Palo Alto Networks Exam PCNSE Topic 6 Question 76 Discussion

Actual exam question for Palo Alto Networks's Palo Alto Networks Certified Security Engineer PAN-OS 11.0 exam

Question #: 76
Topic #: 6

[All Palo Alto Networks Certified Security Engineer PAN-OS 11.0 Questions]

A firewall engineer creates a destination static NAT rule to allow traffic from the internet to a webserver hosted behind the edge firewall. The pre-NAT IP address of the server is 153.6 12.10, and the post-NAT IP address is 192.168.10.10. Refer to the routing and interfaces information below.

What should the NAT rule destination zone be set to?

ANone

BOutside

CDMZ

DInside

Show Suggested Answer

Suggested Answer: B

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-networking-admin/nat/nat-configuration-examples/destination-nat-exampleone-to-one-mapping

by Catarina at Oct 19, 2023, 06:47 AM

Limited Time Offer

25%

Off

Get Premium PCNSE Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Nidia

24 days ago

Yup, C) DMZ is the correct answer. I mean, it's not like we're going to put the webserver in the 'None' zone, right? That would just be silly.

upvoted 0 times

...

Jaleesa

25 days ago

Absolutely, the DMZ zone is the way to go here. That's the whole point of having a DMZ - to isolate public-facing servers like the webserver from the internal network.

upvoted 0 times

...

Mariko

26 days ago

I agree, the webserver is in the DMZ zone. So the NAT rule destination zone should be set to 'DMZ' to allow traffic from the internet to reach the webserver.

upvoted 0 times

...

Ernestine

27 days ago

Hmm, this is an interesting question. The pre-NAT IP address of the server is 153.6.12.10, and the post-NAT IP address is 192.168.10.10. Based on the routing and interfaces information provided, it looks like the webserver is hosted in the DMZ zone.

upvoted 0 times

...