Examice

Exam PCNSE All QuestionsBrowse all questions from this exam

Go to Exam

Question 526

An engineer is configuring a firewall with three interfaces:

• MGT connects to a switch with internet access.

• Ethernet1/1 connects to an edge router.

• Ethernet1/2 connects to a virtualization network.

The engineer needs to configure dynamic updates to use a dataplane interface for internet traffic.

What should be configured in Setup > Services > Service Route Configuration to allow this traffic?

Set DNS and Palo Alto Networks Services to use the MGT source interface.

Set DNS and Palo Alto Networks Services to use the ethernet1/1 source interface.

Set DNS and Palo Alto Networks Services to use the ethernet1/2 source interface.

Set DDNS and Palo Alto Networks Services to use the MGT source interface.

Correct Answer: B

To configure dynamic updates to use a dataplane interface for internet traffic, it is best to set DNS and Palo Alto Networks Services to use the ethernet1/1 source interface. This is because Ethernet1/1 connects to an edge router, which is typically at the network boundary, making it suitable for handling internet-bound traffic. The MGT interface, although connected to a switch with internet access, is not a dataplane interface as required by the question. Ethernet1/2, connecting to a virtualization network, is less relevant for direct internet access requirements.

Discussion

brian7857ffs45

This question was on the exam.. Nov 2023

evilCorpBot7494Option: B

B) is correct In A) the MGT interface is not a dataplane interface as the question requests In C) the E1/2 interface has no direct internet access as it goes to a virtualization network.

MarshpillowzOption: B

B is correct

omgt2k2Option: B

dataplane interface. the MGMT interface is on the Controlplane.

Andromeda1800Option: B

Correct B

PochexOption: B

B seems to be a better option since an edge router is located at a network boundary and enables an internal network to connect to the Internet.

nebulanerdOption: B

B for sure!

McMarius11Option: B

B is the way!

MHy2kOption: B

B Base on this: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGJCA0

Knowledge33Option: B

Like many other PCNSE questions, this question is really weird. We don't know if the edge router has access to Internet, or if It's the virtual network which is having access to Internet. Anyway, B Looks better.

abanaabaOption: B

the correct one is B. A the firewall still using MGT

cerifyme85Option: C

U cannot use an outside interface for service routes. It has to be an internal interface. Then adjust routing to suit

nebulanerd

I'm really sorry, but based on my experience in labs and in the field, there are so many ways to implement and improve it on this case: B. Set DNS and Palo Alto Networks Services to use the ethernet1/1 source interface.

8f3e6ca

You can assign a service route to any dataplane interface.

scanossa

Why not? I've done it

ChiaPet75Option: A

The answer is "A". The question states the MGT interface is already connected to a switch with Internet access. Only need to configure DNS to point to 8.8.8.8 for resolution.

ChiaPet75

My bad I mis-read the question. The answer is "B". :-p

mercysayno765Option: B

I'll go with B https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGJCA0