Exam ACE Realistic Dumps Verified Questions Free [Apr 08, 2023]
Valid ACE Dumps for Helping Passing Aviatrix Exam!
NEW QUESTION 44
When configuring a Decryption Policy Rule, which of the following are available as matching criteria in the rule? (Choose 3 answers.)
- A. Service
- B. Source User
- C. URL Category
- D. Source Zone
- E. Application
Answer: B,C,D
NEW QUESTION 45
What is a challenge of using ExpressRoute Edge Routers as transit to interconnect VNets in Azure?
- A. Limited Control of routing propagation
- B. Not recommended by Microsoft Product Group / not officially documented
- C. BW limited by ExpressRoute Gateway SKU
- D. All of the above
Answer: D
NEW QUESTION 46
Choose two statements that best describe Aviatrix UserVPN/OpenVPN service?
- A. Is limited to one Gateway per VPC/VNET
- B. Requires AWS NAT Gateway
- C. Can integrate with DUO for MFA
- D. Can integrate with Active Directory
Answer: B,C
Explanation:
NAT capability supported on the gateway - An Aviatrix OpenVPN gateway performs a NAT function for the user's VPN traffic, effectively masking out the VPN client's virtual IP address assigned by gateway from the VPN CIDR Block. but here specifically AWS NAT Gateway is asked.
An Aviatrix OpenVPN is DUO multi-factor authentication supported.
LDAP/AD Integration Authenticates VPN user from Aviatrix gateways in addition to VPN certificate authentication.
NEW QUESTION 47
One difference between Microsoft ExpressRoute circuits as compared to other cloud provide.... options, is that ExpressRoute is always provisioned as a redundant pair with two physical Microsoft Enterprise Edge Routers (MSEE)?
SELECT THE CORRECT ANSWER
- A. False
- B. True
Answer: B
NEW QUESTION 48
When a Palo Alto Networks firewall is forwarding traffic through interfaces configured for L2 mode, security policies
can be set to match on multicast IP addresses.
- A. True
- B. False
Answer: B
NEW QUESTION 49
What is the name of the debug save file for IPSec VPN tunnels?
- A. set vpn all up
- B. Ikemgr.pcap
- C. request vpn IPsec-sa test
- D. test vpn ike-sa
Answer: B
NEW QUESTION 50
What is the name of the debug save file for IPSec VPN tunnels?
- A. set vpn all up
- B. Ikemgr.pcap
- C. request vpn IPsec-sa test
- D. test vpn ike-sa
Answer: B
NEW QUESTION 51
Which of the following facts about dynamic updates is correct?
- A. Antivirus updates are released daily. Application and Threat updates are released weekly.
- B. Threat and URL Filtering updates are released daily. Application and Antivirus updates are released weekly.
- C. Application and Antivirus updates are released weekly. Threat and "Threat and URL Filtering" updates are released weekly.
- D. Application and Threat updates are released daily. Antivirus and URL Filtering updates are released weekly.
Answer: A
NEW QUESTION 52
Security policies specify a source interface and a destination interface.
- A. True
- B. False
Answer: B
NEW QUESTION 53
What are two benefits of attaching a Decryption Profile to a Decryption policy no*decrypt rule?(Choose two.)
- A. acceptable protocol checking
- B. URL category match checking
- C. untrusted certificate checking
- D. expired certificate checking
Answer: C,D
NEW QUESTION 54
Besides selecting the Heartbeat Backup option when creating an ActivePassive
HA Pair, which of the following also prevents "SplitBrain"?
- A. Under "Packet Forwarding", selecting the VR Sync checkbox.
- B. Configuring a backup HA2 link that points to the MGT interface of the other device in the pair.
- C. Creating a custom interface under Service Route Configuration, and assigning this interface as the backup HA2 link.
- D. Configuring an independent backup HA1 link.
