- Home
- Palo Alto Networks
- Palo Alto Networks Certified Network Security Engineer Exam
- PaloAltoNetworks.PCNSE.v2024-09-12.q79
- Question 17
Valid PCNSE Dumps shared by ExamDiscuss.com for Helping Passing PCNSE Exam! ExamDiscuss.com now offer the newest PCNSE exam dumps, the ExamDiscuss.com PCNSE exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com PCNSE dumps with Test Engine here:
Access PCNSE Dumps Premium Version
(375 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 17/79
A firewall administrator is configuring an IPSec tunnel between Site A and Site B. The Site A firewall uses a DHCP assigned address on the outside interface of the firewall, and the Site B firewall uses a static IP address assigned to the outside interface of the firewall. However, the use of dynamic peering is not working.
Refer to the two sets of configuration settings provided. Which two changes will allow the configurations to work? (Choose two.) Site A configuration:
Refer to the two sets of configuration settings provided. Which two changes will allow the configurations to work? (Choose two.) Site A configuration:
Correct Answer: C,D
The image shows an IKE Gateway configuration where Site B is set to IKEv1 only mode, and passive mode is not enabled. For dynamic peering to work when Site A is using a DHCP assigned address:
* Passive mode on Site A needs to be disabled. In passive mode, the firewall will not initiate the IKE negotiation and will only respond to negotiation requests from the peer. Since Site A has a dynamic IP, it must be able to initiate the connection to Site B, which has a static IP.
* Matching the IKE version between Site A and Site B is also necessary for successful IPSec tunnel establishment. Since Site B is set to IKEv1 only mode, Site A also needs to be configured to use IKEv1 to ensure that both sites are using the same version for the IKE negotiation process.
NAT Traversal is used when there are NAT devices between the two endpoints, but there's no indication that this is the case here. Additionally, local identification on Site A is not necessarily related to the issue with dynamic peering not working.
* Passive mode on Site A needs to be disabled. In passive mode, the firewall will not initiate the IKE negotiation and will only respond to negotiation requests from the peer. Since Site A has a dynamic IP, it must be able to initiate the connection to Site B, which has a static IP.
* Matching the IKE version between Site A and Site B is also necessary for successful IPSec tunnel establishment. Since Site B is set to IKEv1 only mode, Site A also needs to be configured to use IKEv1 to ensure that both sites are using the same version for the IKE negotiation process.
NAT Traversal is used when there are NAT devices between the two endpoints, but there's no indication that this is the case here. Additionally, local identification on Site A is not necessarily related to the issue with dynamic peering not working.
- Question List (79q)
- Question 1: An engineer is reviewing the following high availability (HA...
- Question 2: During the process of developing a decryption strategy and e...
- Question 3: Where is Palo Alto Networks Device Telemetry data stored on ...
- Question 4: A firewall engineer is configuring quality of service (OoS) ...
- Question 5: A security engineer needs firewall management access on a tr...
- Question 6: What is the best description of the Cluster Synchronization ...
- Question 7: Which operation will impact the performance of the managemen...
- Question 8: A network administrator is trying to prevent domain username...
- Question 9: A company has configured GlobalProtect to allow their users ...
- Question 10: An engineer needs to configure a standardized template for a...
- Question 11: An administrator troubleshoots an issue that causes packet d...
- Question 12: An engineer is designing a deployment of multi-vsys firewall...
- Question 13: What would allow a network security administrator to authent...
- Question 14: An engineer configures SSL decryption in order to have more ...
- Question 15: During the implementation of SSL Forward Proxy decryption, a...
- Question 16: (Exhibit) Review the images. A firewall policy that permits ...
- Question 17: A firewall administrator is configuring an IPSec tunnel betw...
- Question 18: Which statement about High Availability timer settings is tr...
- Question 19: A network security engineer needs to enable Zone Protection ...
- Question 20: An engineer is monitoring an active/active high availability...
- Question 21: Phase two of a VPN will not establish a connection. The peer...
- Question 22: An engineer manages a high availability network and requires...
- Question 23: Which source is the most reliable for collecting User-ID use...
- Question 24: When an engineer configures an active/active high availabili...
- Question 25: A company has recently migrated their branch office's PA-220...
- 1 commentQuestion 26: Which server platforms can be monitored when a company is de...
- Question 27: Refer to Exhibit: (Exhibit) An administrator can not see any...
- Question 28: Information Security is enforcing group-based policies by us...
- Question 29: If an administrator wants to apply QoS to traffic based on s...
- Question 30: Which log type would provide information about traffic block...
- Question 31: A firewall engineer creates a source NAT rule to allow the c...
- Question 32: An organization wants to begin decrypting guest and BYOD tra...
- Question 33: Refer to the exhibit. (Exhibit) Using the above screenshot o...
- Question 34: What happens when the log forwarding built-in action with ta...
- Question 35: (Exhibit) Based on the screenshots above, and with no config...
- Question 36: In a template, which two objects can be configured? (Choose ...
- Question 37: When you import the configuration of an HA pair into Panoram...
- Question 38: After switching to a different WAN connection, users have re...
- Question 39: Which three external authentication services can the firewal...
- Question 40: Which two profiles should be configured when sharing tags fr...
- Question 41: An administrator is attempting to create policies tor deploy...
- Question 42: A network security administrator has an environment with mul...
- Question 43: Which three multi-factor authentication methods can be used ...
- Question 44: A network security administrator wants to begin inspecting b...
- Question 45: What are three tasks that cannot be configured from Panorama...
- Question 46: An administrator Just enabled HA Heartbeat Backup on two dev...
- Question 47: A network administrator wants to deploy SSL Forward Proxy de...
- Question 48: An administrator needs to identify which NAT policy is being...
- Question 49: What happens, by default, when the GlobalProtect app fails t...
- Question 50: An administrator has purchased WildFire subscriptions for 90...
- Question 51: An engineer must configure a new SSL decryption deployment. ...
- Question 52: ln a security-first network, what is the recommended thresho...
- Question 53: A firewall engineer has determined that, in an application d...
- Question 54: Why are external zones required to be configured on a Palo A...
- Question 55: An administrator is troubleshooting why video traffic is not...
- Question 56: An engineer troubleshoots a high availability (HA) link that...
- Question 57: What can the Log Forwarding built-in action with tagging be ...
- Question 58: An organization conducts research on the benefits of leverag...
- Question 59: An administrator has a Palo Alto Networks NGFW. All security...
- Question 60: In the New App Viewer under Policy Optimizer, what does the ...
- Question 61: When a new firewall joins a high availability (HA) cluster, ...
- Question 62: A company configures its WildFire analysis profile to forwar...
- Question 63: After implementing a new NGFW, a firewall engineer sees a Vo...
- Question 64: PBF can address which two scenarios? (Choose two.)...
- Question 65: Which GloDalProtecI gateway setting is required to enable sp...
- Question 66: When you troubleshoot an SSL Decryption issue, which PAN-OS ...
- Question 67: A firewall engineer creates a NAT rule to translate IP addre...
- Question 68: A superuser is tasked with creating administrator accounts f...
- Question 69: What can be used as an Action when creating a Policy-Based F...
- Question 70: An engineer is designing a deployment of multi-vsys firewall...
- Question 71: Which two actions must an engineer take to configure SSL For...
- Question 72: An engineer decides to use Panorama to upgrade devices to PA...
- Question 73: Match the terms to their corresponding definitions (Exhibit)...
- Question 74: A company wants to implement threat prevention to take actio...
- Question 75: A security engineer wants to upgrade the company's deployed ...
- Question 76: An administrator needs to evaluate a recent policy change th...
- Question 77: An administrator is using Panorama to manage multiple firewa...
- Question 78: An engineer is configuring Packet Buffer Protection on ingre...
- Question 79: What type of address object would be useful for internal dev...
[×]
Download PDF File
Enter your email address to download PaloAltoNetworks.PCNSE.v2024-09-12.q79.pdf