Ensurepass

QUESTION 21

When allowing an Application in a Security policy on a PAN-OS 5.0 device, would a dependency Application need to also be enabled if the application does not employ HTTP, SSL, MSRPC, RPC, t.120, RTSP, RTMP, and NETBIOS-SS.

 

A.

Yes

B.

No

 

Correct Answer: A

 

 

QUESTION 22

When Destination Network Address Translation is being performed, the destination in the corresponding Security Policy Rule should use:

 

A.

The PostNAT destination zone and PostNAT IP address.

B.

The PreNAT destination zone and PreNAT IP address.

C.

The PreNAT destination zone and PostNAT IP address.

D.

The PostNAT destination zone and PreNAT IP address.

 

Correct Answer: D

 

 

QUESTION 23

What new functionality is provided in PAN-OS 5.0 by Palo Alto Networks URL Filtering Database (PAN-DB)?

 

A.

The “Log Container Page Only” option can be employed in a URL-Filtering policy to reduce the number of logging events.

B.

URL-Filtering can now be employed as a match condition in Security policy

C.

IP-Based Threat Exceptions can now be driven by custom URL categories

D.

Daily database downloads for updates are no longer required as devices stay in-sync with the cloud.

 

Correct Answer: D

 

 

QUESTION 24

Taking into account only the information in the screenshot above, answer the following question. Which applications will be allowed on their standard ports? (Select all correct answers.)

 

clip_image002

 

A.

BitTorrent

B.

Gnutella

C.

Skype

D.

SSH

 

Correct Answer: AD

 

 

QUESTION 25

In PAN-OS 6.0, rule numbers were introduced. Rule Numbers are:

 

A.

Dynamic numbers that refer to a security policy’s order and are especially useful when filtering security policies by tags

B.

Numbers referring to when the security policy was created and do not have a bearing on the order of policy enforcement

C.

Static numbers that must be manually re-numbered whenever a new security policy is added

D.

None of the above

 

Correct Answer: A

 

 

QUESTION 26

Which of the following must be enabled in order for UserID to function?

 

A.

Captive Portal Policies must be enabled.

B.

UserID must be enabled for the source zone of the traffic that is to be identified.

C.

Captive Portal must be enabled.

D.

Security Policies must have the UserID option enabled.

 

Correct Answer: B

 

 

QUESTION 27

Which of the following must be configured when deploying User-ID to obtain information from an 802.1x authenticator?

 

A.

Terminal Server Agent

B.

An Agentless deployment of User-ID, employing only the Palo Alto Networks Firewall

C.

A User-ID agent, with the “Use for NTLM Authentication” option enabled.

D.

XML API for User-ID Agent

 

Correct Answer: D

 

 

QUESTION 28

Wildfire may be used for identifying which of the following types of traffic?

 

A.

URL content

B.

DHCP

C.

DNS

D.

Viruses

 

Correct Answer: D

 

 

QUESTION 29

Which mode will allow a user to choose how they wish to connect to the GlobalProtect Network as they would like?

 

A.

Single Sign-On Mode

B.

On Demand Mode

C.

Always On Mode

D.

Optional Mode

 

Correct Answer: B

 

 

QUESTION 30

Which routing protocol is supported on the Palo Alto Networks platform?

 

A.

BGP

B.

RSTP

C.

ISIS

D.

RIPv1

 

Correct Answer: A

 

Free VCE & PDF File for Palo Alto Networks ACE Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.