palo alto networks ace practice test

Users may be authenticated sequentially to multiple authentication servers by configuring:

• A. An Authentication Profile.
• B. An Authentication Sequence.
• C. A custom Administrator Profile.
• D. Multiple RADIUS servers sharing a VSA configuration.

Traffic going to a public IP address is being translated by a Palo Alto Networks firewall to an internal servers private IP
address. Which IP address should the Security Policy use as the "Destination IP" in order to allow traffic to the server?

• A. The firewall’s gateway IP
• B. The server’s public IP
• C. The server’s private IP
• D. The firewall’s MGT IP

An interface in Virtual Wire mode must be assigned an IP address.

• A. True
• B. False

Which of the following services are enabled on the MGT interface by default? (Select all correct answers.)

• A. HTTPS
• B. SSH
• C. Telnet
• D. HTTP

Using the API in PAN-OS 6.1, WildFire subscribers can upload up to how many samples per day?

• A. 500
• B. 50
• C. 1000
• D. 10

Without a WildFire subscription, which of the following files can be submitted by the Firewall to the hosted WildFire
virtualized sandbox?

• A. PE files only
• B. PDF files only
• C. MS Office doc/docx, xls/xlsx, and ppt/pptx files only
• D. PE and Java Applet (jar and class) only

Select the implicit rules that are applied to traffic that fails to match any administrator-defined Security Policies. (Choose all
rules that are correct.)

• A. Intra-zone traffic is allowed
• B. Inter-zone traffic is denied
• C. Intra-zone traffic is denied
• D. Inter-zone traffic is allowed

WildFire analyzes files to determine whether or not they are malicious. When doing so, WildFire will classify the file with an
official verdict. This verdict is known as the WildFire Analysis verdict. Choose the three correct classifications as a result of
this analysis and classification?

• A. Benign
• B. Adware
• C. Spyware
• D. Malware detection
• E. Safeware
• F. Grayware

Which of the following is a routing protocol supported in a Palo Alto Networks firewall?

• A. RIPv2
• B. ISIS
• C. IGRP
• D. EIGRP

In PANOS 6.0, rule numbers are:

• A. Numbers that specify the order in which security policies are evaluated.
• B. Numbers created to be unique identifiers in each firewall’s policy database.
• C. Numbers on a scale of 0 to 99 that specify priorities when two or more rules are in conflict.
• D. Numbers created to make it easier for users to discuss a complicated or difficult sequence of rules.

Which of the following must be enabled in order for UserID to function?

• A. Captive Portal Policies must be enabled.
• B. UserID must be enabled for the source zone of the traffic that is to be identified.
• C. Captive Portal must be enabled.
• D. Security Policies must have the UserID option enabled.

Can multiple administrator accounts be configured on a single firewall?

• A. Yes
• B. No

What are the benefits gained when the "Enable Passive DNS Monitoring" checkbox is chosen on the firewall? (Select all
correct answers.)

• A. Improved DNSbased C&C signatures.
• B. Improved PANDB malware detection.
• C. Improved BrightCloud malware detection.
• D. Improved malware detection in WildFire.

Both SSL decryption and SSH decryption are disabled by default.

• A. True
• B. False

What will the user experience when attempting to access a blocked hacking website through a translation service such as
Google Translate or Bing Translator?

• A. A “Blocked” page response when the URL filtering policy to block is enforced.
• B. A “Success” page response when the site is successfully translated.
• C. The browser will be redirected to the original website address.
• D. An "HTTP Error 503 Service unavailable" message.