Ensurepass

QUESTION 51

Taking into account only the information in the screenshot above, answer the following question. In order for ping traffic to traverse this device from e1/2 to e1/1, what else needs to be configured? Select all that apply.

 

clip_image002

 

A.

Security policy from trust zone to Internet zone that allows ping

B.

Create the appropriate routes in the default virtual router

C.

Security policy from Internet zone to trust zone that allows ping

D.

Create a Management profile that allows ping. Assign that management profile to e1/1 and e1/2

 

Correct Answer: AD

 

 

QUESTION 52

In order to route traffic between layer 3 interfaces on the PAN firewall you need:

 

A.

VLAN

B.

Vwire

C.

Security Profile

D.

Virtual Router

 

Correct Answer: A

 

 

QUESTION 53

As a Palo Alto Networks firewall administrator, you have made unwanted changes to the Candidate configuration. These changes may be undone by Device > Setup > Operations > Configuration Management>….and then what operation?

 

A.

Revert to Running Configuration

B.

Revert to last Saved Configuration

C.

Load Configuration Version

D.

Import Named Configuration Snapshot

 

Correct Answer: A

 

 

QUESTION 54

To allow the PAN device to resolve internal and external DNS host names for reporting and for security policies, an administrator can do th
e following:

 

A.

Create a DNS Proxy Object with a default DNS Server for external resolution and a DNS server for internal domain. Then, in the device settings, point to this proxy object for DNS resolution.

B.

In the device settings define internal hosts via a static list.

C.

In the device settings set the Primary DNS server to an external server and the secondary to an internal server.

D.

Create a DNS Proxy Object with a default DNS Server for external resolution and a DNS server for internal domain. Then, in the device settings, select the proxy object as the Primary DNS and create a custom security rule which references that object for

 

Correct Answer: A

 

 

QUESTION 55

When configuring a Decryption Policy, which of the following are available as matching criteria in a policy? (Choose 3)

 

A.

Source Zone

B.

Source User

C.

Service

D.

URL-Category

E.

Application

 

Correct Answer: ABD

 

 

QUESTION 56

In an Anti-Virus profile, changing the action to “Block” for IMAP or POP decoders will result in the following:

 

A.

The connection from the server will be reset

B.

The Anti-virus profile will behave as if “Alert” had been specified for the action

C.

The traffic will be dropped by the firewall

D.

Error 541 being sent back to the server

 

Correct Answer: B

 

 

QUESTION 57

Which of the following are methods HA clusters use to identify network outages?

 

A.

Path and Link Monitoring

B.

VR and VSys Monitors

C.

Heartbeat and Session Monitors

D.

Link and Session Monitors

 

Correct Answer: A

 

 

QUESTION 58

What is the correct policy to most effectively block Skype?

 

A.

Allow Skype, block Skype-probe

B.

Allow Skype-probe, block Skype

C.

Block Skype-probe, block Skype

D.

Block Skype

 

Correct Answer: A

 

 

QUESTION 59

If the Forward Proxy Ready shows “no” when running the command show system setting ssl-decrypt setting, what is most likely the cause?

 

A.

SSL forward proxy certificate is not generated

B.

Web interface certificate is not generated

C.

Forward proxy license is not enabled on the box n

D.

SSL decryption rule is not created

 

Correct Answer: D

 

 

QUESTION 60

Select the implicit rules enforced on traffic failing to match any user defined Security Policies:

 

A.

Intra-zone traffic is denied

B.

Inter-zone traffic is denied

C.

Intra-zone traffic is allowed

D.

Inter-zone traffic is allowed

 

Correct Answer: BC

 

Free VCE & PDF File for Palo Alto Networks ACE Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

 

Comments are closed.