Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 286

An engineer needs to permit XML API access to a firewall for automation on a network segment that is routed through a Layer 3 subinterface on a Palo Alto
Networks firewall. However, this network segment cannot access the dedicated management interface due to the Security policy.
Without changing the existing access to the management interface, how can the engineer fulfill this request?

Answer options

• A. Specify the subinterface as a management interface in Setup > Device > Interfaces.
• B. Add the network segment's IP range to the Permitted IP Addresses list.
• C. Enable HTTPS in an Interface Management profile on the subinterface.
• D. Configure a service route for HTTP to use the subinterface.

Correct answer: C

Explanation

The correct answer is C because enabling HTTPS in an Interface Management profile on the subinterface allows XML API access without modifying management interface settings. Option A is incorrect as it would change the role of the subinterface, while option B does not address the need for XML API access specifically. Option D, configuring a service route for HTTP, does not provide the necessary management capabilities for XML API access.