U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Palo Alto Networks NetSec-Analyst Exam - Topic 2 Question 3 Discussion

All users from the internal zone must be allowed only HTTP access to a server in the DMZ zone.Complete the empty field in the Security policy using an application object to permit only this type of access.Source Zone: Internal -Destination Zone: DMZ Zone -Application: __________Service: application-default -Action: allow
B) Application = 'web-browsing'
A) Application = 'any'
C) Application = 'ssl'
D) Application = 'http'

Palo Alto Networks NetSec-Analyst Exam - Topic 2 Question 3 Discussion

Actual exam question for Palo Alto Networks's NetSec-Analyst exam
Question #: 3
Topic #: 2
[All NetSec-Analyst Questions]

All users from the internal zone must be allowed only HTTP access to a server in the DMZ zone.

Complete the empty field in the Security policy using an application object to permit only this type of access.

Source Zone: Internal -

Destination Zone: DMZ Zone -

Application: __________

Service: application-default -

Action: allow

Show Suggested Answer Hide Answer
Suggested Answer: B

Contribute your Thoughts:

0/2000 characters
Jannette
2 months ago
Yeah, "http" is the best choice for security.
upvoted 0 times
...
Elenor
2 months ago
"any" is too broad. We need to restrict access.
upvoted 0 times
...
Katie
2 months ago
"ssl" is not right, we need plain HTTP.
upvoted 0 times
...
Adell
3 months ago
"web-browsing" could work too, but not specific enough.
upvoted 0 times
...
Argelia
3 months ago
Surprised this is even a question, isn't it obvious?
upvoted 0 times
...
Mollie
3 months ago
Definitely "http", that's the standard for web access.
upvoted 0 times
...
Ollie
3 months ago
Wait, why not allow "ssl"? Isn't that safer?
upvoted 0 times
...
Gerald
3 months ago
I think it should be "http" for sure.
upvoted 0 times
...
Ty
4 months ago
D is the answer, no doubt about it. Anything else would be like trying to put a square tire on a round car.
upvoted 0 times
...
Susana
4 months ago
D is the way to go. Anything else would be like trying to fit a square peg in a round hole.
upvoted 0 times
...
Dottie
4 months ago
I'm going with D. Can't go wrong with the direct HTTP application object. Anything else would be like trying to use a sledgehammer to crack a nut.
upvoted 0 times
...
Carin
4 months ago
D definitely looks like the right answer. Allowing "any" application would be too broad, and "ssl" or "web-browsing" wouldn't be specific enough.
upvoted 0 times
...
Kimberely
5 months ago
Hmm, I think the answer is D. HTTP access is the only type of access allowed, so "http" should be the correct application object.
upvoted 0 times
...
Margart
5 months ago
"ssl" doesn't seem right here, since that's for HTTPS, which we don't want. I guess it's between "http" and "web-browsing."
upvoted 0 times
...
Dominga
5 months ago
I remember practicing a similar question, and I think "http" was the right choice for allowing web access specifically.
upvoted 0 times
...
Alayna
5 months ago
I'm not entirely sure, but "web-browsing" sounds like it could work too, since it usually involves HTTP traffic.
upvoted 0 times
...
Malcom
5 months ago
I think the application should be "http" since we only want to allow HTTP access.
upvoted 0 times
...
Margery
6 months ago
I think I've got a good strategy for this. The key is to focus on the specific requirements stated in the question - HTTP access from the internal zone to the DMZ zone. That points me towards option D, "http", as the best choice.
upvoted 0 times
...
Dexter
6 months ago
I'm a little confused by this question. Does "application-default" mean I should just leave that field blank? Or should I choose one of the other options? I'm not entirely sure how to approach this.
upvoted 0 times
...
Kenneth
6 months ago
Option D has to be the right answer. The question clearly states that the users need HTTP access, so "http" is the most direct and accurate application object to use.
upvoted 0 times
...
Eva
6 months ago
Agreed, only HTTP access makes sense.
upvoted 0 times
...
Barrett
6 months ago
This is tricky. I think it should be "http".
upvoted 0 times
...
Danica
7 months ago
"web-browsing" seems too broad, right?
upvoted 0 times
...
Carissa
7 months ago
Hmm, I'm a bit unsure about this one. I'm not sure if "web-browsing" is the right choice since the question specifically mentions HTTP access. Maybe option D, "http", would be better?
upvoted 0 times
...
Phillip
7 months ago
I think I'll go with option B - "web-browsing". That seems like the most specific and appropriate application object to allow HTTP access.
upvoted 0 times
Christene
2 months ago
True, but we need to ensure all HTTP traffic is allowed.
upvoted 0 times
...
Veronique
2 months ago
But "web-browsing" is more specific for user access.
upvoted 0 times
...
Beth
2 months ago
I agree with Jacquelyne. "http" is the most relevant.
upvoted 0 times
...
Jacquelyne
6 months ago
I think option D - "http" is the best choice. It's straightforward.
upvoted 0 times
...
Vince
7 months ago
Let's stick with "http" to cover all bases.
upvoted 0 times
...
...

Save Cancel