Test - Accredited Configuration Engineer (ACE) Exam - PAN-OS 7.0 Version
ACE Exam
Question 1 of 50.
As of PAN-OS 7.0, when configuring a Decryption Policy Rule, which of the following is NOT an available option as matching criteria in the rule? *
URL
Category Application Source Zone Source User Service
Mark for follow up
Question 2 of 50.
PAN-OS 7.0 introduced a new Security Profile type. What is the name of this new security profile type? *
Threat Analysis
WildFire Analysis File Analysis Malware Analysis
Mark for follow up
Question 3 of 50.
Which of the following most accurately describes Dynamic IP in a Source NAT configuration? *
A single IP address is used, and the source port number is changed.
The next available IP address in the configured pool is used, but the source port number is unchanged.
A single IP address is used, and the source port number is unchanged.
The next available address in the configured pool is used, and the source port number is changed.
Mark for follow up
Question 4 of 50.
Palo Alto Networks offers WildFire users three solution types. These solution types are the WildFire Public Cloud, The WF-500 Private Appliance, and the WildFire Hybrid solution. What is the main reason and purpose for the WildFire Hybrid solution? *
The WildFire Hybrid solution enables outside companies to share the same WF-500 Appliance while at the same time allowing them to send only their private files to the
private WF-500.
The WildFire Hybrid solution enables companies to send to the WF-500 Private Appliance keeping them internal to their network, as well providing the option to send other, general files to the WildFire Public Cloud for analysis.
The WildFire Hybrid solution places WF-500s at multiple places in the cloud, so that firewall appliances distributed throughout an enterprise's network receive WildFire verdicts with minimal latency while retaining data privacy.
The WildFire Hybrid solution is only offered to companies that have sensitive files to protect and does not require a WildFire subscription.
Mark for follow up
Question 5 of 50.
Which of the following interface types can have an IP address assigned to it? *
Layer 3
Layer 2 Tap Virtual Wire
Mark for follow up
Question 6 of 50.
True or False: The PAN-DB URL Filtering Service is offered as both a Private Cloud solution and a Public Cloud solution.
True
Mark for follow up
Question 7 of 50.
True or False: The WildFire Analysis Profile can only be configured to send unknown files to the WildFire Public Cloud only. True
Mark for follow up
Question 8 of 50.
All of the interfaces on a Palo Alto Networks device must be of the same interface type. True
Mark for follow up
Question 9 of 50.
What is the maximum file size of .EXE files uploaded from the firewall to WildFire?
False
False
False
*
Always 10 megabytes.
Configurable megabytes.
up
to
10
Configurable up to 2 megabytes. Always 2 megabytes.
Mark for follow up
Question 10 of 50.
Attackers will employ a number of tactics to hide malware. One such tactic is to encode and/or compress the file so as to hide the malware. With PAN-OS 7.0 the firewall can decode up to four levels. But if an attacker has encoded the file beyond four levels, what can you as an administer do to protect your users? *
Create a Decryption Profile for multi-level encoded files and apply it to a Decryption Policy.
Create a File Blocking Profile for multi-level encoded files with the action set to block. Create a File Blocking Profile for multi-level encoded files and apply it to a Decryption Policy.
Create a Decryption Policy for multi-level encoded files and set the action to block.
Mark for follow up
Question 11 of 50.