Examice

Exam PCNSA All QuestionsBrowse all questions from this exam

Question 362

An administrator needs to create a Security policy rule that matches DNS traffic sourced from either the LAN or VPN zones, destined for the DMZ or Untrust zones.

The administrator does not want to match traffic where the source and destination zones are LAN, and also does not want to match traffic where the source and destination zones are VPN.

Which Security policy rule type should they use?

Interzone

Universal

Intrazone

Default

Correct Answer: A

The correct answer is Interzone. Since the administrator does not want to match traffic where the source and destination zones are the same (LAN to LAN or VPN to VPN), they need to focus on traffic between different zones. Interzone rules are designed to match traffic that traverses between different zones, which fits the requirement of matching traffic sourced from either the LAN or VPN zones and destined for DMZ or Untrust zones.

Discussion

perceptivityOption: A

https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/policy/security-policy/components-of-a-security-policy-rule

DlaEdu_ExOption: A

Interzone The administrator does not want to match traffic where the source and destination zones are LAN/VPN

cas23147Option: A

not want to match traffic where the source and destination zones are LAN

cjaceOption: A

A - Interzone

engwadawOption: A

in other words the admin doesn't want to match intrazone traffic it is clearly an interzone traffic as the universal means the whole thing. A is the correct answer.