ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 555 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 555
Topic #: 1
[All PCNSE Questions]

A firewall engineer creates a NAT rule to translate IP address 1.1.1.10 to 192.168.1.10. The engineer also plans to enable DNS rewrite so that the firewall rewrites the IPv4 address in a DNS response based on the original destination IP address and translated destination IP address configured for the rule. The engineer wants the firewall to rewrite a DNS response of 1.1.1.10 to 192.168.1.10.

What should the engineer do to complete the configuration?

  • A. Enable DNS rewrite under the destination address translation in the Translated Packet section of the NAT rule with the direction Forward.
  • B. Create a U-Turn NAT to translate the destination IP address 1.1.1.10 to 192.168.1.10 with the destination port equal to UDP/53.
  • C. Enable DNS rewrite under the destination address translation in the Translated Packet section of the NAT rule with the direction Reverse.
  • D. Create a U-Turn NAT to translate the destination IP address 192.168.1.10 to 1.1.1.10 with the destination port equal to UDP/53.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by pavtoor at Sept. 6, 2023, 12:57 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Marshpillowz
8 months, 3 weeks ago
Selected Answer: A
A is correct
upvoted 1 times
...
Andromeda1800
10 months, 2 weeks ago
Selected Answer: A
One more vote for A
upvoted 1 times
...
MHy2k
10 months, 2 weeks ago
A: forward—If the DNS response matches the Original Destination Address in the rule, translate the DNS response using the same translation the rule uses. For example, if the rule translates IP address 1.1.1.10 to 192.168.1.10, the firewall rewrites a DNS response of 1.1.1.10 to 192.168.1.10. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-networking-admin/nat/source-nat-and-destination-nat/destination-nat-dns-rewrite-use-cases
upvoted 2 times
...
homersimpson
10 months, 2 weeks ago
Selected Answer: A
Agree with dgonz and pavtoor.
upvoted 1 times
...
dorf05
10 months, 3 weeks ago
Selected Answer: C
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-networking-admin/nat/source-nat-and-destination-nat/destination-nat-dns-rewrite-use-cases/dest-nat-dns-rewrite-reverse-use#:~:text=The%20following%20use,DNS%20Rewrite.
upvoted 1 times
...
dgonz
1 year, 1 month ago
Selected Answer: A
forward—If the DNS response matches the Original Destination Address in the rule, translate the DNS response using the same translation the rule uses. For example, if the rule translates IP address 1.1.1.10 to 192.168.1.10, the firewall rewrites a DNS response of 1.1.1.10 to 192.168.1.10. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/networking/nat/source-nat-and-destination-nat/destination-nat-dns-rewrite-use-cases#id0d85db1b-05b9-4956-a467-f71d558263bb
upvoted 2 times
...
pavtoor
1 year, 1 month ago
A is correct. Tested in Lab
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago