[Dec-2021] ACE Dumps PDF - ACE Real Exam Questions Answers [Q36-Q61]

Share

[Dec-2021] ACE Dumps PDF - ACE Real Exam Questions Answers

ACE Dumps 100% Pass Guarantee With Latest Demo


Introduction to Aviatrix Certified Engineer (ACE) Exam

The first multi-cloud networking and security credential open to technical professionals and cloud professionals is the Aviatrix Certified Engineer (ACE) program. The ACE certification is intended for individuals who already understand basic networking principles and train engineers and operational personnel in AWS, Azure, Google Cloud, and Oracle Cloud Infrastructure with working knowledge of native networking constructs and skills to develop use cases and multi-cloud architectures using Aviatrix software.

The ACE curriculum offers ongoing education that enables developers, engineers, and technical staff to develop advanced competency in native cloud capabilities and provides a structure for applying this expertise to network architecture and design trends in order to meet customer requirements.

 

NEW QUESTION 36
Wildfire may be used for identifying which of the following types of traffic?

  • A. URL Content
  • B. DNS
  • C. Malware
  • D. DHCP

Answer: C

 

NEW QUESTION 37

Taking into account only the information in the screenshot above, answer the following question. In order for ping
traffic to traverse this device from e1/2 to e1/1, what else needs to be configured? Select all that apply.

  • A. Create the appropriate routes in the default virtual router
  • B. Security policy from trust zone to Internet zone that allows ping
  • C. Create a Management profile that allows ping. Assign that management profile to e1/1 and e1/2
  • D. Security policy from Internet zone to trust zone that allows ping

Answer: B,C

 

NEW QUESTION 38
If there is an HA configuration mismatch between firewalls during peer negotiation, whichstate will the passive firewallenter?

  • A. PASSIVE
  • B. INITIAL
  • C. ACTIVE
  • D. NON*FUNCTIONAL

Answer: D

 

NEW QUESTION 39

Considering the information in the screenshot above, what is the order of evaluation for this URL Filtering Profile?

  • A. Allow List, Block List, Custom Categories, URL Categories (BrightCloud or PANDB).
  • B. URL Categories (BrightCloud or PANDB),
  • C. Custom Categories, Block List, Allow List.
  • D. Block List, Allow List, Custom Categories, URL Categories (BrightCloud or PANDB).
  • E. Block List, Allow List, URL Categories (BrightCloud or PANDB), Custom Categories.

Answer: C

 

NEW QUESTION 40
AWS Guard Duty automatically enforces its findings through the ingress routing feature, blocking the traffic by default.
SELECT THE CORRECT ANSWER

  • A. True
  • B. False

Answer: B

 

NEW QUESTION 41
Which mode will allow a user to choose when they wish to connect to the Global Protect Network?

  • A. Optional mode
  • B. Single SignOn mode
  • C. On Demand mode
  • D. Always On mode

Answer: C

 

NEW QUESTION 42
ACE Inc. has been using a 10 Gbps ExpressRoute connection into Microsoft Azure. Security and compliance team has recently flagged this as a policy violation as company data is going unencrypted over untrusted transport. What are the encryption options available to ACE Inc. for connecting to Azure? (Choose 2)

  • A. Manually build IPSec tunnel from on-prem router to cloud over ExpressRoute to achieve a reduced thruput of 1.2 Gbps
  • B. Data over ExpressRoute is encrypted by default
  • C. Use Aviatrix High Performance Encryption over ExpressRoute to encrypt at 10 Gbps line rate
  • D. You can open a support ticket with Microsoft Azure to encrypt at 10 Gbps

Answer: A,C

 

NEW QUESTION 43
What are the benefits gained when the "Enable Passive DNS Monitoring" checkbox is chosen on the firewall? (Select all correct answers.)

  • A. Improved malware detection in WildFire.
  • B. Improved DNSbased C&C signatures.
  • C. Improved PANDB malware detection.
  • D. Improved BrightCloud malware detection.

Answer: A,B,C

 

NEW QUESTION 44
What is one of the limitations of Microsoft Azure ExpressRoute that becomes more problematic in a Virtual WAN deployment with 'any-to-any' default connectivity behavior?

  • A. BGP is not allowed over ExpressRoute when used with Virtual WAN
  • B. You have to use Microsoft Edge Routers as transit between VNets
  • C. Use of Azure Firewall is required
  • D. From Azure cloud, only 200 routes can be advertised to on-prem over a single ExpressRoute Gateway

Answer: D

 

NEW QUESTION 45
Which statement describes a function provided by an Interface Management Profile?

  • A. It determines which external services are accessible by the firewall.
  • B. It determines the NetFlow and LLDP interface management settings.
  • C. It determines which firewall services are accessible from external devices.
  • D. It determines which administrators can manage which interfaces.

Answer: D

 

NEW QUESTION 46
Which of the following is a routing protocol supported in a Palo Alto Networks firewall?

