PaloAlto ACE认证考试题库及答案(3)

Enable SSL decryption, block SSH traffic

Enable SSL decryption, block SSH tunnel traffic

Enable SSH decryption, block SSH traffic

Mark for follow up

Question 25 of 72.

When setting up GlobalProtect, what is the job of the GlobalProtect Portal? Select the best answer

答案： C

To load balance GlobalProtect client connections to GlobalProtect Gateways

To maintain the list of GlobalProtect Gateways and list of categories for checking the client machine To apply Global Server Load Balancing to Global Protect clients to other GlobalProtect Portals or

Gateways.

To maintain the list of remote GlobalProtect Portals and list of categories for checking the client machine

Mark for follow up

Question 26 of 72.

The maximum number of interfaces that can be configured in a single Virtual Wire object is:

答案：B

1

2

4

8

16

Mark for follow up

Question 27 of 72.

The \

答案：D

can only be configured in Tap Mode

does not perform higher-level inspection of traffic from the side that originated the TCP SYN packet

does not perform higher-level inspection of traffic from the side that originated the TCP SYN packet

performs higher-level inspection of traffic from the side that originated the TCP SYN packet

None of the above

Mark for follow up

Question 28 of 72.

The \

答案： B

Increased speed on the downloads of the allowed file types.

Protection against unwanted downloads, by alerting the user with a response page indicating that a file is going to be downloaded.

an administrator the ability to leverage Authentication Profiles in order to protect against unwanted downloads.

Password-protected access to specific file downloads, for authorized users.

Mark for follow up

Question 29 of 72.

To allow the PAN device to resolve internal and external DNS host names for reporting and for security policy, an administrator can do the following:

答案：B

In the device settings set the Primary DNS server to an external server and the secondary to an internal server.

Create a DNS Proxy Object with a default DNS Server for external resolution and a DNS server for internal domain. Then, in the device settings, point to this proxy object for DNS resolution.

Create a DNS Proxy Object with a default DNS Server for external resolution and a DNS server for internal

domain. Then, in the device settings, select the proxy object as the Primary DNS and create a custom security rule which references that object.

In the device settings define internal hosts via a static list.

None of the above

Mark for follow up

Question 30 of 72.

What happens at the point of Threat Prevention license expiration?

答案：A

Threat Prevention no longer updated; existing database still effective

Threat Prevention no longer used; traffic is allowed or blocked by configuration per Security Rule

Threat Prevention no longer used; applicable traffic is blocked

Threat Prevention is no longer used; applicable traffic is allowed

Mark for follow up

Question 31 of 72.

Where can you enable the “Dynamic URL Filtering” option?

答案：D

In the zone configuration that includes the interface for the URL filtered traffic

In the Zone Protection Profile settings

Under Device / Licenses / URL Filtering

In the URL Filtering security profile object

None of the above

Mark for follow up

Question 32 of 72.

Which of the following types of protection are available in DoS policy?

答案：A

Session Limit, SYN Flood, UDP Flood

Session Limit, SYN Flood, Host Swapping, UDP Flood

Session Limit, SYN Flood, Port Scanning, Host Swapping

Session Limit, Port Scanning, Host Swapping, UDP Flood

Mark for follow up

Question 33 of 72.

A customer would like to identify any TCP port scans or UDP ports scans traversing their network links. Where can this type of security policy be configured?

答案：A

Network / Network Profiles / Zone Protection

Policies / Profile / Zone Protection

Objects / Zone Protection

Interfaces / Interface number / Zone Protection

Mark for follow up

Question 34 of 72.

To reduce the amount of URL logs generated you can configure:

答案：A

A URL Filtering Profile with \

A URL Filtering Profile with \

A URL Filtering Profile with the block list set to \

The following CLI command: \

Mark for follow up

Question 35 of 72.

When configuring Security rules based on FQDN objects, which of the following statements are true?

答案： A

The firewall resolves the FQDN first when the policy is committed, and is refreshed at TTL expiration. There is no limit on the number of IP addresses stored for each resolved FQDN.

In order to create FQDN-based objects, you need to manually define a list of associated IP. Up to 10 IP addresses can be configured for each FQDN entry.

The firewall resolves the FQDN first when the policy is committed, and is refreshed each time Security rules are evaluated.

The firewall resolves the FQDN first when the policy is committed, and is refreshed at TTL expiration. The resolution of this FQDN stores up to 10 different IP addresses.

Mark for follow up

百度搜索“77cn”或“免费范文网”即可找到本站免费阅读全部范文。收藏本站方便下次阅读，免费范文网，提供经典小说综合文库PaloAlto ACE认证考试题库及答案(3)在线全文阅读。