7/26/2019 ACE7_exam 1of5

1/14

Test - Accredited Configuration Engineer (ACE) Exam - PAN-OS 7.0 Version

ACE Exam

Question 1 of 50.

Seect t!e im"icit rues t!at are a""ied to traffic t!at fais to matc! an# administrator-defined

Securit# Poicies. (C!oose a rues t!at are correct.)

$ntra-%one traffic is ao&ed

$nter-%one traffic is denied

$ntra-%one traffic is denied

$nter-%one traffic is ao&ed

'ar for foo& u"

Question 2 of 50.

$n order to route traffic et&een *a#er + interfaces on t!e Pao Ato Net&ors fire&a, #ou need a

Virtua outer

V*AN

Virtua /ire

Securit# Profie

'ar for foo& u"

Question 3 of 50.

sing t!e AP$ in PAN-OS 1.2, /id3ire suscriers can u"oad u" to !o& man# sam"es "er da#4

50

20

2000

500

'ar for foo& u"

7/26/2019 ACE7_exam 1of5

2/14

Question 4 of 50.

/id3ire ma# e used for identif#ing &!ic! of t!e foo&ing t#"es of traffic4

$P6

89CP

'a&are

OSP3

'ar for foo& u"

Question 5 of 50.

/it!out a /id3ire suscri"tion, &!ic! of t!e foo&ing fies can e sumitted # t!e 3ire&a to

t!e !osted /id3ire 6irtuai%ed sandox4

'S Office doc:docx, xs:xsx, and ""t:""tx fies on#

P83 fies on#

PE fies on#

PE and ;a6a A""et (

7/26/2019 ACE7_exam 1of5

3/14

=>P

$P62

$S$S

STP

'ar for foo& u"

Question 8 of 50.

/!ic! of t!e foo&ing interface t#"es can !a6e an $P address assigned to it4

*a#er +

*a#er

Ta"

Virtua /ire

'ar for foo& u"

Question 9 of 50.

sers ma# e aut!enticated se?uentia# to muti"e aut!entication ser6ers # configuring

An Aut!entication Se?uence.

'uti"e A8$S ser6ers s!aring a VSA configuration.

A custom Administrator Profie.

An Aut!entication Profie.

'ar for foo& u"

Question 10 of 50.

Taing into account on# t!e information in t!e screens!ot ao6e, ans&er t!e foo&ing ?uestion.

An administrator is "inging @.@.@.@ and fais to recei6e a res"onse. /!at is t!e most ie# reason

for t!e ac of res"onse4

T!e interface is do&n.

T!ere is no route ac to t!e mac!ine originating t!e "ing.

T!ere is no 'anagement Profie.

T!ere is a Securit# Poic# t!at "re6ents "ing.

'ar for foo& u"

7/26/2019 ACE7_exam 1of5

4/14

Question 11 of 50.

/!en an interface is in Ta" mode and a Poic#s action is set to Boc, t!e interface &i send a

TCP reset.

True 3ase

'ar for foo& u"

Question 12 of 50.

/!ic! of t!e 8#namic "dates isted eo& are issued on a dai# asis4 (Seect a correct

ans&ers.)

=rig!tCoud * 3itering

Anti-6irus

A""ications

A""ications and T!reats

'ar for foo& u"

Question 13 of 50.

/!ic! of t!e foo&ing CANNOT use t!e source user as a matc! criterion4

Poic# =ased 3or&arding

Anti-6irus Profie

8oS Protection

Secuirt# Poicies

DoS

'ar for foo& u"

Question 14 of 50.

/!ic! of t!e foo&ing must e enaed in order for ser-$8 to function4

Ca"ti6e Porta must e enaed.

ser-$8 must e enaed for t!e source %one of t!e traffic t!at is to e identified.

Ca"ti6e Porta Poicies must e enaed.

7/26/2019 ACE7_exam 1of5

5/14

Securit# Poicies must !a6e t!e ser-$8 o"tion enaed.

'ar for foo& u"

Question 15 of 50.

