Palo Alto Networks PCNSE Practice Test - Questions Answers, Page 27

Where can a service route be configured for a specific destination IP?

Which feature of Panorama allows an administrator to create a single network configuration that can be reused repeatedly for large-scale deployments even if values of configured objects, such as routes and interface addresses, change?

A firewall administrator wants to have visibility on one segment of the company network. The traffic on the segment is routed on the Backbone switch. The administrator is planning to apply Security rules on segment X after getting the visibility.

There is already a PAN-OS firewall used in L3 mode as an internet gateway, and there are enough system resources to get extra traffic on the firewall. The administrator needs to complete this operation with minimum service interruptions and without making any IP changes.

What is the best option for the administrator to take?

Refer to the exhibit.

An organization has Palo Alto Networks NGFWs that send logs to remote monitoring and security management platforms. The network team has reported excessive traffic on the corporate WAN.

How could the Palo Alto Networks NGFW administrator reduce WAN traffic while maintaining support for all the existing monitoring/security platforms?

An ISP manages a Palo Alto Networks firewall with multiple virtual systems for its tenants.

Where on this firewall can the ISP configure unique service routes for different tenants?

In the New App Viewer under Policy Optimizer, what does the compare option for a specific rule allow an administrator to compare?

Which two profiles should be configured when sharing tags from threat logs with a remote User-ID agent? (Choose two.)

A firewall engineer creates a destination static NAT rule to allow traffic from the internet to a webserver hosted behind the edge firewall. The pre-NAT IP address of the server is 153.6 12.10, and the post-NAT IP address is 192.168.10.10.

Refer to the routing and interfaces information below.

What should the NAT rule destination zone be set to?

The NAT rule destination zone should be set to Outside because that is the zone where the post-NAT IP address of the server (192.168.10.10) belongs. The destination zone of a NAT rule is the zone where the translated IP address resides.

Option A is incorrect because None is not a valid zone for a NAT rule. Option C is incorrect because DMZ is the zone where the pre-NAT IP address of the server (153.6 12.10) belongs, not the post-NAT IP address. Option D is incorrect because Inside is not a zone that is configured on the firewall.

An administrator is troubleshooting why video traffic is not being properly classified.

If this traffic does not match any QoS classes, what default class is assigned?