PaloAlto - ACE认证考试题库及答案2016-1月 下载本文

*

Always 10 megabytes.

Configurable megabytes.

up

to

10

Configurable up to 2 megabytes. Always 2 megabytes.

Mark for follow up

Question 10 of 50.

Attackers will employ a number of tactics to hide malware. One such tactic is to encode and/or compress the file so as to hide the malware. With PAN-OS 7.0 the firewall can decode up to four levels. But if an attacker has encoded the file beyond four levels, what can you as an administer do to protect your users? *

Create a Decryption Profile for multi-level encoded files and apply it to a Decryption Policy.

Create a File Blocking Profile for multi-level encoded files with the action set to block. Create a File Blocking Profile for multi-level encoded files and apply it to a Decryption Policy.

Create a Decryption Policy for multi-level encoded files and set the action to block.

Mark for follow up

Question 11 of 50.

What will be the user experience when the safe search option is NOT enabled for Google search but the firewall has \ *

The user will be redirected to a different search site that is specified by the firewall administrator.

A block page will be presented with instructions on how to set the strict Safe Search option for the Google search.

The Firewall will enforce Safe Search if the URL filtering license is still valid. A task bar pop-up message will be presented to enable Safe Search.

Mark for follow up

Question 12 of 50.

Which of the following is NOT a valid option for built-in CLI Admin roles? *

deviceadmin

read/write devicereader

superuser

Mark for follow up

Question 13 of 50.

Palo Alto Networks firewalls support the use of both Dynamic (built-in user roles) and Role-Based (customized user roles) for Administrator Accounts. True

Mark for follow up

Question 14 of 50.

Besides selecting the Heartbeat Backup option when creating an Active-Passive HA Pair, which of the following also prevents \ *

Creating a custom interface under Service Route Configuration, and assigning this interface as the backup HA2 link.

Configuring an independent backup HA1 link.

Under “Packet Forwarding”, selecting the VR Sync checkbox.

Configuring a backup HA2 link that points to the MGT interface of the other device in the pair.

Mark for follow up

Question 15 of 50.

What are the benefits gained when the \the firewall? (Select all correct answers.)

Improved malware detection in WildFire.

False

Improved PAN-DB malware detection. Improved BrightCloud malware detection. Improved DNS-based C&C signatures.

Mark for follow up

Question 16 of 50.

Which of the following is a routing protocol supported in a Palo Alto Networks firewall? *

EIGRP RIPv2 IGRP ISIS

Mark for follow up

Question 17 of 50.

What is the default DNS sinkhole address used by the Palo Alto Networks Firewall to cut off communication? *

Any layer 3 interface address specified by the firewall administrator.