ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 25 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 25
Topic #: 1
[All PCNSE Questions]

A web server is hosted in the DMZ, and the server is configured to listen for incoming connections only on TCP port 8080. A Security policy rule allowing access from the Trust zone to the DMZ zone need to be configured to enable we browsing access to the server.
Which application and service need to be configured to allow only cleartext web-browsing traffic to thins server on tcp/8080?

  • A. application: web-browsing; service: application-default
  • B. application: web-browsing; service: service-https
  • C. application: ssl; service: any
  • D. application: web-browsing; service: (custom with destination TCP port 8080)
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by shetoshandasa at March 14, 2021, 8:46 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nhema
Highly Voted 3 years, 7 months ago
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-new-features/app-id-features/app-default-strict.html Application default for web-browsing is port 80
upvoted 8 times
eyelasers1
2 years, 8 months ago
Also can be referenced based on web-browsing info from https://applipedia.paloaltonetworks.com/
upvoted 1 times
...
...
Marshpillowz
Most Recent 9 months, 2 weeks ago
Selected Answer: D
Correct answer is D
upvoted 1 times
...
nguyendtv50
1 year, 5 months ago
The correct answer is: Application: web-browsing Service: application-default Explanation: Since the server is listening on TCP port 8080, we need to use a custom service to specify this port. However, the question specifically asks for allowing only clear-text web-browsing traffic, which means HTTP traffic on port 8080. The 'web-browsing' application represents HTTP traffic, and the 'application-default' service includes TCP ports commonly used for HTTP traffic, including port 8080. Therefore, the correct configuration is to use the 'web-browsing' application and the 'application-default' service.
upvoted 2 times
...
UFanat
2 years, 4 months ago
Selected Answer: D
need to create a rule with custom service for port 8080 and application web-browsing
upvoted 1 times
...
ToddJ
2 years, 6 months ago
oops, B says https, so no, it is not correct
upvoted 1 times
...
ToddJ
2 years, 6 months ago
B is correct, service-http has a setting of 80 and 8080
upvoted 1 times
GeoGR2022
2 years, 5 months ago
but the B question talks about service-https which has a setting of port 443/tcp
upvoted 1 times
...
...
tururu1496
2 years, 8 months ago
This depends on the Dst NAT configuration. Could be A, but is likely D
upvoted 1 times
...
ev333
2 years, 8 months ago
Selected Answer: D
D is correct
upvoted 4 times
...
Jared28
2 years, 8 months ago
D - Where I think this question is trying to mislead you is the *Services* object, not the web-browsing app, is tcp/80 and tcp/8080
upvoted 1 times
...
RamanJoshi
2 years, 9 months ago
Selected Answer: D
D is correct
upvoted 2 times
...
lgkhan
2 years, 11 months ago
D is correct!
upvoted 2 times
...
rgbykkk
3 years ago
Can we not change the answers based upon the discussion?
upvoted 1 times
...
FS68
3 years ago
D is correct
upvoted 3 times
...
Guigo
3 years, 2 months ago
Answer is D for sure.
upvoted 2 times
...
YasserSaied
3 years, 4 months ago
D -- couldn't be anything else
upvoted 1 times
...
evdw
3 years, 6 months ago
Correct answer: D
upvoted 2 times
...
aadach
3 years, 7 months ago
only D
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago