Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 429

An engineer is configuring a firewall with three interfaces:

• MGT connects to a switch with internet access.
• Ethernet1/1 connects to an edge router.
• Ethernet1/2 connects to a virtualization network.

The engineer needs to configure dynamic updates to use a dataplane interface for internet traffic.
What should be configured in Setup > Services > Service Route Configuration to allow this traffic?

Answer options

• A. Set DNS and Palo Alto Networks Services to use the MGT source interface.
• B. Set DNS and Palo Alto Networks Services to use the ethernet1/1 source interface.
• C. Set DNS and Palo Alto Networks Services to use the ethernet1/2 source interface.
• D. Set DDNS and Palo Alto Networks Services to use the MGT source interface.

Correct answer: B

Explanation

The correct answer is B because the ethernet1/1 interface is connected to the edge router, which is necessary for routing internet traffic. Options A and D incorrectly suggest using the MGT interface, which is not suitable for internet traffic, while option C suggests using ethernet1/2, which is connected to a virtualization network and not intended for direct internet access.