PCNSE Leak Questions

Page: 21 / 21

Question 84

When a new firewall joins a high availability (HA) cluster, the cluster members will synchronize all existing sessions over which HA port?

Options:

HA1

HA3

HA2

HA4

Question 85

An administrator is troubleshooting application traffic that has a valid business use case, and observes the following decryption log message: "Received fatal alert UnknownCA from client."

How should the administrator remediate this issue?

Options:

Contact the site administrator with the expired certificate to request updates or renewal.

Enable certificate revocation checking to deny access to sites with revoked certificates. -"

Add the server's hostname to the SSL Decryption Exclusion List to allow traffic without decryption.

Check for expired certificates and take appropriate actions to block or allow access based on business needs.

Question 86

An administrator has two pairs of firewalls within the same subnet. Both pairs of firewalls have been configured to use High Availability mode with Active/Passive. The ARP tables for upstream routes display the same MAC address being shared for some of these firewalls.

What can be configured on one pair of firewalls to modify the MAC addresses so they are no longer in conflict?

Options:

Configure a floating IP between the firewall pairs.

Change the Group IDs in the High Availability settings to be different from the other firewall pair on the same subnet.

Change the interface type on the interfaces that have conflicting MAC addresses from L3 to VLAN.

On one pair of firewalls, run the CLI command: set network interface vlan arp.

Question 87

An engineer configures a specific service route in an environment with multiple virtual systems instead of using the inherited global service route configuration.

What type of service route can be used for this configuration?