Palo Alto Networks PCNSE Practice Test - Questions Answers, Page 33

An engineer is configuring a firewall with three interfaces:

* MGT connects to a switch with internet access.

* Ethernet1/1 connects to an edge router.

* Ethernet1/2 connects to a visualization network.

The engineer needs to configure dynamic updates to use a dataplane interface for internet traffic. What should be configured in Setup > Services > Service Route Configuration

to allow this traffic?

Which type of policy in Palo Alto Networks firewalls can use Device-ID as a match condition?

A company wants to add threat prevention to the network without redesigning the network routing.

What are two best practice deployment modes for the firewall? (Choose two.)

An administrator is using Panorama to manage multiple firewalls. After upgrading all devices to the latest PAN-OS software, the administrator enables log forwarding from the firewalls to Panorama.

However, pre-existing logs from the firewalls are not appearing in Panorama.

Which action should be taken to enable the firewalls to send their pre-existing logs to Panorama?

An engineer configures a specific service route in an environment with multiple virtual systems instead of using the inherited global service route configuration.

What type of service route can be used for this configuration?

A firewall engineer creates a NAT rule to translate IP address 1.1.1.10 to 192.168.1.10. The engineer also plans to enable DNS rewrite so that the firewall rewrites the IPv4 address in a DNS response based on the original destination IP address and translated destination IP address configured for the rule. The engineer wants the firewall to rewrite a DNS response of 1.1.1.10 to 192.168.1.10.

What should the engineer do to complete the configuration?

An organization wants to begin decrypting guest and BYOD traffic.

Which NGFW feature can be used to identify guests and BYOD users, instruct them how to download and install the CA certificate, and clearly notify them that their traffic will be decrypted?

After switching to a different WAN connection, users have reported that various websites will not load, and timeouts are occurring. The web servers work fine from other locations.

The firewall engineer discovers that some return traffic from these web servers is not reaching the users behind the firewall. The engineer later concludes that the maximum transmission unit (MTU) on an upstream router interface is set to 1400 bytes.

The engineer reviews the following CLI output for ethernet1/1.

Which setting should be modified on ethernet1/1 to remedy this problem?

An engineer is reviewing the following high availability (HA) settings to understand a recent HAfailover event.

Which timer determines the frequency between packets sent to verify that the HA functionality on the other HA firewall is operational?