An engineer is configuring a GlobalProtect portal and wants to enable split tunneling. The requirement is to route DNS queries for "https://www.google.com/search?q=corp.internal.com" to the DNS servers assigned by the VPN, while allowing all other DNS queries to be resolved by the client's locally configured DNS. What is the effect of configuring this split DNS policy?
Correct Answer: A
Explanation:
Basic Concept: Split DNS lets GlobalProtect resolve selected domains through VPN DNS while leaving other names to local DNS. This improves performance without breaking internal name resolution. Why A is Correct: The policy selectively resolves listed corporate domains through the tunnel and leaves all other lookups local. Why B is Wrong: It blocks access to all domains that are not explicitly listed in the split tunnel configuration. relates to VPN configuration, but it does not address the specific PAN-OS requirement for selectors, tunnel interface functions, routing, or Security policy in this scenario. Why C is Wrong: It forces all applications to use the corporate DNS servers, regardless of the split tunnel settings for IP traffic. relates to VPN configuration, but it does not address the specific PAN-OS requirement for selectors, tunnel interface functions, routing, or Security policy in this scenario. Why D is Wrong: It creates a DNS proxy on the client endpoint that forwards all queries to the firewall for inspection. relates to VPN configuration, but it does not address the specific PAN-OS requirement for selectors, tunnel interface functions, routing, or Security policy in this scenario.
Question 2
By default, which type of traffic is configured by service route configuration to use the management
interface?
Correct Answer: D
Explanation:
By default, the Autonomous Digital Experience Manager (ADEM) traffic is configured to use the
management interface in a Palo Alto Networks firewall. The management interface is typically used
for management-related traffic, such as monitoring and logging, and it is configured to handle
ADEM-related traffic for the optimal performance of digital experience monitoring features.
This default configuration helps ensure that ADEM traffic does not interfere with regular traffic that
may traverse other interfaces, such as traffic from security zones or IPSec tunnels.
Question 3
An automation engineer is developing a Python script to standardize SD-WAN deployments across multiple customer tenants in Panorama. A key requirement is to programmatically create path quality profiles to monitor link performance based on latency, jitter, and packet loss. Which API call is required for this task?
Correct Answer: C
Explanation:
Basic Concept: SD-WAN path quality profiles measure latency, jitter, and packet loss. Panorama REST API endpoints support programmatic profile creation for managed deployments. Why C is Correct: The SDWanPathQualityProfiles REST object on Panorama is the correct API target for creating path quality profiles centrally. Why A is Wrong: XML API command with an xpath of config/devices/entry/vsys/entry/path-quality-profiles on Panorama is related to management or logging, but it does not provide the required Panorama operation, rule hierarchy behavior, or dual-log forwarding outcome. Why B is Wrong: XML API command with an xpath of sdwan/path-quality-profiles on a managed firewall is related to management or logging, but it does not provide the required Panorama operation, rule hierarchy behavior, or dual-log forwarding outcome. Why D is Wrong: POST request to the pathMonitoringProfiles object endpoint via the REST API on a managed firewall is related to management or logging, but it does not provide the required Panorama operation, rule hierarchy behavior, or dual-log forwarding outcome.
Demo Practice Mode
You are viewing only the questions marked as Demo.