Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 55

An administrator needs to upgrade an NGFW to the most current version of PAN-OSֲ® software. The following is occurring:
✑ Firewall has internet connectivity through e 1/1.
✑ Default security rules and security rules allowing all SSL and web-browsing traffic to and from any zone.
✑ Service route is configured, sourcing update traffic from e1/1.
✑ A communication error appears in the System logs when updates are performed.
✑ Download does not complete.
What must be configured to enable the firewall to download the current version of PAN-OS software?

Answer options

• A. Static route pointing application PaloAlto-updates to the update servers
• B. Security policy rule allowing PaloAlto-updates as the application
• C. Scheduler for timed downloads of PAN-OS software
• D. DNS settings for the firewall to use for resolution

Correct answer: D

Explanation

To enable the firewall to download the current version of PAN-OS software, proper DNS settings must be configured so that the firewall can resolve the update server addresses. The other options do not address the root cause of the communication error related to domain resolution, which prevents the firewall from connecting to the update servers.