Professional Documents
Culture Documents
ACE 8.1
Question 1 of 45.
Question 2 of 45.
Question 3 of 45.
An Interface Management Profile can be attached to which two interface types? (Choose two.)
Layer 2
Virtual Wire
Layer 3
Tap
Loopback
Question 4 of 45.
web-based
https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=431337b0-bb1c-4c1... 5/12/2018
Realize Your Potential: paloaltonetworks Page 2 of 12
non-TCP/IP
any
MGT port-based
Question 5 of 45.
Because a firewall examines every packet in a session, a firewall can detect application ________?
groups
filters
errors
shifts
Question 6 of 45.
Finding URLs matched to the not-resolved URL category in the URL Filtering log file might indicate that you
should take which action?
Question 7 of 45.
For which firewall feature should you create forward trust and forward untrust certificates?
SSH decryption
Question 8 of 45.
https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=431337b0-bb1c-4c1... 5/12/2018
Realize Your Potential: paloaltonetworks Page 3 of 12
If there is an HA configuration mismatch between firewalls during peer negotiation, which state will the passive
firewall enter?
NON-FUNCTIONAL
PASSIVE
ACTIVE
INITIAL
Question 9 of 45.
In an HA configuration, which three components are synchronized between the pair of firewalls? (Choose three.)
networks
policies
objects
logs
Question 10 of 45.
In an HA configuration, which three functions are associated with the HA1 Control Link? (Choose three.)
synchronizing configuration
synchronizing sessions
exchanging heartbeats
exchanging hellos
Question 11 of 45.
In an HA configuration, which two failure detection methods rely on ICMP ping? (Choose two.)
hellos
heartbeats
link groups
path groups
Question 12 of 45.
https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=431337b0-bb1c-4c1... 5/12/2018
Realize Your Potential: paloaltonetworks Page 4 of 12
On a firewall that has 32 Ethernet ports and is configured with a dynamic IP and port (DIPP) NAT oversubscription
rate of 2x, what is the maximum number of concurrent sessions supported by each available IP address?
32
64
64K
128K
Question 13 of 45.
Which two user mapping methods are supported by the User-ID integrated agent? (Choose two.)
WMI probing
Client Probing
LDAP Filters
NetBIOS Probing
Question 14 of 45.
SSL Inbound Inspection requires that the firewall be configured with which two components? (Choose two.)
client's public key
server's private key
Question 15 of 45.
The firewall acts as a proxy for which two types of traffic? (Choose two.)
SSH
Non-SSL
SSL outbound
SSL Inbound Inspection
Question 16 of 45.
The Threat log records events from which three Security Profiles? (Choose three.)
https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=431337b0-bb1c-4c1... 5/12/2018
Realize Your Potential: paloaltonetworks Page 5 of 12
Antivirus
Vulnerability Protection
URL Filtering
WildFire Analysis
File Blocking
Anti-Spyware
Question 17 of 45.
The WildFire Portal website supports which three operations? (Choose three.)
request firewall WildFire licenses
view WildFire verdicts
upload files to WildFire for analysis
report incorrect verdicts
Question 18 of 45.
What are two benefits of attaching a Decryption Profile to a Decryption policy no-decrypt rule? (Choose two.)
acceptable protocol checking
expired certificate checking
untrusted certificate checking
Question 19 of 45.
Question 20 of 45.
https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=431337b0-bb1c-4c1... 5/12/2018
Realize Your Potential: paloaltonetworks Page 6 of 12
What is a use case for deploying Palo Alto Networks NGFW in the public cloud?
Question 21 of 45.
Question 22 of 45.
Where does a GlobalProtect client connect to first when trying to connect to the network?
AD agent
GlobalProtect Portal
User-ID agent
GlobalProtect Gateway
Question 23 of 45.
Which action in a File Blocking Security Profile results in the user being prompted to verify a file transfer?
Block
Alert
Continue
Allow
Question 24 of 45.
https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=431337b0-bb1c-4c1... 5/12/2018
Realize Your Potential: paloaltonetworks Page 7 of 12
Which condition must exist before a firewall's in-band interface can process traffic?
