ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 376 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 376
Topic #: 1
[All PCNSE Questions]

An engineer is troubleshooting a traffic-routing issue.
What is the correct packet-flow sequence?

  • A. PBF > Static route > Security policy enforcement
  • B. BGP < PBF > NAT
  • C. PBF > Zone Protection Profiles > Packet Buffer Protection
  • D. NAT > Security policy enforcement > OSPF
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by nose999 at Sept. 8, 2022, 11:06 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nose999
Highly Voted 2 years, 9 months ago
Selected Answer: A
Seems like A based on this image https://www.kareemccie.com/2021/05/palo-alto-firewall-packet-flow.html
upvoted 6 times
...
CarlosDV06
Most Recent 4 months, 1 week ago
Selected Answer: A
You have a NAT lookup at the ingress stage, however, it's in the egress stage that you actually apply the nat action to the traffic. That's why you use the prenat ip in the sec policy.
upvoted 1 times
...
Bau24
10 months, 2 weeks ago
Selected Answer: A
Answer is A. Firewall does PBR and routing lookup in ingress stage before security
upvoted 1 times
...
Marshpillowz
1 year, 4 months ago
Selected Answer: A
I believe the answer is A
upvoted 1 times
...
JRKhan
1 year, 4 months ago
Selected Answer: A
I believe A is correct. Routing lookup happens during the session setup, at the egress stage it only refers to the lookup that was done during the session setup stage. For D, although NAT is applied before the security policy enforcement, the routing lookup is not done at the egress stage so OSPF after security policy enforcement wont be a correct sequence.
upvoted 1 times
...
Andromeda1800
1 year, 5 months ago
Selected Answer: A
I'm voting for A.
upvoted 2 times
...
Nawda
1 year, 8 months ago
Selected Answer: A
Routing happens before security's enforcement so not D B is wrong would be right if PBF is before BGP I believe it would be like this: NAT > PBF > FIB > security enforcement closest match is A
upvoted 2 times
...
news088
1 year, 9 months ago
I get this 2 weeks ago
upvoted 2 times
...
Betty2022
1 year, 10 months ago
Selected Answer: D
https://live.paloaltonetworks.com//t5/image/serverpage/image-id/12862i950F549C7D4E6309
upvoted 2 times
...
PaloSteve
1 year, 10 months ago
Agree with Takum. From that article(https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVHCA0): SECTION 2: INGRESS STAGE 2.1 PACKET PARSING 2.2 TUNNEL DECAPSULATION 2.3 IP DEFRAGMENTATION SECTION 3: FIREWALL SESSION LOOKUP 3.1. ZONE PROTECTION CHECKS 3.2. TCP STATE CHECK 3.3. FORWARDING SETUP 3.4. NAT POLICY LOOKUP <<<<<<<NAT 3.5. USER- ID 3.6. DOS PROTECTION POLICY LOOKUP 3.7. SECURITY POLICY LOOKUP <<<<<<<<<Security policy 3.8. SESSION ALLOCATION SECTION 4: FIREWALL SESSION FAST PATH SECURITY PROCESSING CAPTIVE PORTAL SECTION 5: APPLICATION IDENTIFICATION (APP - ID) SECTION 6: CONTENT INSPECTION SECTION 7: FORWARDING/EGRESS <<<<<<OSPF
upvoted 1 times
B_B_19
1 year, 9 months ago
Routing happens at 3.3, not section 7
upvoted 1 times
...
Nawda
1 year, 8 months ago
thats NAT lookup not applying NAT same for security its lookup also then applied later
upvoted 1 times
...
...
daytonadave2011
2 years, 2 months ago
Selected Answer: A
A. Remember the process of the flow is RNR - Routing, NAT, Rights (Security Policy).
upvoted 3 times
...
certprep2021
2 years, 2 months ago
Selected Answer: A
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRzCAK
upvoted 4 times
...
zemijan
2 years, 3 months ago
answer is A
upvoted 3 times
...
dogeatdog
2 years, 5 months ago
Selected Answer: A
This is the least wrong answer
upvoted 2 times
...
mz101
2 years, 6 months ago
Should be A. D should be incorrect, because NAT happens after security policy enforcement.
upvoted 1 times
...
TAKUM1y
2 years, 7 months ago
Selected Answer: D
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVHCA0
upvoted 3 times
...
secdaddy
2 years, 8 months ago
Based on the two references from DrNick0 and nose999 : A makes sense as PBF will overrule routing and security policy comes after forwarding (route) lookup B doesn't make sense as PBF comes before route lookup C doesn't make sense as zone protection comes before PBF D doesn't make sense as NAT comes after route lookup
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel