Palo Alto Networks Exam PCNSA Topic 3 Question 54 Discussion

Actual exam question for Palo Alto Networks's PCNSA exam

Question #: 54
Topic #: 3

[All PCNSA Questions]

All users from the internal zone must be allowed only HTTP access to a server in the DMZ zone.

Complete the empty field in the Security policy using an application object to permit only this type of access.

Source Zone: Internal -

Destination Zone: DMZ Zone -

Application: __________

Service: application-default -

Action: allow

AApplication = 'any'

BApplication = 'web-browsing'

CApplication = 'ssl'

DApplication = 'http'

Show Suggested Answer

Suggested Answer: B

by Linn at Dec 10, 2023, 02:34 AM

Limited Time Offer

25%

Off

Get Premium PCNSA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Micaela

1 years ago

You know, this question reminds me of the time I accidentally allowed all traffic from the internal zone to the DMZ zone. Let's just say the network admin wasn't too happy with me that day. *chuckles*

upvoted 0 times

...

Mertie

1 years ago

I agree with Yaeko. Using "http" as the application object is more specific and matches the requirement of allowing only HTTP access. It's a cleaner solution than "web-browsing".

upvoted 0 times

Hana

1 years ago

D) Application = "http"

upvoted 0 times

...

Caprice

1 years ago

C) Application = "ssl"

upvoted 0 times

...

Rory

1 years ago

I agree with Yaeko. Using "http" as the application object is more specific and matches the requirement of allowing only HTTP access. It's a cleaner solution than "web-browsing".

upvoted 0 times

...

Ira

1 years ago

B) Application = "web-browsing"

upvoted 0 times

...

James

1 years ago

A) Application = "any"

upvoted 0 times

...

Yaeko

1 years ago

I'm not so sure about that. Web-browsing is a bit broad, isn't it? I think the better choice would be D) Application = "http". That way, we're explicitly allowing HTTP traffic, which is what the question is asking for.

upvoted 0 times

...

Caprice

1 years ago

Hmm, this question seems straightforward. We need to allow only HTTP access from the internal zone to the DMZ zone. I think the correct answer is B) Application = "web-browsing".

upvoted 0 times

...