  • A. ISIS
  • B. EIGRP
  • C. RIPv2
  • D. IGRP

Answer: C

 

NEW QUESTION 47
The "Drive-By Download" protection feature, under File Blocking profiles in Content-ID, provides:

  • A. Password-protected access to specific file downloads for authorized users.
  • B. The ability to use Authentication Profiles, in order to protect against unwanted downloads.
  • C. Increased speed on downloads of file types that are explicitly enabled.
  • D. Protection against unwanted downloads by showing the user a response page indicating that a file is going to be downloaded.

Answer: D

 

NEW QUESTION 48
What new functionality is provided in PAN-OS 5.0 by Palo Alto Networks URL Filtering Database (PAN-DB)?

  • A. URL-Filtering can now be employed as a match condition in Security policy
  • B. Daily database downloads for updates are no longer required as devices stay in-sync with the cloud.
  • C. The "Log Container Page Only" option can be employed in a URL-Filtering policy to reduce the number of logging
    events.
  • D. IP-Based Threat Exceptions can now be driven by custom URL categories

Answer: B

 

NEW QUESTION 49
ACE Inc. had been using a standard marketplace router as an NVA (Network Virtual Appliance) in the hub Virtual Network (VNet) for spoke to spoke communication. The NVA has just been replaced by Azure Firewall.
Now the security operations team is reporting that traffic between Virtual Machines in the same VNet is working however any inter-VNet traffic is being dropped by the NSGs (Network Security Groups) at destination.
What could be a possible reason?

  • A. There is no route at the Azure Firewall
  • B. Azure Firewall is doing SNAT for inter-VNet traffic
  • C. Azure Firewall is blocking all the traffic
  • D. BGP routes in UDR need to be updated

Answer: B

 

NEW QUESTION 50
Which of the following is True of an application filter?

  • A. An application filter is used by malware to evade detection by firewalls and anti-virus software.
  • B. An application filter automatically adapts when an application moves from one IP address to another.
  • C. An application filter specifies the users allowed to access an application.
  • D. An application filter automatically includes a new application when one of the new application's characteristics are included in the filter.

Answer: D

 

NEW QUESTION 51
ACE Inc. has a VNet-A hosting Database services which is peered with several app VNets. There is a new requirement to add another CIDR to VNet-A. How can you prevent a database connectivity outage for all the peered VNets while performing this task?

  • A. It's not possible to perform this action without an outage as you need to delete all existing peering before new CIDR can be added
  • B. Use powershell to update the VNet-A CIDR
  • C. First modify peering routes for all the VNets to add the new CIDR and then add the new CIDR to VNET-A
  • D. You cannot add a CIDR to a VNet after It has been created

Answer: A

 

NEW QUESTION 52
Which of the following Global Protect features requires a separate license?

  • A. Use of dynamic selection between multiple Gateways
  • B. Manual Gateway Selection
  • C. Allowing users to connect
  • D. Use of a Portal to allow users to connect

Answer: A

 

NEW QUESTION 53
When configuring a Decryption Policy, which of the following are available as matching criteria in a policy? (Choose 3)

  • A. Source User
  • B. Source Zone
  • C. Application
  • D. Service
  • E. URL-Category

Answer: A,B,E

 

NEW QUESTION 54
Which routing protocol is supported on the Palo Alto Networks platform?

  • A. ISIS
  • B. RIPv1
  • C. BGP
  • D. RSTP

Answer: C

 

NEW QUESTION 55
In PANOS 6.0 and later, which of these items may be used as match criterion in a PolicyBased
Forwarding Rule? (Choose 3.)

  • A. Application
  • B. Source User
  • C. Source Zone
  • D. Destination Zone

Answer: A,B,C

 

NEW QUESTION 56
When a Palo Alto Networks firewall is forwarding traffic through interfaces configured for L2 mode, security policies can be set to match on multicast IP addresses.

  • A. True
  • B. False

Answer: B

 

NEW QUESTION 57
Taking into account only the information in the screenshot above, answer the following question. Which applications will be allowed on their standard ports? (Select all correct answers.)

  • A. SSH
  • B. BitTorrent
  • C. Gnutella
  • D. Skype

Answer: A,B

 

NEW QUESTION 58
When using Config Audit, the color yellow indicates which of the following?

  • A. A setting has been deleted from a config file.
  • B. A setting has been changed between the two config files
  • C. A setting has been added to a config file
  • D. An invalid value has been used in a config file.

Answer: B

 

NEW QUESTION 59
Aviatrix Gateways support NAT capability in which public cloud?

  • A. Google Cloud
  • B. AWS
  • C. All the the Public Cloud listed here in the options
  • D. Microsoft Azure

Answer: C

 

NEW QUESTION 60
Which type of license is required to perform Decryption Port Mirroring?

  • A. A free PANPADecrypt license
  • B. A subscriptionbased
  • C. A Client Decryption license
  • D. A subscriptionbased PANPADecrypt license
  • E. SSL Port license

Answer: A

 

NEW QUESTION 61
......

Dumps Real Aviatrix ACE Exam Questions [Updated 2021]: https://www.topexamcollection.com/ACE-vce-collection.html

Prepare ACE Question Answers Free Update With 100% Exam Passing Guarantee [2021]: https://drive.google.com/open?id=1jje8RRqFM_d7VL__z47qCmqDYspMkYHM