ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 262 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 262
Topic #: 1
[All PCNSE Questions]

Which type of interface does a firewall use to forward decrypted traffic to a security chain for inspection?

  • A. Layer 3
  • B. Layer 2
  • C. Tap
  • D. Decryption Mirror
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Marcyy at Dec. 13, 2021, 12:41 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Sammy3637
11 months ago
Selected Answer: A
It asks which 'interface' , Decryption mirror is not an interface
upvoted 1 times
...
BT22
1 year, 4 months ago
Ans is D
upvoted 3 times
...
mz101
1 year, 11 months ago
Should be A. Decryption Mirror should mainly for DLP kind of devices, without coming "back" traffic.
upvoted 1 times
...
TAKUM1y
2 years ago
Selected Answer: A
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/decryption-broker/decryption-broker-concepts/decryption-broker-security-chain-layer-3#id182QM0B0S9D
upvoted 3 times
...
mysteryzjoker
2 years ago
it is a nasty question. I guess it receives on the decryption mirror and forwards out layer 3.
upvoted 3 times
...
UFanat
2 years, 4 months ago
Selected Answer: A
Decryption Broker: Forwarding Interfaces A firewall enabled as a decryption broker uses a pair of dedicated Layer 3 interfaces to forward decrypted traffic to a security chain for inspection. The decryption forwarding interfaces must be assigned to a brand new virtual router https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/decryption-broker/decryption-broker-concepts/decryption-broker-forwarding-interfaces
upvoted 3 times
...
poiuytr
2 years, 6 months ago
Answer: A - layer 3 "A firewall enabled as a decryption broker uses a pair of dedicated Layer 3 interfaces to forward decrypted traffic to a security chain for inspection. " https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/decryption-broker/decryption-broker-concepts/decryption-broker-forwarding-interfaces
upvoted 1 times
...
NLT
2 years, 8 months ago
Follow these guidelines to set up Layer 3 security chain devices to support decryption broker: Configure security chain devices with Layer 3 interfaces to connect to the security chain network. These Layer 3 interfaces must have an assigned IP address and subnet mask.
upvoted 1 times
...
DavidBackham2020
2 years, 9 months ago
This is a shitty question. Assuiming, the firewall is decrypting the traffic, I would go with D: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/decryption/decryption-concepts/decryption-mirroring.html Assuming the firewall is part of a Security Chain and the traffic is already decrypted (not decrypted on the firewall), I would go with A: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-networking-admin/network-packet-broker/configure-routed-layer-3-security-chains
upvoted 2 times
...
drrealest
2 years, 10 months ago
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-networking-admin/network-packet-broker/configure-routed-layer-3-security-chains
upvoted 1 times
...
Marcyy
2 years, 10 months ago
Initially thought it was D but A is correct. Configure security chain devices with Layer 3 interfaces to connect to the security chain network. These Layer 3 interfaces must have an assigned IP address and subnet mask. https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/decryption-broker/security-chain-layer-3-guidelines.html
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago