Aviatrix ACE Dumps - 100% Cover Real Exam Questions (Updated 63 Questions) [Q11-Q36]

Aviatrix ACE Dumps - 100% Cover Real Exam Questions (Updated 63 Questions)

Real ACE dumps - Real Aviatrix dumps PDF

The benefit of obtaining the Aviatrix Certified Engineer (ACE) Exam Certification

• Aviatrix certified professionals are able to provide higher level of customer satisfaction
• When an company recruits or promotes an employee, human resources are responsible for the decision. Now, although applicants may have an IT history, they make their decisions in a way that records several different variables. One thing is that applicants have formal qualifications
• Aviatrix certifications improve job productivity
• Aviatrix certifications improve career prospects

 

NEW QUESTION 11
How do you reduce the amount of information recorded in the URL Content Filtering Logs?

• A. Disable URL packet captures.
• B. Enable DSRI.
• C. Enable "Log container page only".
• D. Enable URL log caching.

Answer: C

 

NEW QUESTION 12
When creating an application filter, which of the following is true?

• A. They are called dynamic because they will automatically include new applications from an application signature
  update if the new application's type is included in the filter
• B. Excessive bandwidth may be used as a filter match criteria
• C. They are called dynamic because they automatically adapt to new IP addresses
• D. They are used by malware

Answer: A

 

NEW QUESTION 13
What are the benefits gained when the "Enable Passive DNS Monitoring" checkbox is chosen on the firewall?

• A. Improved malware detection in WildFire.
• B. Improved PANDB malware detection.
• C. Improved DNS-based C&C signatures.
• D. Improved BrightCloud malware detection.

Answer: A,B,C

 

NEW QUESTION 14
"What is the result of an Administrator submitting a WildFire report's verdict back to Palo Alto Networks as "Incorrect"?

• A. The signature will be updated for False positive and False negative files in the next Application signature update.
• B. The signature will be updated for False positive and False negative files in the next AV signature update.
• C. You will receive an update within 15 minutes.
• D. You will receive an email to disable the signature manually.

Answer: B

 

NEW QUESTION 15
When adding an application in a Policy-based Forwarding rule, only a subset of the entire App-ID database is
represented. Why would this be?

• A. A custom application must first be defined before it can be added to a Policy-based forwarding rule.
• B. Policy-based forwarding rules require that a companion Security policy rule, allowing the needed Application
  traffic, must first be created.
• C. Policy-based forwarding can only indentify certain applications at this stage of the packet flow, as the majority of
  applications are only identified once the session is created.
• D. The license for the Application ID database is no longer valid.

Answer: C

 

NEW QUESTION 16
Which statement below is True?

• A. PANOS uses PANDB as the default URL Filtering database, but also supports BrightCloud.
• B. PANOS uses BrightCloud as its default URL Filtering database, but also supports PANDB.
• C. PANOS uses PANDB for URL Filtering, replacing BrightCloud.
• D. PANOS uses BrightCloud for URL Filtering, replacing PANDB.

Answer: A

 

NEW QUESTION 17
Which of the following must be enabled in order for UserID to function?

• A. Security Policies must have the UserID option enabled.
• B. Captive Portal Policies must be enabled.
• C. UserID must be enabled for the source zone of the traffic that is to be identified.
• D. Captive Portal must be enabled.

Answer: C

 

NEW QUESTION 18
With IKE Phase 1, each device is identified to the other by a Peer ID. In most cases, the Peer ID is just the public IP address of the device. In situations where the public IP address is not static, the Peer ID can be a text value.

• A. True
• B. False

Answer: A

 

NEW QUESTION 19
Which of the following options may be enabled to reduce system overhead when using Content ID?

• A. VRRP
• B. RSTP
• C. DSRI
• D. STP

Answer: C

 

NEW QUESTION 20
Which Aviatrix solution lets customers connect and manage their branch Cisco ISR routers to AWS or Azure without requiring any manual effort on branch routers or replacement of equipment?

• A. CloudWAN
• B. Direct Connect
• C. High Performance Encryption (Insane Mode)
• D. FlightPath

Answer: C

 

NEW QUESTION 21
What are two sources of information for determining whether the firewall has been successful in communicating with an external UserID Agent?

• A. System Logs and an indicator light on the chassis.
• B. System Logs and the indicator light under the UserID Agent settings in the firewall.
• C. System Logs and Authentication Logs.
• D. Traffic Logs and Authentication Logs.

Answer: B

 

NEW QUESTION 22
What happens at the point of Threat Prevention license expiration?