T!e screens!ot ao6e s!o&s "art of a fire&as configuration. $f "ing traffic can tra6erse t!is

de6ice from e2: to e2:2, &!ic! of t!e foo&ing statements must e True aout t!is fire&as

configuration4 (Seect a correct ans&ers.)

T!ere must e a securit# "oic# rue from $nternet %one to trust %one t!at ao&s "ing.

T!ere must e a""ro"riate routes in t!e defaut 6irtua router.

T!ere must e a 'anagement Profie t!at ao&s "ing. (T!en assign t!at 'anagement Profie toe2:2 and e2:.)

T!ere must e a securit# "oic# rue from trust %one to $nternet %one t!at ao&s "ing.

'ar for foo& u"

Question 16 of 50.

After t!e instaation of t!e T!reat Pre6ention icense, t!e fire&a must e reooted.True 3ase

'ar for foo& u"

Question 17 of 50.

PAN-OS 7.0 introduced a ne& Securit# Profie t#"e. /!at is t!e name of t!is ne& securit# "rofie

t#"e4

'a&are Ana#sis

3ie Ana#sis

T!reat Ana#sis

/id3ire Ana#sis

'ar for foo& u"

Question 18 of 50.

/!ic! of t!e foo&ing is NOT a 6aid o"tion for uit-in C*$ Admin roes4

7/26/2019 ACE7_exam 1of5

6/14

de6iceadmin

su"eruser

de6icereader

read:&rite

'ar for foo& u"

Question 19 of 50.

$n &!ic! of t!e foo&ing can ser-$8 e used to "ro6ide a matc! condition4

Securit# Poicies

NAT Poicies

one Protection Poicies

T!reat Profies

'ar for foo& u"

Question 20 of 50.

After t!e instaation of a ne& A""ication and T!reat dataase, t!e fire&a must e reooted.

True 3ase

'ar for foo& u"

Question 21 of 50.

ser-$8 is enaed in t!e configuration of F

A Securit# Poic#.

A Securit# Profie.

A one.

An $nterface.

'ar for foo& u"

Question 22 of 50.

Enaing G9ig!ig!t nused uesG in t!e Securit# Poic# &indo& &i

9ig!ig!t a rues t!at did not matc! traffic &it!in an administrator-s"ecified time "eriod.

7/26/2019 ACE7_exam 1of5

7/14

8is"a# rues t!at caused a 6aidation error to occur at t!e time a Commit &as "erformed.

9ig!ig!t a rues t!at !a6e not matc!ed traffic since t!e rue &as created or since t!e ast

reoot of t!e fire&a.

Tem"orari# disae rues t!at !a6e not matc!ed traffic since t!e rue &as created or since t!e

ast reoot of t!e fire&a.

'ar for foo& u"

Question 23 of 50.

/!at is t!e defaut 8NS sin!oe address used # t!e Pao Ato Net&ors 3ire&a to cut off

communication4

T!e defaut gate&a# of t!e fire&a.

An# a#er + interface address s"ecified # t!e fire&a administrator.T!e oca oo"ac address.

T!e '>T interface address.

'ar for foo& u"

Question 24 of 50.

/!at is t!e maximum fie si%e of .EHE fies u"oaded from t!e fire&a to /id3ire4

A&a#s 20 mega#tes.

A&a#s mega#tes.

Configurae u" to 20 mega#tes.

Configurae u" to mega#tes.

'ar for foo& u"

Question 25 of 50.

/!en configuring Admin oes for /e $ access, &!at are t!e a6aiae access e6es4

Enae and 8isae on#

None, Su"eruser, 8e6ice Administrator

Enae, ead-On#, and 8isae

Ao& and 8en# on#

'ar for foo& u"

7/26/2019 ACE7_exam 1of5

8/14

Question 26 of 50.

An interface in Virtua /ire mode must e assigned an $P address.

True 3ase

'ar for foo& u"

Question 27 of 50.