Answer: B
NEW QUESTION 55
A "Continue" action can be configured on the following Security Profiles:
- A. URL Filteringn
- B. URL Filtering, File Blocking, and Data Filtering
- C. URL Filtering and Antivirus
- D. URL Filtering and File Blocking
Answer: D
NEW QUESTION 56
Users may be authenticated sequentially to multiple authentication servers by configuring:
- A. Multiple RADIUS servers sharing a VSA configuration.
- B. An Authentication Sequence.
- C. An Authentication Profile.
- D. A custom Administrator Profile.
Answer: B
NEW QUESTION 57
When creating a Security Policy to allow Facebook in PAN-OS 5.0, how can you be sure that no other web-browsing traffic is permitted?
- A. When creating the rule, ensure that web-browsing is added to the same rule. Both applications will be processed by the Security policy, allowing only Facebook to be accessed. Any other applications can be permitted in subsequent rules.
- B. Create a subsequent rule which blocks all other traffic
- C. Ensure that the Service column is defined as "application-default" for this security rule.
This will automatically include the implicit web-browsing application dependency. - D. No other configuration is required on the part of the administrator, since implicit application dependencies will be added automaticaly.
Answer: D
NEW QUESTION 58
Which Azure component groups items together for better organization control of a specific workload?
- A. Resource Group
- B. Service
- C. AD Tenant
- D. Resource
Answer: A
NEW QUESTION 59
Which of the following is True of an application filter?
- A. An application filter automatically includes a new application when one of the new application's characteristics are included in the filter.
- B. An application filter specifies the users allowed to access an application.
- C. An application filter is used by malware to evade detection by firewalls and anti-virus software.
- D. An application filter automatically adapts when an application moves from one IP address to another.
Answer: A
NEW QUESTION 60
Aviatrix Controller allows customers to export Netflow data from all or select Aviatrix Gateways to any Netflow collector on a custom port.
- A. Flase
- B. True
Answer: A
NEW QUESTION 61
Choose two statements that best describe Aviatrix UserVPN/OpenVPN service?
- A. Is limited to one Gateway per VPC/VNET
- B. Can integrate with Active Directory
- C. Can integrate with DUO for MFA
- D. Requires AWS NAT Gateway
Answer: B,C
NEW QUESTION 62
In which of the following can UserID be used to provide a match condition?
- A. Threat Profiles
- B. Zone Protection Policies
- C. NAT Policies
- D. Security Policies
Answer: D
NEW QUESTION 63
InPAN-OS 8.0which of the available choices serves as an alert warning by defining patterns of suspicious traffic and network anomalies that may indicate a host has been compromised?
- A. Command & Control Signatures
- B. Correlation Events
- C. Custom Signatures
- D. Correlation Objects
- E. App-ID Signatures
Answer: C
NEW QUESTION 64
Azure Firewall (native services):
SELECT THE CORRECT ANSWER
- A. Is encrypting the traffic in transit
- B. Perform Load Balancing and SNAT automatically
- C. Handles UDR updates and route propagation for all peered spoke VNETs
- D. By default provides Malware protection, IDS (intrusion Detection) and IPS.....
Answer: D
NEW QUESTION 65
Color-coded tags can be used on all of the items listed below EXCEPT:
- A. Service Groups
- B. Vulnerability Profiles
- C. Address Objects
- D. Zones
Answer: B
NEW QUESTION 66
Which of the Dynamic Updates listed below are issued on a daily basis?
- A. URL Filtering
- B. Antivirus
- C. Applications and Threats
- D. Global Protect
Answer: A,B
NEW QUESTION 67
WildFire Analysis Reports are available for the following Operating Systems (select all that apply)
- A. Windows 8
- B. Mac OS-X
- C. Windows 7
- D. Windows XP
Answer: A,C,D
NEW QUESTION 68
What is/are the protocol(s) supported by Aviatrix Site2Cloud (S2C) Gateway?
- A. UDP only
- B. GRE
- C. Both TCP and UDP
- D. TCP only
Answer: C
NEW QUESTION 69
......
ACE Exam Dumps For Certification Exam Preparation: https://actualtests.real4prep.com/ACE-exam.html