Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 285

A network administrator configured a site-to-site VPN tunnel where the peer device will act as initiator. None of the peer addresses are known.
What can the administrator configure to establish the VPN connection?

Answer options

• A. Use the Dynamic IP address type.
• B. Enable Passive Mode.
• C. Set up certificate authentication.
• D. Configure the peer address as an FQDN.

Correct answer: A

Explanation

The correct answer is A because using the Dynamic IP address type allows the VPN to connect without knowing the peer's address in advance. Options B, C, and D do not address the requirement of handling unknown peer addresses effectively, as Passive Mode does not initiate connections, certificate authentication does not resolve address issues, and FQDN configuration requires a known hostname.