Examice

Exam PCNSE All QuestionsBrowse all questions from this exam

Question 20

A user's traffic traversing a Palo Alto Networks NGFW sometimes can reach http://www.company.com. At other times the session times out. The NGFW has been configured with a PBF rule that the user's traffic matches when it goes to http://www.company.com.

How can the firewall be configured automatically disable the PBF rule if the next hop goes down?

Create and add a Monitor Profile with an action of Wait Recover in the PBF rule in question.

Create and add a Monitor Profile with an action of Fail Over in the PBF rule in question.

Enable and configure a Link Monitoring Profile for the external interface of the firewall.

Configure path monitoring for the next hop gateway on the default route in the virtual router.

Correct Answer: B

To ensure the firewall automatically disables the PBF rule if the next hop goes down, you need to create and add a Monitor Profile with an action of Fail Over in the PBF rule. This configuration ensures that when the next-hop device becomes unavailable, the traffic will fail over to a backup path if one is available, or otherwise follow the routing table lookup, effectively bypassing the PBF rule that can no longer be applied.

Discussion

UFanatOption: B

B is a correct one: https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-web-interface-help/network/network-network-profiles/network-network-profiles-monitor A monitor profile is used to monitor IPSec tunnels and to monitor a next-hop device for policy-based forwarding (PBF) rules. In both cases, the monitor profile is used to specify an action to take when a resource (IPSec tunnel or next-hop device) becomes unavailable. wait-recover—Wait for the tunnel to recover; do not take additional action. Packets will continue to be sent according to the PBF rule. fail-over—Traffic will fail over to a backup path, if one is available. The firewall uses routing table lookup to determine routing for the duration of this session.

SMahaldarOption: B

B is right

kerberos

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/policy-based-forwarding/pbf/path-monitoring-for-pbf.html

rociohaOption: B

B looks correct

nickylakeOption: B

Monitor profile is used to specify an action to take when a resource (IPSec tunnel or next-hop device) becomes unavailable . Answer is B

Sammy3637Option: B

B is correct https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFiCAK

tester12Option: B

Seems like the anwser is B https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-web-interface-help/network/network-network-profiles-monitor#

MarshpillowzOption: B

Answer is B.

TAKUM1yOption: B

https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-web-interface-help/network/network-network-profiles/network-network-profiles-monitor

kerberosOption: B

BEHAVIOR OF A SESSION ON A MONITORING FAILURE IF THE RULE STAYS ENABLED WHEN THE MONITORED IP ADDRESS IS UNREACHABLE IF RULE IS DISABLED WHEN THE MONITORED IP ADDRESS IS UNREACHABLE For an established session wait-recover—Continue to use egress interface specified in the PBF rule wait-recover—Continue to use egress interface specified in the PBF rule fail-over—Use path determined by routing table (no PBF) fail-over—Use path determined by routing table (no PBF) For a new session wait-recover—Use path determined by routing table (no PBF) wait-recover—Check the remaining PBF rules. If no match, use the routing table fail-over—Use path determined by routing table (no PBF) fail-over—Check the remaining PBF rules. If no match, use the routing table

ping_rtoOption: B

B looks legit

UmaShankarOption: B

Answer is B

nk12Option: B

Correct Answer: B

Ahmad_ZahranOption: B

B is correct.

asmaamOption: B

correct answer is B

shiiitboiOption: B

B is correct.