
None, Su"eruser, 8e6ice Administrator
Enae, ead-On#, and 8isae
Ao& and 8en# on#
'ar for foo& u"
7/26/2019 ACE7_exam 1of5
8/14
Question 26 of 50.
An interface in Virtua /ire mode must e assigned an $P address.
True 3ase
'ar for foo& u"
Question 27 of 50.
C!oose t!e est ans&er $n PAN-OS, t!e /id3ire Suscri"tion Ser6ice ao&s u"dates for ma&are
signatures to e distriuted as often asF
Once an !our
Once a da#
Once e6er# 25 minutesOnce a &ee
'ar for foo& u"
Question 28 of 50.
Coor-coded tags can e used on a of t!e items isted eo& EHCEPT
Vuneraiit# Profiesones
Ser6ice >rou"s
Address O
7/26/2019 ACE7_exam 1of5
9/14
Question 30 of 50.
As t!e Pao Ato Net&ors Administrator res"onsie for ser-$8, #ou need to enae ma""ing of
net&or users t!at do not sign-in using *8AP. /!ic! information source &oud ao& for reiae
ser-$8 ma""ing &!ie re?uiring t!e east effort to configure4
Exc!ange CAS Securit# ogs
/'$ Duer#
Ca"ti6e Porta
Acti6e 8irector# Securit# *ogs
'ar for foo& u"
Question 31 of 50.An enter"rise PI$ s#stem is re?uired to de"o# SS* 3or&ard Prox# decr#"tion ca"aiities.
True 3ase
'ar for foo& u"
Question 32 of 50.
/!ic! t#"e of icense is re?uired to "erform 8ecr#"tion Port 'irroring4
A free PAN-PA-8ecr#"t icense
A suscri"tion-ased SS* Port icense
A suscri"tion-ased PAN-PA-8ecr#"t icense
A Cient 8ecr#"tion icense
'ar for foo& u"
Question 33 of 50.
T!e foo&ing can e configured as a next !o" in a static route
Virtua S#stems
A Poic#-=ased 3or&arding ue
Virtua outer
Virtua S&itc!
'ar for foo& u"
7/26/2019 ACE7_exam 1of5
10/14
Question 34 of 50.
T!e G8ri6e-=# 8o&noadG "rotection feature, under 3ie =ocing "rofies in Content-$8,
"ro6ides
$ncreased s"eed on do&noads of fie t#"es t!at are ex"icit# enaed.T!e aiit# to use Aut!entication Profies, in order to "rotect against un&anted do&noads.
Protection against un&anted do&noads # s!o&ing t!e user a res"onse "age indicating t!at a
fie is going to e do&noaded.
Pass&ord-"rotected access to s"ecific fie do&noads for aut!ori%ed users.
'ar for foo& u"
Question 35 of 50./!ic! statement aout config ocs is True4
A config oc &i ex"ire after @ !ours, uness it &as set # a su"eruser.
A config oc can e remo6ed on# # a su"eruser.
A config oc can on# e remo6ed # t!e administrator &!o set it or # a su"eruser.
A config oc can e remo6ed on# # t!e administrator &!o set it.
'ar for foo& u"
Question 36 of 50.
Taing into account on# t!e information in t!e screens!ot ao6e, ans&er t!e foo&ing ?uestion.
/!ic! a""ications &i e ao&ed on t!eir standard "orts4 (Seect a correct ans&ers.)
=itTorrent
>nutea
SS9
S#"e
'ar for foo& u"
Question 37 of 50.
econnaissance Protection is a feature used to "rotect t!e Pao Ato Net&ors fire&a from "ort
7/26/2019 ACE7_exam 1of5
11/14
scans. To enae t!is feature &it!in t!e >$ go toF
Net&or J Net&or Profies J one Protection
OT PortLs $P Address is 2M.21.2.2:@.
$nitia configuration ma# e accom"is!ed t!ru t!e '>T interface or t!e Consoe "ort.
7/26/2019 ACE7_exam 1of5
12/14
S#stem defauts ma# e restored # "erforming a factor# reset in 'aintenance 'ode.
'ar for foo& u"
Question 42 of 50.
