[Feb-2023] Aviatrix ACE Official Cert Guide PDF [Q18-Q40]

[Feb-2023] Aviatrix ACE Official Cert Guide PDF

Exam ACE: Aviatrix Certified Engineer (ACE) program - Free4Torrent

NEW QUESTION 18
When setting up GlobalProtect, what is the job of the GlobalProtect Portal? Select the best answer

• A. None of the above
• B. To load balance GlobalProtect client connections to GlobalProtect Gateways
• C. To maintain the list of remote GlobalProtect Portals and list of categories for checking the client machine
• D. To maintain the list of GlobalProtect Gateways and list of categories for checking the client machine

Answer: D

 

NEW QUESTION 19
How do you limit the amount of information recorded in the URL Content Filtering Logs?

• A. Disable URL packet captures
• B. Enable Log container page only
• C. Enable DSRI
• D. Enable URL log caching

Answer: B

 

NEW QUESTION 20
After the installation of a new Application and Threat database, the firewall must be rebooted.

• A. False
• B. True

Answer: A

 

NEW QUESTION 21
WildFire analyzes files to determine whether or not they are malicious. When doing so, WildFire will classify the file with an official verdict. This verdict is known as the WildFire Analysis verdict. Choose the three correct classifications as a result of this analysis and classification?

• A. Malware detection
• B. Spyware
• C. Safeware
• D. Benign
• E. Adware
• F. Grayware

Answer: A,D,F

 

NEW QUESTION 22
Which of the following statements is NOT True regarding a Decryption Mirror interface?

• A. Supports SSL inbound
• B. Requires superuser privilege
• C. Supports SSL outbound
• D. Can be a member of any VSYS

Answer: D

 

NEW QUESTION 23
In PAN-OS 7.0 which of the available choices serves as an alert warning by defining patterns of suspicious traffic and network anomalies that may indicate a host has been compromised?

• A. Command & Control Signatures
• B. Correlation Objects
• C. Correlation Events
• D. Custom Signatures
• E. App-ID Signatures

Answer: D

 

NEW QUESTION 24
Configuring a pair of devices into an Active/Active HA pair provides support for:

• A. Lower fail-over times
• B. Asymmetric routing environments
• C. Higher session count
• D. Redundant Virtual Routers

Answer: D

 

NEW QUESTION 25
In an Anti-Virus profile, changing the action to "Block" for IMAP or POP decoders will result in the following:

• A. The traffic will be dropped by the firewall
• B. The connection from the server will be reset
• C. The Anti-virus profile will behave as if "Alert" had been specified for the action
• D. Error 541 being sent back to the server

Answer: C

 

NEW QUESTION 26
Which of the following platforms supports the Decryption Port Mirror function?

• A. PA2000
• B. PA3000
• C. VMSeries 100
• D. PA4000

Answer: B

 

NEW QUESTION 27
ACE Inc. had been using a standard marketplace router as an NVA (Network Virtual Appliance) in the hub Virtual Network (VNet) for spoke to spoke communication. The NVA has just been replaced by Azure Firewall.
Now the security operations team is reporting that traffic between Virtual Machines in the same VNet is working however any inter-VNet traffic is being dropped by the NSGs (Network Security Groups) at destination.
What could be a possible reason?

• A. BGP routes in UDR need to be updated
• B. Azure Firewall is doing SNAT for inter-VNet traffic
• C. There is no route at the Azure Firewall
• D. Azure Firewall is blocking all the traffic

Answer: B

Explanation:
Azure Firewall provides automatic SNAT for all outbound traffic to public IP addresses. By default, Azure Firewall doesn't SNAT with Network rules when the destination IP address is in a private IP address range per IANA RFC 1918. Application rules are always applied using a transparent proxy regardless of the destination IP address.
This logic works well when you route traffic directly to the Internet. However, if you've enabled forced tunneling, Internet-bound traffic is SNATed to one of the firewall private IP addresses in AzureFirewallSubnet, hiding the source from your on-premises firewall.
If your organization uses a public IP address range for private networks, Azure Firewall SNATs the traffic to one of the firewall private IP addresses in AzureFirewallSubnet. However, you can configure Azure Firewall to not SNAT your public IP address range.
To configure Azure Firewall to never SNAT regardless of the destination IP address, use 0.0.0.0/0 as your private IP address range. With this configuration, Azure Firewall can never route traffic directly to theInternet. To configure the firewall to always SNAT regardless of the destination address, use 255.255.255.255/32 as your private IP address range.

 

NEW QUESTION 28
A user complains that they are no longer able to access a needed work application after you have implemented vulnerability and anti-spyware profiles. The user's application uses a unique port. What is the most efficient way to allow the user access to this application?

• A. In the Threat log, locate the event which is blocking access to the user's application and create a IP- based exemption for this user.
• B. Utilize an Application Override Rule, referencing the custom port utilized by this application. Application Override rules bypass all Layer 7 inspection, thereby allowing access to this application.
• C. Create a custom Security rule for this user to access the required application. Do not apply vulnerability and anti-spyware profiles to this rule.
• D. In the vulnerability and anti-spyware profiles, create an application exemption for the user's application.

Answer: A

 

NEW QUESTION 29
You can peer AWS TGWS within a Region

• A. False
• B. True

Answer: A

Explanation:
You can peer two transit gateways and route traffic between them, which includes IPv4 and IPv6 traffic. To do this, create a peering attachment on your transit gateway, and specify a transit gateway in another AWS Region. The peer transit gateway can be in your account or a different AWS account.

 

NEW QUESTION 30
Which user mapping method is recommended for a highly mobile user base?

• A. GlobalProtect
• B. Session Monitoring
• C. Client Probing
• D. Server Monitoring

Answer: A

 

NEW QUESTION 31
Choose the correct behavior around software upgrade and security patching of Aviatrix Platform. (Choose 2)

• A. Aviatrix platform software upgrade requires long downtime
• B. Aviatrix platform offers hitless upgrades
• C. Security patching of the Aviatrix platform can be done without requiring version upgrade of entire platform
• D. Security patching of the Aviatrix platform always requires a version upgrade for entire deployment

Answer: B,C

Explanation:
Aviatrix software upgrade happens inline without taking down the controller.
In addition, gateway upgrades are hitless. That is, all gateway encrypted tunnels stay up during the upgrade process. There is no packet loss when upgrading the software.

 

NEW QUESTION 32
Traffic going to a public IP address is being translated by your PANW firewall to your web server's private IP. Which IP
should the Security Policy use as the "Destination IP" in order to allow traffic to the server.

• A. The server's public IP
• B. The server's private IP
• C. The firewall's gateway IP
• D. The firewall's MGT IP

Answer: A

 

NEW QUESTION 33
Will an exported configuration contain Management Interface settings?

• A. No
• B. Yes

Answer: B

 

NEW QUESTION 34
Which of the following can provide information to a Palo Alto Networks firewall for the purposes of UserID? (Select all
correct answers.)

• A. RIPv2
• B. Domain Controller
• C. Network Access Control (NAC) device
• D. SSL Certificates

Answer: B,C,D

 

NEW QUESTION 35
Which one of the options describes the sequence of the GlobalProtect agent connecting to a Gateway?

• A. The agent connects to the portal, obtains a list of the Gateways, and connects to the Gateway with the fastest SSL
  connect time
• B. The agent connects to the portal, obtains a list of the Gateways, and connects to the Gateway with the fastest PING
  response time
• C. The agent connects to the portal and randomly establishes connect to the first available Gateway
• D. The agent connects to the closest Gateway and sends the HIP report to the portal

Answer: B

 

NEW QUESTION 36
Stateful Firewall rule:
SELECT THE CORRECT ANSWER

• A. requires explicit rule for the return traffic
• B. allows the return traffic implicitly
• C. alone can easily satisfy the enterprise security needs
• D. is another name of Azure Active Directory Firewall

Answer: B

 

NEW QUESTION 37
What is the function of the GlobalProtect Portal?

• A. To loadbalance
• B. To maintain the list of Global Protect Gateways and specify HIP data that the agent should report.
• C. To provide redundancy for tunneled connections through the GlobalProtect Gateways.
• D. GlobalProtect client connections to GlobalProtect Gateways.
• E. To maintain the list of remote GlobalProtect Portals and the list of categories for checking the client machine.

Answer: E

 

NEW QUESTION 38
Select the implicit rules that are applied to traffic that fails to match any administratordefined Security Policies.
(Choose all rules that are correct.)

• A. Interzone traffic is denied
• B. Intrazone traffic is allowed
• C. Intrazone traffic is denied
• D. Interzone traffic is allowed

Answer: A,B

 

NEW QUESTION 39
Choose the best definition for Firewall Network (FireNet)?

• A. Aviatrix turn key solution to scalably deploy firewall instances in the cloud
• B. GCP functionality to deploy 3rd party firewalls in a VPC
• C. Azure functionality to deploy 3rd party firewalls in a VPC
• D. AWS functionality to deploy 3rd party firewalls in a VPC

Answer: A

 

NEW QUESTION 40
......

Free ACE Exam Dumps to Improve Exam Score: https://www.free4torrent.com/ACE-braindumps-torrent.html

2023 Realistic ACE Dumps Exam Tips Test Pdf Exam Materials: https://drive.google.com/open?id=17eS36npDUsdUhpkLHPgbS29IX1Mkp6h7