Question 25 of 45.
dependent applications
implicit applications
application filter
application group
Question 26 of 45.
Which interface type does NOT require any configuration changes to adjacent network devices?
Virtual Wire
Layer 3
Tap
Layer 2
Question 27 of 45.
Virtual Wire
Layer 3
HA
VLAN
https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=431337b0-bb1c-4c1... 5/12/2018
Realize Your Potential: paloaltonetworks Page 8 of 12
Question 28 of 45.
Question 29 of 45.
The candidate configuration is transferred from memory to the firewall's storage device.
The running configuration is transferred from memory to the firewall's storage device.
A saved configuration is transferred to an external hosts storage device.
Question 30 of 45.
Question 31 of 45.
Which three are valid configuration options in a WildFire Analysis Profile? (Choose three.)
file types
direction
https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=431337b0-bb1c-4c1... 5/12/2018
Realize Your Potential: paloaltonetworks Page 9 of 12
Question 32 of 45.
Which three components can be sent to WildFire for analysis? (Choose three.)
MGT interface traffic
email attachments
files traversing the firewall
URL links found in email
Question 33 of 45.
Which three interface types can control or shape network traffic? (Choose three.)
Layer 2
Tap
Virtual Wire
Layer 3
Question 34 of 45.
Which three MGT port configuration settings are required in order to access the WebUI? (Choose three.)
Hostname
Netmask
Default gateway
IP address
Question 35 of 45.
Which three network modes are supported by active/passive HA? (Choose three.)
Layer 2
Tap
Virtual Wire
Layer 3
Question 36 of 45.
https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=431337b0-bb1c-4c1... 5/12/2018
Realize Your Potential: paloaltonetworks Page 10 of 12
Which three statements are true regarding sessions on the firewall? (Choose three.)
The only session information tracked in the session logs are the five-tuples.
Return traffic is allowed.
Sessions are always matched to a Security policy rule.
Network packets are always matched to a session.
Question 37 of 45.
Which two file types can be sent to WildFire for analysis if a firewall has only a standard subscription service?
(Choose two.)
.pdf
.jar
.dll
.exe
Question 38 of 45.
Which two User-ID methods are used to verify known IP address-to-user mappings? (Choose two.)
Captive Portal
Client Probing
Session Monitoring
Server Monitoring
Question 39 of 45.
Which User-ID user mapping method is recommended for environments where users frequently change IP
addresses?
Captive Portal
Client Probing
Session Monitoring
Server Monitoring
Question 40 of 45.
https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=431337b0-bb1c-4c1... 5/12/2018
Realize Your Potential: paloaltonetworks Page 11 of 12
Which file must be downloaded from the firewall to create a Heatmap and Best Practices Assessment report?
Question 41 of 45.
Which three subscription services are included as part of the GlobalProtect cloud service? (Choose three.)
URL Filtering
Threat Prevention
Aperture
WildFire®
AutoFocus
Panorama
Question 42 of 45.
The decryption broker feature is supported by which three Palo Alto Networks firewall series? (Choose three.)
PA-3000
PA-5000
PA-5200
PA-3200
VM-Series
PA-7000
Question 43 of 45.
Which VM-Series model was introduced with the release of PAN-OS® 8.1?
VM-50 Lite
VM-200 Lite
VM-300 Lite
VM-100 Lite
https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=431337b0-bb1c-4c1... 5/12/2018
Realize Your Potential: paloaltonetworks Page 12 of 12
Question 44 of 45.
Which cloud computing service model will enable an application developer to develop, manage, and test their
applications without the expense of purchasing equipment?
code as a service
software as a service
infrastructure as a service
platform as a service
Question 45 of 45.
Which essential cloud characteristic is designed for applications that will be required to run on all platforms
including smartphones, tablets, and laptops?
rapid elasticity
broad network access
https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=431337b0-bb1c-4c1... 5/12/2018