Real ACE Dumps - Aviatrix Correct Answers updated on 2021 [Q37-Q55]

Use Real ACE Dumps - Aviatrix Correct Answers updated on 2021

Aviatrix Certification ACE Exam Practice Dumps

NEW QUESTION 37
Traffic going to a public IP address is being translated by your PANW firewall to your web server's private IP. Which IP should the Security Policy use as the "Destination IP" in order to allow traffic to the server.

• A. The server's private IP
• B. The server's public IP
• C. The firewall's MGT IP
• D. The firewall's gateway IP

Answer: B

 

NEW QUESTION 38
Which of the following is NOT a valid option for built-in CLI access roles?

• A. superusers
• B. deviceadmin
• C. read/write
• D. vsysadmin

Answer: C

 

NEW QUESTION 39
Both SSL decryption and SSH decryption are disabled by default.

• A. True
• B. False

Answer: A

 

NEW QUESTION 40
Where is the 'center of gravity' in the new computing model?

• A. On Prem
• B. Public Cloud
• C. Private Cloud
• D. Provider

Answer: B

 

NEW QUESTION 41
ACE Inc. has a Direct Connect for their on-premise location to connect to AWS. Security team has recently been notified of issues where employees and contractors working from the on-premise location are using non-corporate (personal or public) S3 buckets using ACE Inc.'s Direct Connect. This is overwhelming the Direct Connect and also showing the source of traffic to these S3 buckets as ACE Inc. which has potential compliance and security risks.
As a cloud architect, you are tasked with securing the Direct Connect for specific ACE Inc. corporate S3 buckets access only. Which Aviatrix feature can help ACE Inc. overcome this problem?

• A. Aviatrix CoPilot
• B. Aviatrix Multi-Account Onboarding
• C. Aviatrix FlightPath
• D. Aviatrix Private S3

Answer: D

 

NEW QUESTION 42
You'd like to schedule a firewall policy to only allow a certain application during a particular time of day.
Where can this policy option be configured?

• A. Policies > Security > Options
• B. Policies > Security > Service
• C. Policies > Security > Profile
• D. Policies > Security > Application

Answer: C

 

NEW QUESTION 43
Which statement describes the Export named configuration snapshot operation?

• A. A saved configuration is transferred to an external hosts storage device.
• B. The running configuration is transferred from memory to the firewall's storage device.
• C. The candidate configuration is transferred from memory to the firewall's storage device.
• D. A copy of the configuration is uploaded to the cloud as a backup.

Answer: A

 

NEW QUESTION 44

Taking into account only the information in the screenshot above, answer the following question.
An administrator is pinging 4.4.4.4 and fails to receive a response.
What is the most likely reason for the lack of response?

• A. There is a Security Policy that prevents ping.
• B. There is no Management Profile.
• C. There is no route back to the machine originating the ping.
• D. The interface is down.

Answer: B

 

NEW QUESTION 45

Taking into account only the information in the screenshot above, answer the following question. In order for ping traffic to traverse this device from e1/2 to e1/1, what else needs to be configured?

• A. Create the appropriate routes in the default virtual router
• B. Security policy from trust zone to Internet zone that allows ping
• C. Security policy from Internet zone to trust zone that allows ping
• D. Create a Management profile that allows ping. Assign that management profile to e1/1 and e1/2

Answer: B,D

 

NEW QUESTION 46
For non-Microsoft clients, what Captive Portal method is supported?

• A. User Agent
• B. Local Database
• C. NTLM Auth
• D. Web Form Captive Portal

Answer: D

 

NEW QUESTION 47
When Destination Network Address Translation is being performed, the destination in the corresponding Security Policy Rule should use:

• A. The PostNAT destination zone and PostNAT IP address.
• B. The PreNAT destination zone and PreNAT IP address.
• C. The PreNAT destination zone and PostNAT IP address.
• D. The PostNAT destination zone and PreNAT IP address.

Answer: D

 

NEW QUESTION 48
What will the user experience when attempting to access a blocked hacking website through a translation service such as Google Translate or Bing Translator?

• A. A "Blocked" page response when the URL filtering policy to block is enforced.
• B. A "Success" page response when the site is successfully translated.
• C. The browser will be redirected to the original website address.
• D. An "HTTP Error 503 Service unavailable" message.

Answer: A

 

NEW QUESTION 49
In PANOS 6.0, rule numbers are:

• A. Numbers that specify the order in which security policies are evaluated.
• B. Numbers created to be unique identifiers in each firewall's policy database.
• C. Numbers created to make it easier for users to discuss a complicated or difficult sequence of rules.
• D. Numbers on a scale of 0 to 99 that specify priorities when two or more rules are in conflict.

Answer: A

 

NEW QUESTION 50
Which local interface cannot be assigned to the IKE gateway?

• A. Loopback
• B. VLAN
• C. L3
• D. Tunnel

Answer: D

 

NEW QUESTION 51
When configuring UserID on a Palo Alto Networks firewall, what is the proper procedure to limit User mappings to a
particular DHCP scope?

• A. In the DHCP settings on the Palo Alto Networks firewall, point the DHCP Relay to the IP address of the UserID
  agent.
• B. Under the User Identification settings, under the User Mapping tab, select the "Restrict Users to Allocated IP"
  checkbox.
• C. In the zone in which User Identification is enabled, create a User Identification ACL Include List using the same IP
  ranges as those allocated in the DHCP scope.
• D. In the zone in which User Identification is enabled, select the "Restrict Allocated IP" checkbox.

Answer: C

 

NEW QUESTION 52
ACE Inc. has a VNet-A hosting Database services which is peered with several app VNets. There is a new requirement to add another CIDR to VNet-A. How can you prevent a database connectivity outage for all the peered VNets while performing this task?

• A. First modify peering routes for all the VNets to add the new CIDR and then add the new CIDR to VNET-A
• B. Use powershell to update the VNet-A CIDR
• C. You cannot add a CIDR to a VNet after It has been created
• D. It's not possible to perform this action without an outage as you need to delete all existing peering before new CIDR can be added

Answer: D

 

NEW QUESTION 53
What happens at the point of Threat Prevention license expiration?

• A. Threat Prevention is no longer used; applicable traffic is allowed
• B. Threat Prevention no longer used; traffic is allowed or blocked by configuration per Security Rule
• C. Threat Prevention no longer used; applicable traffic is blocked
• D. Threat Prevention no longer updated; existing database still effective

Answer: D

 

NEW QUESTION 54
Which of the following fields is not available in DoS policy?

• A. Application
• B. Source Zone
• C. Destination Zone
• D. Service

Answer: A

 

NEW QUESTION 55
......

Get ready to pass the ACE Exam right now using our Aviatrix Certification  Exam Package: https://www.dumpsfree.com/ACE-valid-exam.html