Palo Alto Networks Exam PCNSA Topic 4 Question 55 Discussion

Actual exam question for Palo Alto Networks's Palo Alto Networks Certified Network Security Administrator exam

Question #: 55
Topic #: 4

[All Palo Alto Networks Certified Network Security Administrator Questions]

If users from the Trusted zone need to allow traffic to an SFTP server in the DMZ zone, how should a Security policy with App-ID be configured?

AOption A

BOption B

COption C

DOption D

Show Suggested Answer

Suggested Answer: D

by Dorthy at Dec 24, 2023, 11:25 AM

Limited Time Offer

25%

Off

Get Premium PCNSA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Tiera

24 days ago

I agree, Option C might not be the most secure approach. Option B looks better, as it has more specific source and destination zones.

upvoted 0 times

Rolande

8 days ago

We should go with Option B then.

upvoted 0 times

...

Dorian

9 days ago

Absolutely, having specific zones defined is crucial for security.

upvoted 0 times

...

Erin

10 days ago

Option B looks like the most secure approach.

upvoted 0 times

...

Kati

11 days ago

I agree, Option B seems to provide more specific source and destination zones.

upvoted 0 times

...

Cyndy

12 days ago

I think Option B is the correct choice.

upvoted 0 times

...

Clay

25 days ago

Hmm, I was also leaning towards Option C, but I'm not sure about the 'Any' source and destination addresses. Shouldn't we be more specific with the zones?

upvoted 0 times

...

Carri

26 days ago

I think Option C looks promising. The policy allows traffic from the Trusted zone to the SFTP server in the DMZ zone, and it's using App-ID to identify the SFTP application.

upvoted 0 times

...

Avery

27 days ago

This question seems pretty tricky. We need to be careful in selecting the right option as it involves configuring a security policy with App-ID.

upvoted 0 times

...