C!oose t!e est ans&er $n PAN-OS, t!e /id3ire Suscri"tion Ser6ice ao&s u"dates for ma&are

signatures to e distriuted as often asF

Once an !our

Once a da#

Once e6er# 25 minutesOnce a &ee

'ar for foo& u"

Question 28 of 50.

Coor-coded tags can e used on a of t!e items isted eo& EHCEPT

Vuneraiit# Profiesones

Ser6ice >rou"s

Address O

7/26/2019 ACE7_exam 1of5

9/14

Question 30 of 50.

As t!e Pao Ato Net&ors Administrator res"onsie for ser-$8, #ou need to enae ma""ing of

net&or users t!at do not sign-in using *8AP. /!ic! information source &oud ao& for reiae

ser-$8 ma""ing &!ie re?uiring t!e east effort to configure4

Exc!ange CAS Securit# ogs

/'$ Duer#

Ca"ti6e Porta

Acti6e 8irector# Securit# *ogs

'ar for foo& u"

Question 31 of 50.An enter"rise PI$ s#stem is re?uired to de"o# SS* 3or&ard Prox# decr#"tion ca"aiities.

True 3ase

'ar for foo& u"

Question 32 of 50.

/!ic! t#"e of icense is re?uired to "erform 8ecr#"tion Port 'irroring4

A free PAN-PA-8ecr#"t icense

A suscri"tion-ased SS* Port icense

A suscri"tion-ased PAN-PA-8ecr#"t icense

A Cient 8ecr#"tion icense

'ar for foo& u"

Question 33 of 50.

T!e foo&ing can e configured as a next !o" in a static route

Virtua S#stems

A Poic#-=ased 3or&arding ue

Virtua outer

Virtua S&itc!

'ar for foo& u"

7/26/2019 ACE7_exam 1of5

10/14

Question 34 of 50.

T!e G8ri6e-=# 8o&noadG "rotection feature, under 3ie =ocing "rofies in Content-$8,

"ro6ides

$ncreased s"eed on do&noads of fie t#"es t!at are ex"icit# enaed.T!e aiit# to use Aut!entication Profies, in order to "rotect against un&anted do&noads.

Protection against un&anted do&noads # s!o&ing t!e user a res"onse "age indicating t!at a

fie is going to e do&noaded.

Pass&ord-"rotected access to s"ecific fie do&noads for aut!ori%ed users.

'ar for foo& u"

Question 35 of 50./!ic! statement aout config ocs is True4

A config oc &i ex"ire after @ !ours, uness it &as set # a su"eruser.

A config oc can e remo6ed on# # a su"eruser.

A config oc can on# e remo6ed # t!e administrator &!o set it or # a su"eruser.

A config oc can e remo6ed on# # t!e administrator &!o set it.

'ar for foo& u"

Question 36 of 50.

Taing into account on# t!e information in t!e screens!ot ao6e, ans&er t!e foo&ing ?uestion.

/!ic! a""ications &i e ao&ed on t!eir standard "orts4 (Seect a correct ans&ers.)

=itTorrent

>nutea

SS9

S#"e

'ar for foo& u"

Question 37 of 50.

econnaissance Protection is a feature used to "rotect t!e Pao Ato Net&ors fire&a from "ort

7/26/2019 ACE7_exam 1of5

11/14

scans. To enae t!is feature &it!in t!e >$ go toF

Net&or J Net&or Profies J one Protection

OT PortLs $P Address is 2M.21.2.2:@.

$nitia configuration ma# e accom"is!ed t!ru t!e '>T interface or t!e Consoe "ort.

7/26/2019 ACE7_exam 1of5

12/14

S#stem defauts ma# e restored # "erforming a factor# reset in 'aintenance 'ode.

'ar for foo& u"

Question 42 of 50.

Taing into account on# t!e information in t!e screens!ot ao6e, ans&er t!e foo&ing ?uestion A

s"an "ort or a s&itc! is connected to e2:@, ut t!ere are no traffic ogs. /!ic! of t!e foo&ing

conditions most ie# ex"ains t!is e!a6ior4

T!e interface is not assigned a 6irtua router.

T!e interface is not u".

T!ere is no %one assigned to t!e interface.

T!e interface is not assigned an $P address.

'ar for foo& u"

Question 43 of 50.

Can muti"e administrator accounts e configured on a singe fire&a4

Kes No

'ar for foo& u"

Question 44 of 50.

/!ic! of t!e foo&ing is True of an a""ication fiter4

An a""ication fiter automatica# ada"ts &!en an a""ication mo6es from one $P address to

anot!er.

An a""ication fiter is used # ma&are to e6ade detection # fire&as and anti-6irussoft&are.

An a""ication fiter automatica# incudes a ne& a""ication &!en one of t!e ne&

a""ications c!aracteristics are incuded in t!e fiter.

An a""ication fiter s"ecifies t!e users ao&ed to access an a""ication.

'ar for foo& u"

Question 45 of 50.

As a Pao Ato Net&ors fire&a administrator, #ou !a6e made un&anted c!anges to t!e Candidate

configuration. T!ese c!anges ma# e undone # 8e6ice J Setu" J O"erations J Configuration

7/26/2019 ACE7_exam 1of5

13/14

'anagementJ....and t!en &!at o"eration4

e6ert to unning Configuration

e6ert to ast Sa6ed Configuration

*oad Configuration Version

$m"ort Named Configuration Sna"s!ot

'ar for foo& u"

Question 46 of 50.

/!ic! "re-defined Admin oe !as a rig!ts exce"t t!e rig!ts to create administrati6e accounts

and 6irtua s#stems4

A custom admin roe must e created for t!is s"ecific comination of rig!ts.

6s#sadmin

8e6ice Administrator

Su"eruser

'ar for foo& u"

Question 47 of 50.

Considering t!e information in t!e screens!ot ao6e, &!at is t!e order of e6auation for t!is *

3itering Profie4

* Categories (=rig!tCoud or PAN-8=), Custom Categories, =oc *ist, Ao& *ist.

=oc *ist, Ao& *ist, * Categories (=rig!tCoud or PAN-8=), Custom Categories.

Ao& *ist, =oc *ist, Custom Categories, * Categories (=rig!tCoud or PAN-8=).

=oc *ist, Ao& *ist, Custom Categories, * Categories (=rig!tCoud or PAN-8=).

'ar for foo& u"

Question 48 of 50.

/!ic! in is used # an Acti6e:Passi6e custer to s#nc!roni%e session information4

T!e "in

T!e 'anagement *in

T!e Contro *inT!e 8ata *in

7/26/2019 ACE7_exam 1of5

14/14

'ar for foo& u"

Question 49 of 50.

=esides seecting t!e 9earteat =acu" o"tion &!en creating an Acti6e-Passi6e 9A Pair, &!ic! of

t!e foo&ing aso "re6ents GS"it-=rainG4

Creating a custom interface under Ser6ice oute Configuration, and assigning t!is interface as

t!e acu" 9A in.

nder BPacet 3or&arding, seecting t!e V S#nc c!ecox.

Configuring a acu" 9A in t!at "oints to t!e '>T interface of t!e ot!er de6ice in t!e "air.

Configuring an inde"endent acu" 9A2 in.

'ar for foo& u"

Question 50 of 50.

As t!e Pao Ato Net&ors Administrator #ou !a6e enaed A""ication =oc "ages. After&ards,

not no&ing t!e# are attem"ting to access a oced &e-ased a""ication, users ca t!e 9e"

8es to com"ain aout net&or connecti6it# issues. /!at is t!e cause of t!e increased numer of

!e" des cas4

T!e 3ie =ocing =oc Page &as disaed.

Some A""-$8Ls are set &it! a Session Timeout 6aue t!at is too o&.

A""ication =oc Pages &i on# e dis"a#ed &!en Ca"ti6e Porta is configured.

T!e fire&a admin did not create a custom res"onse "age to notif# "otentia users t!at t!eir

attem"t to access t!e &e-ased a""ication is eing oced due to com"an# "oic#.

'ar for foo& u"