Login / Register   My Cart (0)

Searching the best new exam braindumps which can guarantee you 100% pass rate, you don't need to run about busily by, our latest pass guide materials will be here waiting for you. With our new exam braindumps, you will pass exam surely.

All Products Contact now
  • Home
  • Articles
  • Download Free Aviatrix ACE Exam Questions & Answer [Q39-Q64]

Download Free Aviatrix ACE Exam Questions & Answer [Q39-Q64]

Share

Download Free Aviatrix ACE Exam Questions & Answer 

Online VALID ACE Exam Dumps File Instantly


How to study the Aviatrix Certified Engineer (ACE) Exam

Aviatrix provides learning materials and courses on its website to help candidates perpare for the exam. ACE Multi-cloud network training portal provides access to all the associate, professional and design architect level courses. Best practice material is the ACE practice exams that allow complete understanding of the exam format and question types. Follow the links below to access these learning portals and materials. Join the Aviatrix community via the link down below to interact with fellow learners and seniors to help get better understanding by solving queries of each other and by sharing exam resources.

ACE Training Portal Online Course Study Notes Practice Tests Aviatrix Community

 

NEW QUESTION 39
Which of the following are methods HA clusters use to identify network outages?

  • A. Path and Link Monitoring
  • B. VR and VSys Monitors
  • C. Link and Session Monitors
  • D. Heartbeat and Session Monitors

Answer: A

 

NEW QUESTION 40
When a Palo Alto Networks firewall is forwarding traffic through interfaces configured for L2 mode, security policies can be set to match on multicast IP addresses.

  • A. True
  • B. False

Answer: B

 

NEW QUESTION 41
How do you reduce the amount of information recorded in the URL Content Filtering Logs?

  • A. Enable "Log container page only".
  • B. Disable URL packet captures.
  • C. Enable URL log caching.
  • D. Enable DSRI.

Answer: A

 

NEW QUESTION 42
Azure Firewall (native services):
SELECT THE CORRECT ANSWER

  • A. By default provides Malware protection, IDS (intrusion Detection) and IPS.....
  • B. Handles UDR updates and route propagation for all peered spoke VNETs
  • C. Perform Load Balancing and SNAT automatically
  • D. Is encrypting the traffic in transit

Answer: A

 

NEW QUESTION 43
In an Anti-Virus profile, changing the action to "Block" for IMAP or POP decoders will result in the following:

  • A. The traffic will be dropped by the firewall
  • B. The connection from the server will be reset
  • C. The Anti-virus profile will behave as if "Alert" had been specified for the action
  • D. Error 541 being sent back to the server

Answer: C

 

NEW QUESTION 44
Azure Firewall (native services):
SELECT THE CORRECT ANSWER

  • A. By default provides Malware protection, IDS (intrusion Detection) and IPS.....
  • B. Handles UDR updates and route propagation for all peered spoke VNETs
  • C. Perform Load Balancing and SNAT automatically
  • D. Is encrypting the traffic in transit

Answer: C

Explanation:
Azure Firewall includes the following features:* Built-in high availability
* Availability Zones
* Unrestricted cloud scalability
* Application FQDN filtering rules
* Network traffic filtering rules
* FQDN tags
* Service tags
* Threat intelligence
* Outbound SNAT support
* Inbound DNAT support
* Multiple public IP addresses
* Azure Monitor logging
* Forced tunneling
* Certifications

 

NEW QUESTION 45
You'd like to schedule a firewall policy to only allow a certain application during a particular time of day. Where can
this policy option be configured?

  • A. Policies > Security > Application
  • B. Policies > Security > Profile
  • C. Policies > Security > Options
  • D. Policies > Security > Service

Answer: B

 

NEW QUESTION 46
Which of the following must be configured when deploying User-ID to obtain information from an 802.1x
authenticator?

  • A. An Agentless deployment of User-ID, employing only the Palo Alto Networks Firewall
  • B. XML API for User-ID Agent
  • C. A User-ID agent, with the "Use for NTLM Authentication" option enabled.
  • D. Terminal Server Agent

Answer: B

 

NEW QUESTION 47
As the Palo Alto Networks administrator, you have enabled Application Block pages.
Afterward, some users do not receive web-based feedback for all denied applications. Why would this be?

