PCNSE Exam QuestionsBrowse all questions from this exam
Go to Exam

PCNSE Exam - Question 526

An engineer is configuring a firewall with three interfaces:

• MGT connects to a switch with internet access.

• Ethernet1/1 connects to an edge router.

• Ethernet1/2 connects to a virtualization network.

The engineer needs to configure dynamic updates to use a dataplane interface for internet traffic.

What should be configured in Setup > Services > Service Route Configuration to allow this traffic?

Show Answer
Correct Answer: B

To configure dynamic updates to use a dataplane interface for internet traffic, it is best to set DNS and Palo Alto Networks Services to use the ethernet1/1 source interface. This is because Ethernet1/1 connects to an edge router, which is typically at the network boundary, making it suitable for handling internet-bound traffic. The MGT interface, although connected to a switch with internet access, is not a dataplane interface as required by the question. Ethernet1/2, connecting to a virtualization network, is less relevant for direct internet access requirements.

Discussion

14 comments
Sign in to comment
brian7857ffs45
Nov 29, 2023

This question was on the exam.. Nov 2023

PochexOption: B
Jun 17, 2023

B seems to be a better option since an edge router is located at a network boundary and enables an internal network to connect to the Internet.

Andromeda1800Option: B
Dec 10, 2023

Correct B

omgt2k2Option: B
Jan 24, 2024

dataplane interface. the MGMT interface is on the Controlplane.

MarshpillowzOption: B
Feb 4, 2024

B is correct

evilCorpBot7494Option: B
Mar 28, 2024

B) is correct In A) the MGT interface is not a dataplane interface as the question requests In C) the E1/2 interface has no direct internet access as it goes to a virtualization network.

abanaabaOption: B
Jun 11, 2023

the correct one is B. A the firewall still using MGT

Knowledge33Option: B
Jun 17, 2023

Like many other PCNSE questions, this question is really weird. We don't know if the edge router has access to Internet, or if It's the virtual network which is having access to Internet. Anyway, B Looks better.

MHy2kOption: B
Sep 21, 2023

B Base on this: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGJCA0

McMarius11Option: B
Oct 15, 2023

B is the way!

nebulanerdOption: B
Jun 24, 2024

B for sure!

mercysayno765Option: B
Jun 11, 2023

I'll go with B https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGJCA0

ChiaPet75Option: A
Sep 1, 2023

The answer is "A". The question states the MGT interface is already connected to a switch with Internet access. Only need to configure DNS to point to 8.8.8.8 for resolution.

ChiaPet75
Sep 1, 2023

My bad I mis-read the question. The answer is "B". :-p

cerifyme85Option: C
May 19, 2024

U cannot use an outside interface for service routes. It has to be an internal interface. Then adjust routing to suit

nebulanerd
Jun 24, 2024

I'm really sorry, but based on my experience in labs and in the field, there are so many ways to implement and improve it on this case: B. Set DNS and Palo Alto Networks Services to use the ethernet1/1 source interface.

8f3e6ca
Jun 27, 2024

You can assign a service route to any dataplane interface.

scanossa
Jul 4, 2024

Why not? I've done it