ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 345 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 345
Topic #: 1
[All PCNSE Questions]

A network engineer has discovered that asymmetric routing is causing a Palo Alto Networks firewall to drop traffic. The network architecture cannot be changed to correct this.
Which two actions can be taken on the firewall to allow the dropped traffic permanently? (Choose two.)

  • A. #set deviceconfig setting session tcp-reject-non-syn no
  • B. Navigate to Network > Zone Protection Click Add Select Packet Based Attack Protection > TCP/IP Drop Set "Reject Non-syn-TCP" to Global Set ג€Asymmetric Path" to Global
  • C. Navigate to Network > Zone Protection Click Add Select Packet Based Attack Protection > TCP/IP Drop Set "Reject Non-syn-TCP" to No Set "Asymmetric Path" to Bypass
  • D. > set session tcp-reject-non-syn no
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by scally at Sept. 10, 2022, 10:48 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
scally
Highly Voted 10 months, 1 week ago
Selected Answer: AC
A and C are the answers here. B can only be the answer if A is set. The question asks for two ways to accomplish this and A and C are those two ways. If B is set by itself, it will drop the connection as the default setting is to drop these.
upvoted 7 times
...
MalonJay
Most Recent 5 days, 17 hours ago
Selected Answer: AD
AD What if zone protection is not enabled. The question did not say whether zone protection has been enabled on the firewall.
upvoted 1 times
...
pkevinkou
2 months, 3 weeks ago
Selected Answer: AC
For B explaination: global - Use system wide setting that is assigned through the CLI (This is Default vaule) drop - Drop packets that contain an asymmetric path bypass - Bypass scanning on packets that contain an asymmetric path
upvoted 1 times
...
Carso2316
4 months, 3 weeks ago
Selected Answer: AB
AB are the correct answers: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClG2CAK
upvoted 1 times
Carso2316
4 months, 3 weeks ago
Sorry, I meant AC
upvoted 1 times
...
...
GohanF2
5 months ago
Interesting, I didn't know that we can modify these settings from the UI. I knew it from the CLI. good to know. Thanks everyone for participating in the comments.
upvoted 2 times
...
TAKUM1y
8 months, 2 weeks ago
Selected Answer: AC
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClG2CAK
upvoted 1 times
...
confusion
8 months, 2 weeks ago
Selected Answer: AC
In addition to direct comparison: TCP/IP Drop tab: Set "Reject Non-syn-TCP" to No Set "Asymmetric Path" to Bypass compares to this: # set deviceconfig setting tcp asymmetric-path bypass # set deviceconfig setting session tcp-reject-non-syn no but I do agree with scally as they ask for 2 ways, A+B=both (B needs A), whether A&C=either
upvoted 3 times
GohanF2
5 months ago
excellent answer !
upvoted 1 times
...
...
mysteryzjoker
9 months, 3 weeks ago
Selected Answer: AC
I agree A/C though interestingly the firewall will accept both CLI commands, dependent on prompt - for A needs to be in config mode
upvoted 1 times
confusion
8 months, 2 weeks ago
set session tcp-reject-non-syn no this one enables it until box gets reloaded (or config chagned).
upvoted 2 times
...
...
mizuno92
9 months, 3 weeks ago
Selected Answer: AC
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClG2CAK
upvoted 2 times
...
secdaddy
9 months, 3 weeks ago
I agree with scally URL to support A https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEwCAK URL to support C https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClG2CAK
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago