[Nov-2021] Verified ACE dumps Q&As - ACE dumps with Correct Answers
The Best Aviatrix Certification Study Guide for the ACE Exam
What is the duration, language, and format of Aviatrix Certified Engineer (ACE) Exam
- Format: Multiple choice
- Duration of Exam: 60 minutes
- Validity: 3 years
- Language of Exam: English
- Passing percentage: 70%
NEW QUESTION 19
In an Anti-Virus profile, changing the action to "Block" for IMAP or POP decoders will result in the following:
- A. The traffic will be dropped by the firewall
- B. The connection from the server will be reset
- C. The Anti-virus profile will behave as if "Alert" had been specified for the action
- D. Error 541 being sent back to the server
Answer: C
NEW QUESTION 20
Using the API in PAN-OS 6.1, WildFire subscribers can upload up to how many samples per day?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: A
NEW QUESTION 21
A Config Lock may be removed by which of the following users? (Select all correct answers.)
- A. Any administrator
- B. The administrator who set it
- C. Device administrators
- D. Superusers
Answer: B,D
NEW QUESTION 22
When creating a Security Policy to allow Facebook in PAN-OS 5.0, how can you be sure that no other web-browsing traffic is permitted?
- A. Create a subsequent rule which blocks all other traffic
- B. Ensure that the Service column is defined as "application-default" for this security rule.
This will automatically include the implicit web-browsing application dependency. - C. No other configuration is required on the part of the administrator, since implicit application dependencies will be added automaticaly.
- D. When creating the rule, ensure that web-browsing is added to the same rule. Both applications will be processed by the Security policy, allowing only Facebook to be accessed. Any other applications can be permitted in subsequent rules.
Answer: C
NEW QUESTION 23
In Active/Active HA environments, redundancy for the HA3 interface can be achieved by
- A. Configuring a corresponding HA4 interface
- B. Configuring HA3 in a redundant group
- C. Configuring HA3 as an Aggregate Ethernet bundle
- D. Configuring multiple HA3 interfaces
Answer: C
NEW QUESTION 24
What is a challenge of using VNet peering for transit in Azure?
- A. Requires BGP to be configured
- B. Limited to a single region
- C. Doesn't scale well as its a 1:1 mapping
- D. Limited bandwidth available over peering connections
Answer: C
NEW QUESTION 25
Which of the Dynamic Updates listed below are issued on a daily basis?
- A. Applications and Threats
- B. Global Protect
- C. URL Filtering
- D. Antivirus
Answer: C,D
NEW QUESTION 26
What is the size limitation of files manually uploaded to WildFire
- A. Configuarable up to 20 megabytes
- B. Configuarable up to 10 megabytes
- C. Hard-coded at 2 megabytes
- D. Hard-coded at 10 megabytes
Answer: B
NEW QUESTION 27
Using AWS Terraform provider, a customer created an AWS Transit Gateway with 50 VPCs attached to it.
After attaching the VPCs and spinning up some EC2 instances in them, none of the instances can communicate with each other. What should be done to resolve the issue?
- A. There must be security group rules blocking traffic as BGP in VPC auto configures VPC routing tables
- B. Create routing tables in each VPC, add CIDR for all the other VPCs in the routing table pointing to AWS Transit Gateway
- C. Configure BGP communities in VPC such that all VPCs that need to communicate with eachother have same community defined
- D. There must be security group rules blocking traffic as AWS auto configures VPC routing tables
Answer: D
NEW QUESTION 28
Which of the following services are enabled on the MGT interface by default? (Select all correct answers.)
- A. SSH
- B. HTTPS
- C. HTTP
- D. Telnet
Answer: A,B
NEW QUESTION 29
When configuring a Decryption Policy, which of the following are available as matching criteria in a policy?
(Choose three.)
- A. Source User
- B. Source Zone
- C. Application
- D. Service
- E. URL-Category
Answer: A,B,E
NEW QUESTION 30
In a Destination NAT configuration, the Translated Address field may be populated with either an IP address or an
Address Object.