  • A. Application Block Pages will only be displayed when Captive Portal is configured
  • B. Application Block Pages will only be displayed when users attempt to access a denied web-based application.
  • C. Some Application ID's are set with a Session Timeout value that is too low.
  • D. Some users are accessing the Palo Alto Networks firewall through a virtual system that does not have Application Block pages enabled.

Answer: B

 

NEW QUESTION 48
Select the implicit rules that are applied to traffic that fails to match any administrator defined Security Policies.

  • A. Intrazone traffic is allowed
  • B. Interzone traffic is allowed
  • C. Interzone traffic is denied
  • D. Intrazone traffic is denied

Answer: A,C

 

NEW QUESTION 49
Choose two statements that best describe Aviatrix UserVPN/OpenVPN service?

  • A. Can integrate with Active Directory
  • B. Can integrate with DUO for MFA
  • C. Requires AWS NAT Gateway
  • D. Is limited to one Gateway per VPC/VNET

Answer: A,B

 

NEW QUESTION 50
Which three MGT port configuration settings are required in order to access the WebUI?(Choose three.)

  • A. Default gateway
  • B. Hostname
  • C. IP address
  • D. Netmask

Answer: A,C,D

 

NEW QUESTION 51
ACE Inc. has been using a 10 Gbps ExpressRoute connection into Microsoft Azure. Security and compliance team has recently flagged this as a policy violation as company data is going unencrypted over untrusted transport. What are the encryption options available to ACE Inc. for connecting to Azure? (Choose 2)

  • A. Manually build IPSec tunnel from on-prem router to cloud over ExpressRoute to achieve a reduced thruput of 1.2 Gbps
  • B. Data over ExpressRoute is encrypted by default
  • C. Use Aviatrix High Performance Encryption over ExpressRoute to encrypt at 10 Gbps line rate
  • D. You can open a support ticket with Microsoft Azure to encrypt at 10 Gbps

Answer: A,C

Explanation:
If your enterprise security policy requires encryption for data in motion, Aviatrix InsaneMode encryption provides the best and most efficient single instance encryption performance.
IPsec (Internet Protocol Security) is a suite of protocols that secure network communication across IP networks. It provides security services for IP network traffic such as encrypting sensitive data, authentication, protection against replay and data confidentiality.

 

NEW QUESTION 52
Which local interface cannot be assigned to the IKE gateway?

  • A. L3
  • B. Loopback
  • C. VLAN
  • D. Tunnel

Answer: D

 

NEW QUESTION 53
When adding an application in a Policy-based Forwarding rule, only a subset of the entire App-ID database is represented. Why would this be?

  • A. A custom application must first be defined before it can be added to a Policy-based forwarding rule.
  • B. Policy-based forwarding rules require that a companion Security policy rule, allowing the needed Application traffic, must first be created.
  • C. The license for the Application ID database is no longer valid.
  • D. Policy-based forwarding can only indentify certain applications at this stage of the packet flow, as the majority of applications are only identified once the session is created.

Answer: D

 

NEW QUESTION 54
A Customer has 100 VPCs in GCP that they want to be able to route between. What are some of the solutions customers can use. Each option represents a complete solution. (Choose 2)

  • A. Use Google Routers
  • B. Google already provides global routing for inter-VPC traffic
  • C. Use Aviatrix Transit solution to connect the VPCs with a Transit VPC running Aviatrix Gateways
  • D. Build full mesh connectivity using VPC Peering
  • E. Manually configure routing tables in each VPC

Answer: B,C

 

NEW QUESTION 55
Choose two examples where you would leverage the Aviatrix Controller's S2C (Site-2-Cloud) workflow? (Choose 2)

  • A. Connect a partner directly to a VPC/VNET hosting your application
  • B. Connect several telecommuting employees to cloud resources based on their geographic location
  • C. Connect two branch offices directly to each other
  • D. Connect your branch office to the cloud resources

Answer: A,D

Explanation:
What are the use cases for Site2Cloud?
Popular use cases of S2C:
* SaaS provider to its customer site If you need to move data continuously and securely from customer or partner sites to your SaaS service hosted in AWS, Azure or Google, building an encrypted tunnel between the customer site to you is required.
* Branch offices to cloud If you have many branch offices that need to access applications hosted in AWS or Azure, using Site2Cloud is the most economical way to build a secure tunnel. Why pay extra to SD-WAN vendors to go through their "cloud" when you can use your existing Internet connection?