Taing into account on# t!e information in t!e screens!ot ao6e, ans&er t!e foo&ing ?uestion A
s"an "ort or a s&itc! is connected to e2:@, ut t!ere are no traffic ogs. /!ic! of t!e foo&ing
conditions most ie# ex"ains t!is e!a6ior4
T!e interface is not assigned a 6irtua router.
T!e interface is not u".
T!ere is no %one assigned to t!e interface.
T!e interface is not assigned an $P address.
'ar for foo& u"
Question 43 of 50.
Can muti"e administrator accounts e configured on a singe fire&a4
Kes No
'ar for foo& u"
Question 44 of 50.
/!ic! of t!e foo&ing is True of an a""ication fiter4
An a""ication fiter automatica# ada"ts &!en an a""ication mo6es from one $P address to
anot!er.
An a""ication fiter is used # ma&are to e6ade detection # fire&as and anti-6irussoft&are.
An a""ication fiter automatica# incudes a ne& a""ication &!en one of t!e ne&
a""ications c!aracteristics are incuded in t!e fiter.
An a""ication fiter s"ecifies t!e users ao&ed to access an a""ication.
'ar for foo& u"
Question 45 of 50.
As a Pao Ato Net&ors fire&a administrator, #ou !a6e made un&anted c!anges to t!e Candidate
configuration. T!ese c!anges ma# e undone # 8e6ice J Setu" J O"erations J Configuration
7/26/2019 ACE7_exam 1of5
13/14
'anagementJ....and t!en &!at o"eration4
e6ert to unning Configuration
e6ert to ast Sa6ed Configuration
*oad Configuration Version
$m"ort Named Configuration Sna"s!ot
'ar for foo& u"
Question 46 of 50.
/!ic! "re-defined Admin oe !as a rig!ts exce"t t!e rig!ts to create administrati6e accounts
and 6irtua s#stems4
A custom admin roe must e created for t!is s"ecific comination of rig!ts.
6s#sadmin
8e6ice Administrator
Su"eruser
'ar for foo& u"
Question 47 of 50.
Considering t!e information in t!e screens!ot ao6e, &!at is t!e order of e6auation for t!is *
3itering Profie4
* Categories (=rig!tCoud or PAN-8=), Custom Categories, =oc *ist, Ao& *ist.
=oc *ist, Ao& *ist, * Categories (=rig!tCoud or PAN-8=), Custom Categories.
Ao& *ist, =oc *ist, Custom Categories, * Categories (=rig!tCoud or PAN-8=).
=oc *ist, Ao& *ist, Custom Categories, * Categories (=rig!tCoud or PAN-8=).
'ar for foo& u"
Question 48 of 50.
/!ic! in is used # an Acti6e:Passi6e custer to s#nc!roni%e session information4
T!e "in
T!e 'anagement *in
T!e Contro *inT!e 8ata *in
7/26/2019 ACE7_exam 1of5
14/14
'ar for foo& u"
Question 49 of 50.
=esides seecting t!e 9earteat =acu" o"tion &!en creating an Acti6e-Passi6e 9A Pair, &!ic! of
t!e foo&ing aso "re6ents GS"it-=rainG4
Creating a custom interface under Ser6ice oute Configuration, and assigning t!is interface as
t!e acu" 9A in.
nder BPacet 3or&arding, seecting t!e V S#nc c!ecox.
Configuring a acu" 9A in t!at "oints to t!e '>T interface of t!e ot!er de6ice in t!e "air.
Configuring an inde"endent acu" 9A2 in.
'ar for foo& u"
Question 50 of 50.
As t!e Pao Ato Net&ors Administrator #ou !a6e enaed A""ication =oc "ages. After&ards,
not no&ing t!e# are attem"ting to access a oced &e-ased a""ication, users ca t!e 9e"
8es to com"ain aout net&or connecti6it# issues. /!at is t!e cause of t!e increased numer of
!e" des cas4
T!e 3ie =ocing =oc Page &as disaed.
Some A""-$8Ls are set &it! a Session Timeout 6aue t!at is too o&.
A""ication =oc Pages &i on# e dis"a#ed &!en Ca"ti6e Porta is configured.
T!e fire&a admin did not create a custom res"onse "age to notif# "otentia users t!at t!eir
attem"t to access t!e &e-ased a""ication is eing oced due to com"an# "oic#.
'ar for foo& u"