- A. True
- B. False
Answer: A
NEW QUESTION 31 
Considering the information in the screenshot above, what is the order of evaluation for this URL Filtering Profile?
- A. Allow List, Block List, Custom Categories, URL Categories (BrightCloud or PANDB).
- B. URL Categories (BrightCloud or PANDB),
- C. Custom Categories, Block List, Allow List.
- D. Block List, Allow List, Custom Categories, URL Categories (BrightCloud or PANDB).
- E. Block List, Allow List, URL Categories (BrightCloud or PANDB), Custom Categories.
Answer: C
NEW QUESTION 32
An enterprise PKI system is required to deploy SSL Forward Proxy decryption capabilities.
- A. True
- B. False
Answer: B
NEW QUESTION 33
An operator needs to create a new VPC, VCN or VNet using Aviatrix Controller.
Can the operator use Aviatrix VPC Tracker feature to validate potential CIDR/Prefix/Address space duplication across multiple clouds?
- A. True
- B. False
Answer: A
NEW QUESTION 34
The User*ID feature is enabled per __________?
- A. firewall
- B. firewall interface
- C. User*ID agent
- D. firewall security zone
Answer: D
NEW QUESTION 35
Wildfire may be used for identifying which of the following types of traffic?
- A. DNS
- B. URL content
- C. DHCP
- D. Viruses
Answer: D
NEW QUESTION 36 
Taking into account only the information in the screenshot above, answer the following question:
A span port or a switch is connected to e1/4, but there are no traffic logs.
Which of the following conditions most likely explains this behavior?
- A. The interface is not assigned an IP address.
- B. There is no zone assigned to the interface.
- C. The interface is not up.
- D. The interface is not assigned a virtual router.
Answer: B
NEW QUESTION 37
You'd like to schedule a firewall policy to only allow a certain application during a particular time of day. Where can
this policy option be configured?
- A. Policies > Security > Profile
- B. Policies > Security > Application
- C. Policies > Security > Service
- D. Policies > Security > Options
Answer: A
NEW QUESTION 38
Which best describes how Palo Alto Networks firewall rules are applied to a session?
- A. last match applied
- B. first match applied
- C. all matches applied
- D. most specific match applied
Answer: B
NEW QUESTION 39
How do you reduce the amount of information recorded in the URL Content Filtering Logs?
- A. Enable DSRI.
- B. Enable URL log caching.
- C. Enable "Log container page only".
- D. Disable URL packet captures.
Answer: C
NEW QUESTION 40
An interface in Virtual Wire mode must be assigned an IP address.
- A. True
- B. False
Answer: B
NEW QUESTION 41
Which type of license is required to perform Decryption Port Mirroring?
- A. A free PANPADecrypt license
- B. A subscriptionbased
- C. A Client Decryption license
- D. A subscriptionbased PANPADecrypt license
- E. SSL Port license
Answer: A
NEW QUESTION 42
Few key differences between Aviatrix based transit and other non-Aviatrix 3rd party transit (such as Cisco CSR) are: (Choose 2)
- A. With default settings, Cisco CSR based transit can do 1.25 Gbps encrypted throughput whereas Aviatrix can do up to 70 Gbps
- B. Aviatrix based transit can do 1.25 Gbps encrypted throughput whereas Cisco CSR can do up to 70 Gbps
- C. Aviatrix transit architecture lets you choose any instance size. Throughput will depend on the instance size characteristics
- D. Cisco CSR based transit lets you choose any instance size. Throughput will depend on the instance size characteristics
Answer: A,C
NEW QUESTION 43
When troubleshooting Phase 1 of an IPSec VPN tunnel, what location will have the most informative logs?
- A. Initiating side, Traffic Logs
- B. Responding side, System Logs
- C. Responding side, Traffic Logs
- D. Initiating side, System Logs
Answer: B
NEW QUESTION 44
......
ACE certification guide Q&A from Training Expert DumpsValid: https://www.dumpsvalid.com/ACE-still-valid-exam.html
ACE Certification Overview Latest ACE PDF Dumps: https://drive.google.com/open?id=1x43CoNP8egTNqYbsjCpUiZPYjce-qb56