 

NEW QUESTION 56
What Security Profile type must be configured to send files to the WildFire cloud, and with what choices for the action setting?

  • A. A Data Filtering profile with possible actions of "Forward" or "Continue and Forward".
  • B. A Vulnerability Protection profile with the possible action of "Forward".
  • C. A File Blocking profile with possible actions of "Forward" or "Continue and Forward".
  • D. A URL Filtering profile with the possible action of "Forward".

Answer: C

 

NEW QUESTION 57
A user complains that they are no longer able to access a needed work application after you have implemented vulnerability and anti-spyware profiles. The user's application uses a unique port. What is the most efficient way to allow the user access to this application?

  • A. Create a custom Security rule for this user to access the required application. Do not apply vulnerability and anti-spyware profiles to this rule.
  • B. Utilize an Application Override Rule, referencing the custom port utilized by this application. Application Override rules bypass all Layer 7 inspection, thereby allowing access to this application.
  • C. In the vulnerability and anti-spyware profiles, create an application exemption for the user's application.
  • D. In the Threat log, locate the event which is blocking access to the user's application and create a IP- based exemption for this user.

Answer: D

 

NEW QUESTION 58
Which Aviatrix Controller feature automates the configuration of AWS Transit Gateway, VPC Route Tables, Direct Connect learned routes and Security Domain?

  • A. Aviatrix Site to Cloud (S2C)
  • B. Aviatrix AWS TGW Orchestrator
  • C. Aviatrix High Performance Encryption (HPE)
  • D. Aviatrix Firewall Networks (FireNet)

Answer: D

 

NEW QUESTION 59
As the Palo Alto Networks administrator responsible for User Identification, you are looking for the simplest method of mapping network users that do not sign into LDAP. Which information source would allow reliable User ID mapping for these users, requiring the least amount of configuration?

  • A. Active Directory Security Logs
  • B. Exchange CAS Security Logs
  • C. Captive Portal
  • D. WMI Query

Answer: C

 

NEW QUESTION 60
A "Continue" action can be configured on the following Security Profiles:

  • A. URL Filtering and Antivirus
  • B. URL Filtering
  • C. URL Filtering and File Blocking
  • D. URL Filtering, File Blocking, and Data Filtering

Answer: C

 

NEW QUESTION 61
Stateful Firewall rule:
SELECT THE CORRECT ANSWER

  • A. alone can easily satisfy the enterprise security needs
  • B. is another name of Azure Active Directory Firewall
  • C. requires explicit rule for the return traffic
  • D. allows the return traffic implicitly

Answer: C

 

NEW QUESTION 62
Which of the following would be a reason to use an XML API to communicate with a Palo Alto Networks firewall?

  • A. To allow the firewall to push UserID information to a Network Access Control (NAC) device.
  • B. To permit sys logging of User Identification events
  • C. So that information can be pulled from other network resources for User-ID

Answer: A

 

NEW QUESTION 63
What is one of the limitations of Microsoft Azure ExpressRoute that becomes more problematic in a Virtual WAN deployment with 'any-to-any' default connectivity behavior?

  • A. BGP is not allowed over ExpressRoute when used with Virtual WAN
  • B. Use of Azure Firewall is required
  • C. From Azure cloud, only 200 routes can be advertised to on-prem over a single ExpressRoute Gateway
  • D. You have to use Microsoft Edge Routers as transit between VNets

Answer: D

 

NEW QUESTION 64
......

ACE Exam Dumps For Certification Exam Preparation: https://pdftorrent.dumpexams.com/ACE-vce-torrent.html

Related Articles

more
Aviatrix ACE Certification Practice Exam

Searching the best new exam braindumps which can guarantee you 100% pass rate, you don't need to run about busily by, our latest pass guide materials will be here waiting for you. With our new exam braindumps, you will pass exam surely.

Latest Dumps Exams

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 Dumpexams NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy