Palo Alto Networks NGFW Engineer — Question 30

What is a result of enabling split tunneling in the GlobalProtect portal configuration with the “Both Network Traffic and DNS” option?

Answer options

• A. It specifies when the secondary DNS server is used for resolution to allow access to specific domains that are not managed by the VPN.
• B. It allows users to access internal resources when connected locally and external resources when connected remotely using the same FQDN.
• C. It allows devices on a local network to access blocked websites by changing which DNS server resolves certain domain names.
• D. It specifies which domains are resolved by the VPN-assigned DNS servers and which domains are resolved by the local DNS servers.

Correct answer: D

Explanation

The correct answer is D because enabling split tunneling with this option allows the configuration to dictate which domains are handled by the VPN's DNS servers versus the local DNS servers. Option A is incorrect as it relates to a secondary DNS server rather than split tunneling. Option B is misleading because it does not directly address DNS resolution. Option C incorrectly suggests that local devices can bypass restrictions solely by changing DNS servers.