Exam PCNSE topic 1 question 561 discussion

The question is stupid, but so are some of the answers here. MTU= max data inside a frame (layer 2 packet) size. MSS max TCP payload. MTU = MSS + 40 (IP header + TCP header). Setting a lower MTU would force a lower MSS. Decreasing MSS also lowers the MTU. Based on how vague B is I would go with C, but, in my book either can work and this question is just dumb the listed answers aren't correct. And for what is worth I'm pretty sure D might work as well

A: Irrelevant B: Ambiguous. e.g 1490 lower than 1500 but still more that 1400 C: Works D: Works, but not sure this is an interface setting. Question asked for interface setting.

This question was in my exam on July 23rd, 2024

The issue is with the return traffic; packets larger than the MTU might be dropped/fragmented in a way that causes problems. The appropriate action is to adjust the TCP MSS to ensure that packets are smaller than the MTU of the upstream router. This will prevent fragmentation issues and ensure that traffic flows smoothly. Why not B? Lowering the interface MTU affects all traffic, potentially causing unnecessary overhead for traffic that doesn't need to be fragmented. Adjusting the TCP MSS specifically addresses the size of TCP packets, which is typically the type of traffic experiencing the issue in such scenarios.

This is a bad question. But looking at the snippet. I think they want it to be MTU Lots of assumptions can be made about upstream routers. May be they all have lower MTU or some of them only.

C is the answer. It says that some upstream router has a low mtu, it does not say that the directly connected router does. Lowering the mtu would have the FW send ICMP need to fragment messages which might work but probably not.

C is correct

Such a wack question and any network guy would troubleshoot this easily if we had hands on the network and could see the messages. My issue with adjusting the MTU is that it doesn't state that we have control over the entire WAN. What happens if the next router in the path has the same problem? Ideally you want to fragment (D) or lower your MSS (C). https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-release-information/features-introduced-in-pan-os-9-1/networking-features#:~:text=Ignore%20DF%20(don't%20fragment)%20Bit&text=You%20can%20configure%20the%20firewall,when%20enabled%20through%20the%20CLI. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PN0gCAG Gonna go with C but could argue that D would possibly work as well if we had access to the client's command window :)

C is correct as per the link from pavtoor. If just MTU is lowered down on the firewall, the firewall will start dropping the packets since it cant fragment them. MSS will need to be lowered down to decrease the overall MTU size of the packets.

I don't like the wording of B, it says below 1500, well 1480 is below 1500 but would still not fix an MTU IP fragmentation issue as an example. It should say "lower the interface MTU value below 1400" for B to be correct.

MTU has to match just like in networking for routing/switching. At least from my experience.

It must be B as it’s the pipe that determines the data that can be put through. The tcp segment determines the buffers which is applicable only if the data is reachable.

Agree with pavtoor -> https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HAolCAG&lang=en_US%E2%80%A9

Option C is correct. Refer to https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PN0gCAG "Please note that even though adjusting the MSS value on the PA firewall solves the issue, the issue is not caused by the Firewall. The issue is caused by other hosts in the path that have lower MTU setting."