Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu
Palo-Alto-Networks Discussions

Exam PCNSE topic 1 question 52 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 52
Topic #: 1
[All PCNSE Questions]

An administrator needs to upgrade a Palo Alto Networks NGFW to the most current version of PAN-OSֲ® software. The firewall has internet connectivity through an Ethernet interface, but no internet connectivity from the management interface. The Security policy has the default security rules and a rule that allows all web- browsing traffic from any to any zone.
What must the administrator configure so that the PAN-OSֲ® software can be upgraded?

  • A. Security policy rule
  • B. CRL
  • C. Service route
  • D. Scheduler
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
Reference:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clp3CAC
by Edu147 at July 24, 2019, 9:52 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Edu147
Highly Voted 3 years ago
Correct C https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clp3CAC
upvoted 16 times
...
Pretorian
Most Recent 1 week, 3 days ago
This one is another typical PANW malicious test question. We all know that a service route is needed. However, the question states web-browsing is being allowed by the policy. PANW updates are not delivered over web-browsing. Therefore, a new security policy must be added allowing app-ID "paloalto-updates", ssl, and web-browsing on application default service/port. Just something to consider. In summary, I'm not sure if "C" is the correct answer, or "A"
upvoted 2 times
...
rocioha
1 year, 4 months ago
C Correct
upvoted 4 times
...
shane
1 year, 5 months ago
Answer:C
upvoted 3 times
...
Yelam
1 year, 6 months ago
C is correct answer
upvoted 2 times
...
PacketFairy
1 year, 8 months ago
The management port is an isolated host interface. By default, everything uses this port (DNS, Auth, NTP, updates). If this port has no internet access, "service routes" can be used to perform these services on a router/firewall interface.
upvoted 1 times
...
lol1000
1 year, 9 months ago
c https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clp3CAC
upvoted 1 times
...
KAAK
2 years ago
C: Service Route https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clp3CAC
upvoted 3 times
...
Giox
2 years, 2 months ago
The correct answer is A. Surely the Service Route should be configured to use the Ethernet interface, but from the question we cannot say if it is already configured. Instead, we know about configured security policy rule, and using a data interface we need a policy to permit "paloalto-updates" application, that is missing
upvoted 4 times
Giox
2 years, 2 months ago
Sorry, traffic should be allowed by the intrazone default policy rule, so C is the correct one.
upvoted 2 times
...
...
Ripu
2 years, 2 months ago
Answer:C
upvoted 1 times
...
datasec919
2 years, 2 months ago
we can add security rule for management interface IP. so i think correct option is A
upvoted 1 times
...
Silent_Sanctuary
2 years, 2 months ago
Correct Answer is C Service Route > Palo Alto Networks Services > Internet/Untrust Zone
upvoted 1 times
...
Ahmad_Zahran
2 years, 4 months ago
Correct C
upvoted 1 times
...
asmaam
2 years, 4 months ago
Correct ans = C
upvoted 1 times
...
khalmrj
2 years, 6 months ago
Correct C
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel