Palo Alto Networks System Engineer – Strata — Question 67

What will a Palo Alto Networks next-generation firewall (NGFW) do when it is unable to retrieve a DNS verdict from the DNS cloud service in the configured lookup time?

Answer options

• A. block the query
• B. allow the request and all subsequent responses
• C. temporarily disable the DNS Security function
• D. discard the request and all subsequent responses

Correct answer: B

Explanation

The correct answer, B, is accurate because if the NGFW does not receive a DNS verdict in time, it allows the initial request and subsequent responses to continue. Options A, C, and D are incorrect as they suggest blocking or discarding the request, which does not align with the NGFW's operation under these circumstances.