Ensurepass

QUESTION 61

When troubleshooting Phase 1 of an IPSec VPN tunnel, what location will have the most informative logs?

 

A.

Responding side, Traffic Logs

B.

Initiating side, Traffic Logs

C.

Responding side, System Logs

D.

Initiating side, System Logs

 

Correct Answer: C

 

 

QUESTION 62

Which local interface cannot be assigned to the IKE gateway?

 

A.

Tunnel

B.

L3

C.

VLAN

D.

Loopback

 

Correct Answer: A

 

 

QUESTION 63

Which of the following objects cannot use User-ID as a match criteria?

 

A.

Security Policies

B.

QoS

C.

Policy Based Forwarding

D.

DoS Protection

E.

None of the above

 

Correct Answer: E

 

 

QUESTION 64

In PAN-OS 5.0, which of the following features is supported with regards to IPv6?

 

A.

OSPF

B.

NAT64

C.

IPSec VPN tunnels

D.

None of the above

 

Correct Answer: B

 

 

QUESTION 65

Which fields can be altered in the default Vulnerability profile?

 

A.

Severity

B.

Category

C.

CVE

D.

None

 

Correct Answer: D

 

 

QUESTION 66

Users can be authenticated serially to multiple authentication servers by configuring:

 

A.

Multiple RADIUS Servers sharing a VSA configuration

B.

Authentication Sequence

C.

Authentication Profile

D.

A custom Administrator Profile

 

Correct Answer: B

 

 

QUESTION 67

Both SSL decryption and SSH decryption are disabled by default.

 

A.

True

B.

False

 

Correct Answer: A

 

 

QUESTION 68

Which one of the options describes the sequence of the GlobalProtect agent connecting to a Gateway?

 

A.

The agent connects to the portal, obtains a list of the Gateways, and connects to the Gateway with the fastest SSL connect time

B.

The agent connects to the portal and randomly establishes connect to the first available Gateway

C.

The agent connects to the portal, obtains a list of the Gateways, and connects to the Gateway with the fastest PING response time

D.

The agent connects to the closest Gateway and sends the HIP report to the portal

 

Correct Answer: C

 

 

QUESTION 69

As the Palo Alto Networks administrator responsible for User Identification, you are looking for the simplest method of mapping network users that do not sign into LDAP. Which information source would allow reliable User ID mapping for these users, requiring the least amount of configuration?

 

A.

WMI Query

B.

Exchange CAS Security Logs

C.

Captive Portal

D.

Active Directory Security Logs

 

Correct Answer: C

 

 

 

QUESTION 70

How do you limit the amount of information recorded in the URL Content Filtering Logs?

 

A.

Enable DSRI

B.

Disable URL packet captures

C.

Enable URL log caching

D.

Enable Log container page only

 

Correct Answer: D

 

Free VCE & PDF File for Palo Alto Networks ACE Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.