• A. Threat Prevention no longer updated; existing database still effective
• B. Threat Prevention no longer used; applicable traffic is blocked
• C. Threat Prevention is no longer used; applicable traffic is allowed
• D. Threat Prevention no longer used; traffic is allowed or blocked by configuration per Security Rule

Answer: A

 

NEW QUESTION 23
Which best describes how Palo Alto Networks firewall rules are applied to a session?

• A. first match applied
• B. most specific match applied
• C. last match applied
• D. all matches applied

Answer: A

 

NEW QUESTION 24
Which one of the options describes the sequence of the GlobalProtect agent connecting to a Gateway?

• A. The agent connects to the portal and randomly establishes connect to the first available Gateway
• B. The agent connects to the portal, obtains a list of the Gateways, and connects to the Gateway with the fastest PING
  response time
• C. The agent connects to the portal, obtains a list of the Gateways, and connects to the Gateway with the fastest SSL
  connect time
• D. The agent connects to the closest Gateway and sends the HIP report to the portal

Answer: B

 

NEW QUESTION 25
An interface in Virtual Wire mode must be assigned an IP address.

• A. True
• B. False

Answer: B

 

NEW QUESTION 26
In a Destination NAT configuration, the Translated Address field may be populated with either an IP address or an
Address Object.

• A. True
• B. False

Answer: A

 

NEW QUESTION 27
In a Palo Alto Networks firewall, every interface in use must be assigned to a zone in order to process traffic.

• A. True
• B. False

Answer: A

 

NEW QUESTION 28
What is a challenge of using VNet peering for transit in Azure?

• A. Limited bandwidth available over peering connections
• B. Doesn't scale well as its a 1:1 mapping
• C. Requires BGP to be configured
• D. Limited to a single region

Answer: A

 

NEW QUESTION 29
Subsequent to the installation of new licenses, the firewall must be rebooted

• A. True
• B. False

Answer: B

 

NEW QUESTION 30
When you have created a Security Policy Rule that allows Facebook, what must you do to block all other web
browsing traffic?

• A. Create an additional rule that blocks all other traffic.
• B. Nothing. You can depend on PANOS to block the webbrowsing traffic that is not needed for Facebook use.
• C. When creating the policy, ensure that webbrowsing is included in the same rule.
• D. Ensure that the Service column is defined as "applicationdefault" for this Security policy. Doing this will
  automatically include the implicit webbrowsing application dependency.

Answer: B

 

NEW QUESTION 31
What new functionality is provided in PAN-OS 5.0 by Palo Alto Networks URL Filtering Database (PAN-DB)?

• A. The "Log Container Page Only" option can be employed in a URL-Filtering policy to reduce the number of logging
  events.
• B. IP-Based Threat Exceptions can now be driven by custom URL categories
• C. Daily database downloads for updates are no longer required as devices stay in-sync with the cloud.
• D. URL-Filtering can now be employed as a match condition in Security policy

Answer: C

 

NEW QUESTION 32
When employing the BrightCloud URL filtering database in a Palo Alto Networks firewall, the order of evaluation within a profile is:

• A. Block list, Custom Categories, Cache files, Predefined categories, Dynamic URL filtering, Allow list.
• B. Block list, Allow list, Custom Categories, Cache files, Local URL DB file.
• C. Block list, Custom Categories, Predefined categories, Dynamic URL filtering, Allow list, Cache files.
• D. Dynamic URL filtering, Block list, Allow list, Cache files, Custom categories, Predefined categories.

Answer: C

 

NEW QUESTION 33
Wildfire may be used for identifying which of the following types of traffic?

• A. DHCP
• B. Viruses
• C. URL content
• D. DNS

Answer: B

 

NEW QUESTION 34
What will the user experience when browsing a Blocked hacking website such as www.2600.com via Google
Translator?

• A. User will get "HTTP Error 503 - Service unavailable" message
• B. It will be redirected to www.2600.com
• C. It will be translated successfully
• D. The URL filtering policy to Block is enforced

Answer: D

 

NEW QUESTION 35
What is a challenge of using VNet peering for transit in Azure?

• A. Doesn't scale well as its a 1:1 mapping
• B. Limited bandwidth available over peering connections
• C. Requires BGP to be configured
• D. Limited to a single region

Answer: A

 

NEW QUESTION 36
......

Realistic Actualtests4sure ACE Dumps PDF - 100% Passing Guarantee: https://www.actualtests4sure.com/ACE-test-questions.html

Free Aviatrix ACE Exam Questions & Answer: https://drive.google.com/open?id=18rBvuCqThiygJMc6lp_WjPRWgj3vjeuG