nerdexam
ExamsNGFW-ENGINEERQuestions#74
Palo_Alto_NetworksPalo_Alto_Networks

NGFW-ENGINEER · Question #74

NGFW-ENGINEER Question #74: Real Exam Question with Answer & Explanation

The correct answer is A: Configuring tunnel monitoring to verify the liveliness of the connection.. Assigning an IP address to the tunnel interface allows the firewall to perform tunnel monitoring by sourcing and receiving keepalive traffic over the tunnel, and enables the use of dynamic routing protocols such as OSPF across the tunnel because the tunnel interface becomes a rou

Implement Site-to-Site VPNs

Question

An administrator is configuring a site-to-site IPSec VPN and assigns an IP address to the tunnel interface. Which two abilities are enabled by this specific configuration step? (Choose two.)

Options

  • AConfiguring tunnel monitoring to verify the liveliness of the connection.
  • BFirewall performing NAT traversal.
  • CRunning a dynamic routing protocol like OSPF over the tunnel.
  • DFirewall encrypting and decrypting packet payloads.

Explanation

Assigning an IP address to the tunnel interface allows the firewall to perform tunnel monitoring by sourcing and receiving keepalive traffic over the tunnel, and enables the use of dynamic routing protocols such as OSPF across the tunnel because the tunnel interface becomes a routable Layer 3 interface.

Topics

#IPSec VPN#Tunnel Interface#Dynamic Routing#VPN Monitoring

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full NGFW-ENGINEER PracticeBrowse All NGFW-ENGINEER Questions