Examice

Exam PCNSE All QuestionsBrowse all questions from this exam

Question 25

A web server is hosted in the DMZ, and the server is configured to listen for incoming connections only on TCP port 8080. A Security policy rule allowing access from the Trust zone to the DMZ zone need to be configured to enable we browsing access to the server.

Which application and service need to be configured to allow only cleartext web-browsing traffic to thins server on tcp/8080?

application: web-browsing; service: application-default

application: web-browsing; service: service-https

application: ssl; service: any

application: web-browsing; service: (custom with destination TCP port 8080)

Correct Answer: D

To enable cleartext web-browsing access (HTTP) to a web server that listens on TCP port 8080, you need to configure the application as 'web-browsing' to match HTTP traffic. Since the server is listening on a non-standard port (8080), a custom service specifying the destination TCP port 8080 must be used. This ensures that traffic directed to TCP port 8080 is permitted while adhering to the security policy rule.

Discussion

nhemaOption: D

https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/app-id-features/app-default-strict.html Application default for web-browsing is port 80

eyelasers1

Also can be referenced based on web-browsing info from https://applipedia.paloaltonetworks.com/

ev333Option: D

D is correct

FS68Option: D

D is correct

aadachOption: D

only D

nguyendtv50Option: A

The correct answer is: Application: web-browsing Service: application-default Explanation: Since the server is listening on TCP port 8080, we need to use a custom service to specify this port. However, the question specifically asks for allowing only clear-text web-browsing traffic, which means HTTP traffic on port 8080. The 'web-browsing' application represents HTTP traffic, and the 'application-default' service includes TCP ports commonly used for HTTP traffic, including port 8080. Therefore, the correct configuration is to use the 'web-browsing' application and the 'application-default' service.

RamanJoshiOption: D

D is correct

lgkhanOption: D

D is correct!

GuigoOption: D

Answer is D for sure.

evdwOption: D

Correct answer: D

MarshpillowzOption: D

Correct answer is D

UFanatOption: D

need to create a rule with custom service for port 8080 and application web-browsing

ToddJOption: D

oops, B says https, so no, it is not correct

ToddJOption: B

B is correct, service-http has a setting of 80 and 8080

GeoGR2022

but the B question talks about service-https which has a setting of port 443/tcp

tururu1496Option: D

This depends on the Dst NAT configuration. Could be A, but is likely D

Jared28Option: D

D - Where I think this question is trying to mislead you is the *Services* object, not the web-browsing app, is tcp/80 and tcp/8080

rgbykkk

Can we not change the answers based upon the discussion?

YasserSaiedOption: D

D -- couldn't be anything else