exam questions

Exam PCNSA All Questions

View all questions & answers for the PCNSA exam

Exam PCNSA topic 1 question 84 discussion

Actual exam question from Palo Alto Networks's PCNSA
Question #: 84
Topic #: 1
[All PCNSA Questions]

You must configure which firewall feature to enable a data-plane interface to submit DNS queries on behalf of the control plane?

  • A. virtual router
  • B. Admin Role profile
  • C. DNS proxy
  • D. service route
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
venom6
Highly Voted 3 years, 6 months ago
i think its D
upvoted 16 times
...
ramasamymuthiah
Highly Voted 3 years, 2 months ago
Correct answer is D
upvoted 7 times
...
Cro13
Most Recent 1 month ago
Selected Answer: D
D is correct PAN-OS 10 -> Device -> Setup -> Services -> Service Features -> Service Route Configuration
upvoted 1 times
...
kenyabolada
11 months, 1 week ago
Selected Answer: D
PAN-OS 10 -> Device -> Setup -> Services -> Service Features -> Service Route Configuration
upvoted 1 times
...
BeforeScope
1 year, 5 months ago
Selected Answer: D
By default, the firewall uses the management (MGT) interface to access external services, such as DNS servers, external authentication servers, Palo Alto Netw orks services such as soft ware, URL updates, licenses, and AutoFocus. An alternative to using the MGT interface is configuring a data port (a standard interface) to access these services. The path from the interface to th e service on a server is aservice route. [Palo Alto Networks]
upvoted 2 times
...
daytonadave2011
1 year, 5 months ago
Selected Answer: D
D. Service Route is the correct answer.
upvoted 1 times
...
DDisGR8
1 year, 10 months ago
Selected Answer: D
Refer to page 19 on PCNSA study guide April 2022
upvoted 2 times
...
p48m1
1 year, 10 months ago
Selected Answer: D
DNS resolution, and generally external reachability, is routed by default on the control plane (MGT interface). Service route feature allows to change the default routing behaviour by setting the data plane as the routing path.
upvoted 3 times
...
elbi05
1 year, 12 months ago
Selected Answer: C
A DNS Proxy on the firewall is configured to act as the DNS server for the hosts that reside on the tenant’s network connected to the firewall interface "In such a scenario, the firewall performs DNS resolution on its dataplane." Ref: https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/networking/dns/use-case-3-firewall-acts-as-dns-proxy-between-client-and-server
upvoted 2 times
drogadotcom
1 year, 2 months ago
That's correct for dataplane interfaces, control plane (or management plane). By default uses it's interface to process DNS queries, unless you configure Service Routes. Answer should be D
upvoted 1 times
...
...
javim
2 years ago
Selected Answer: D
D is the correct answer. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/networking/service-routes
upvoted 1 times
...
LordScorpius
2 years, 2 months ago
Selected Answer: D
service route is the actual name.
upvoted 1 times
...
zeebo340
2 years, 3 months ago
Selected Answer: D
The correct answer is D - Ref PCNSA Study guide 2022 - P44
upvoted 2 times
...
error_909
2 years, 3 months ago
Selected Answer: D
Answer D is Correct
upvoted 1 times
...
obxfaepjwjsiflnecy
2 years, 4 months ago
Selected Answer: D
The firewall uses the management (MGT) interface by default to access external services, such as DNS servers, external authentication servers, as well as various Palo Alto Networks services, including software, URL updates, licenses, external dynamic lists (EDLs), and AutoFocus. An alternative to using the MGT interface is to configure a data port (a regular interface) to access these services. The path from the interface to the service on a server is known as a service route. When configured as a DNS proxy, the firewall is an intermediary between DNS clients and servers; it acts as a DNS server itself by resolving queries from its DNS proxy cache. If it doesn’t find the domain name in its DNS proxy cache, the firewall searches for a match to the domain name among the entries in the specific DNS proxy object (on the interface on which the DNS query arrived). The firewall forwards the query to the appropriate DNS server based on the match results. If no match is found, the firewall uses default DNS servers.
upvoted 5 times
...
dawlims
2 years, 5 months ago
Selected Answer: C
The answer is C. DNS Proxy. https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/networking/dns/use-case-3-firewall-acts-as-dns-proxy-between-client-and-server.html
upvoted 4 times
elbi05
1 year, 12 months ago
C indeed. A DNS Proxy on the firewall is configured to act as the DNS server for the hosts that reside on the tenant’s network connected to the firewall interface "In such a scenario, the firewall performs DNS resolution on its dataplane."
upvoted 1 times
...
...
lessimos
2 years, 7 months ago
The answer is D Quoting https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/datasheets/education/pcnsa-study-guide-latest.pdf " Service routes are used so that the communication between the firewall and servers goes through the data ports on the data plane."
upvoted 4 times
...
Jeevanchalhai
2 years, 8 months ago
D is correct
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago