Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 335

An engineer troubleshooting a VPN issue needs to manually initiate a VPN tunnel from the CLI.

Which CLI command can the engineer use?

Answer options

Correct answer: D

Explanation

The command 'test vpn ike-sa' is the correct option as it specifically initiates the Internet Key Exchange Security Association, which is necessary for establishing a VPN tunnel. The other commands do not serve the purpose of manually starting a VPN tunnel; they relate to different aspects of VPN functionality.