Palo Alto Networks NGFW Engineer — Question 72
An administrator is configuring a site-to-site IPSec VPN and assigns an IP address to the tunnel interface.
Which two abilities are enabled by this specific configuration step? (Choose two.)
Answer options
- A. Configuring tunnel monitoring to verify the liveliness of the connection.
- B. Firewall performing NAT traversal.
- C. Running a dynamic routing protocol like OSPF over the tunnel.
- D. Firewall encrypting and decrypting packet payloads.
Correct answer: A, C
Explanation
Assigning an IP address to the tunnel interface allows for tunnel monitoring, which checks the connection's status (option A), and enables the use of dynamic routing protocols like OSPF over the tunnel (option C). The other options, B and D, are not directly related to the assignment of an IP address to the tunnel interface.