Escolar Documentos
Profissional Documentos
Cultura Documentos
ACE 8.1
Question 1 of 45.
Question 2 of 45.
Question 3 of 45.
An Antivirus Security Profile specifies Actions and WildFire Actions. Wildfire Actions enable you to configure the firewall to
perform which operation?
Question 4 of 45.
An Interface Management Profile can be attached to which two interface types? (Choose two.)
Tap
Loopback
Layer 2
Virtual Wire
Layer 3
Mark for follow up
Question 5 of 45.
App ID running on a firewall identifies applications using which three methods? (Choose three )
https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=431337b0-bb1c-4c11-867e-f4e673545ac9&evalLvl=5&redirect_url=%2fphnx%… 1/10
20/4/2019 Realize Your Potential: paloaltonetworks
App-ID running on a firewall identifies applications using which three methods? (Choose three.)
PAN-DB lookups
Application signatures
WildFire lookups
Known protocol decoders
Program heuristics
Mark for follow up
Question 6 of 45.
Application block pages can be enabled for which applications?
any
MGT port-based
web-based
non-TCP/IP
Mark for follow up
Question 7 of 45.
For which firewall feature should you create forward trust and forward untrust certificates?
SSH decryption
SSL client-side certificate checking
SSL forward proxy decryption
SSL Inbound Inspection decryption
Mark for follow up
Question 8 of 45.
If a DNS sinkhole is configured, any sinkhole actions indicating a potentially infected host are recorded in which log type?
Traffic
WildFire Submissions
Threat
Data Filtering
Mark for follow up
Question 9 of 45.
If there is an HA configuration mismatch between firewalls during peer negotiation, which state will the passive firewall enter?
INITIAL
NON-FUNCTIONAL
ACTIVE
PASSIVE
Mark for follow up
Question 10 of 45.
In a destination NAT configuration, which option accurately completes the following sentence? A Security policy rule should
be written to match the _______.
https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=431337b0-bb1c-4c11-867e-f4e673545ac9&evalLvl=5&redirect_url=%2fphnx%… 2/10
20/4/2019 Realize Your Potential: paloaltonetworks
post-NAT source and destination addresses, but the pre-NAT destination zone
original pre-NAT source and destination addresses, but the post-NAT destination zone
post-NAT source and destination addresses, and the post-NAT destination zone
original pre-NAT source and destination addresses, and the pre-NAT destination zone
Mark for follow up
Question 11 of 45.
In an HA configuration, which three components are synchronized between the pair of firewalls? (Choose three.)
logs
networks
objects
policies
Mark for follow up
Question 12 of 45.
In an HA configuration, which three functions are associated with the HA1 Control Link? (Choose three.)
exchanging hellos
synchronizing configuration
exchanging heartbeats
synchronizing sessions
Mark for follow up
Question 13 of 45.
In an HA configuration, which two failure detection methods rely on ICMP ping? (Choose two.)
hellos
path monitoring
heartbeats
link groups
Mark for follow up
Question 14 of 45.
On a firewall that has 32 Ethernet ports and is configured with a dynamic IP and port (DIPP) NAT oversubscription rate of 2x,
what is the maximum number of concurrent sessions supported by each available IP address?
32
128K
64
64K
Mark for follow up
Question 15 of 45.
SSL Inbound Inspection requires that the firewall be configured with which two components? (Choose two.)
https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=431337b0-bb1c-4c11-867e-f4e673545ac9&evalLvl=5&redirect_url=%2fphnx%… 3/10
20/4/2019 Realize Your Potential: paloaltonetworks
Question 16 of 45.
The Threat log records events from which three Security Profiles? (Choose three.)
Vulnerability Protection
Antivirus
Anti-Spyware
URL Filtering
WildFire Analysis
File Blocking
Mark for follow up
Question 17 of 45.
Question 18 of 45.
What are three connection methods for the GlobalProtect agent? (Choose three.)
Captcha portal
Pre-Logon
User-Logon
On-demand
Mark for follow up
Question 19 of 45.
What is a characteristic of Dynamic Admin Roles?
Question 20 of 45.
What is a use case for deploying Palo Alto Networks NGFW in the public cloud?
https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=431337b0-bb1c-4c11-867e-f4e673545ac9&evalLvl=5&redirect_url=%2fphnx%… 4/10
20/4/2019 Realize Your Potential: paloaltonetworks
Question 21 of 45.
Question 22 of 45.
Which condition must exist before a firewall's in-band interface can process traffic?
Question 23 of 45.
Which four actions can be applied to traffic matching a URL Filtering Security Profile? (Choose four.)
Continue
Reset Client
Block
Reset Server
Override
Alert
Mark for follow up
Question 24 of 45.
Which statement describes a function provided by an Interface Management Profile?
Question 25 of 45.
Which statement describes the Export named configuration snapshot operation?
The candidate configuration is transferred from memory to the firewall' s storage device.
A copy of the configuration is uploaded to the cloud as a backup.
The running configuration is transferred from memory to the firewall' s storage device.
A saved configuration is transferred to an external host s storage device.
https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=431337b0-bb1c-4c11-867e-f4e673545ac9&evalLvl=5&redirect_url=%2fphnx%… 5/10
20/4/2019 Realize Your Potential: paloaltonetworks
Question 26 of 45.
Which statement is true about a URL Filtering Profile override password?
Question 27 of 45.
Which three are valid configuration options in a WildFire Analysis Profile? (Choose three.)
Question 28 of 45.
Which three components can be sent to WildFire for analysis? (Choose three.)
Question 29 of 45.
Which three interface types can control or shape network traffic? (Choose three.)
Virtual Wire
Layer 2
Layer 3
Tap
Mark for follow up
Question 30 of 45.
Which three MGT port configuration settings are required in order to access the WebUI from a remote subnet? (Choose three.)
Default gateway
IP address
Hostname
Netmask
Mark for follow up
https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=431337b0-bb1c-4c11-867e-f4e673545ac9&evalLvl=5&redirect_url=%2fphnx%… 6/10
20/4/2019 Realize Your Potential: paloaltonetworks
Question 31 of 45.
Which three statements are true regarding sessions on the firewall? (Choose three.)
Question 32 of 45.
Which two file types can be sent to WildFire for analysis if a firewall has only a standard subscription service? (Choose two.)
.dll
.exe
.pdf
.jar
Mark for follow up
Question 33 of 45.
Which two User-ID methods are used to verify known IP address-to-user mappings? (Choose two.)
Session Monitoring
Server Monitoring
Captive Portal
Client Probing
Mark for follow up
Question 34 of 45.
Which type of content update does NOT have to be scheduled for download on the firewall?
Question 35 of 45.
Which user mapping method is recommended for a highly mobile user base?
Session Monitoring
Server Monitoring
Client Probing
GlobalProtect
Mark for follow up
Question 36 of 45.
Which User-ID user mapping method is recommended for environments where users frequently change IP addresses?
https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=431337b0-bb1c-4c11-867e-f4e673545ac9&evalLvl=5&redirect_url=%2fphnx%… 7/10
20/4/2019 Realize Your Potential: paloaltonetworks
Session Monitoring
Server Monitoring
Captive Portal
Client Probing
Mark for follow up
Question 37 of 45.
Which file must be downloaded from the firewall to create a Heatmap and Best Practices Assessment report?
Question 38 of 45.
GlobalProtect clientless VPN provides secure remote access to web applications that use which three technologies? (Choose
three.)
HTML5
JavaScript
HTML
Python
Ruby
Java
Mark for follow up
Question 39 of 45.
What is the maximum number of WildFire® appliances that can be grouped in to a WildFire® appliance cluster?
32
24
20
12
Mark for follow up
Question 40 of 45.
The decryption broker feature is supported by which three Palo Alto Networks firewall series? (Choose three.)
PA-5200
PA-3200
PA-5000
PA-7000
PA-3000
PA-220
Mark for follow up
Question 41 of 45.
https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=431337b0-bb1c-4c11-867e-f4e673545ac9&evalLvl=5&redirect_url=%2fphnx%… 8/10
20/4/2019 Realize Your Potential: paloaltonetworks
Which three HTTP header insertion types are predefined? (Choose three.)
WebEx
YouTube
Google
Dropbox
Slack
Box
Mark for follow up
Question 42 of 45.
Which VM-Series model was introduced with the release of PAN-OS® 8.1?
VM-300 Lite
VM-200 Lite
VM-100 Lite
VM-50 Lite
Mark for follow up
Question 43 of 45.
Which cloud computing platform provides shared resources, servers, and storage in a pay-as-you-go model?
public
hybrid
private
community
Mark for follow up
Question 44 of 45.
Cloud security is a shared responsibility between the cloud provider and the customer. Which security platform is the cloud
provider responsible for?
foundation services
encryption management
firewall and network traffic
identity and access management
Mark for follow up
Question 45 of 45.
Which essential cloud characteristic is designed for applications that will be required to run on all platforms including
smartphones, tablets, and laptops?
rapid elasticity
measured services
broad network access
on-demand self service
Mark for follow up
https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=431337b0-bb1c-4c11-867e-f4e673545ac9&evalLvl=5&redirect_url=%2fphnx%… 9/10
20/4/2019 Realize Your Potential: paloaltonetworks
https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=431337b0-bb1c-4c11-867e-f4e673545ac9&evalLvl=5&redirect_url=%2fphnx… 10/10