nerdexam
ExamsPCNSEQuestions#144
Palo_Alto_NetworksPalo_Alto_Networks

PCNSE · Question #144

PCNSE Question #144: Real Exam Question with Answer & Explanation

The correct answer is A: The ping will not be successful because there is no management profile attached to. The ping from VLAN 799 to 10.10.10.1 will fail because ethernet1/1.799 is configured with IP 10.10.10.1/24, meaning the customer is pinging the firewall's subinterface itself, and the management profile is not attached to this subinterface, thus not allowing ping.

Submitted by andreas_gr· Apr 18, 2026Deploy and Configure

Question

Ethernet1/1 has been configured with the following subinterfaces: The following security policy rule is applied: The Interface Management Profile permits the following: A customer is trying to ping 10.10.10.1 from VLAN 799 IP 10.10.10.2/24. What will be the result of this ping?

Options

  • AThe ping will not be successful because there is no management profile attached to
  • BThe ping will not successful because the management profile applied to ethernet1/1 allows ping.
  • CThe ping will not be successful because the security policy does not apply to VLAN 799.
  • DThe ping will not be successful because the virtual router is different from the other subinterfaces.
  • EThe ping will not successful because the security policy permits this traffic.

Explanation

The ping from VLAN 799 to 10.10.10.1 will fail because ethernet1/1.799 is configured with IP 10.10.10.1/24, meaning the customer is pinging the firewall's subinterface itself, and the management profile is not attached to this subinterface, thus not allowing ping.

Common mistakes.

  • B. The statement is contradictory; if the management profile allows ping and is applied to the correct interface, the ping should be successful.
  • C. The security policy is not relevant here for pinging the firewall's own interface; Interface Management Profiles control access to the firewall itself, not through-traffic subject to security policies.
  • D. All subinterfaces ethernet1/1.100, ethernet1/1.200, ethernet1/1.799 are in the "default" virtual router, so routing between them via the firewall is not the issue for a ping directly to the firewall's IP on one of those subinterfaces.
  • E. The security policy permits traffic through the firewall, but a ping to the firewall's interface is controlled by the Interface Management Profile, not the security policy.

Concept tested. Interface management profile and self-generated traffic

Reference. https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/network/configure-interface-management-profiles.html

Topics

#Interface Management Profile#Subinterfaces#Management Access#Security Zones

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PCNSE PracticeBrowse All PCNSE Questions