Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam PCNSE topic 1 question 42 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 42
Topic #: 1
[All PCNSE Questions]

An administrator wants multiple web servers in the DMZ to receive connections initiated from the internet. Traffic destined for 206.15.22.9 port 80/TCP needs to be forwarded to the server at 10.1.1.22
Based on the information shown in the image, which NAT rule will forward web-browsing traffic correctly?

A.

B.

C.

D.

Show Suggested Answer Hide Answer
Suggested Answer: C

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
UFanat
Highly Voted 1 year, 9 months ago
C is correct. You should distinguish questions for NAT and security rules (the only difference in destination zone - Internet for NAT rules and DMZ for policy rules)
upvoted 12 times
GheeHong
1 year, 8 months ago
Ya, C is correct.
upvoted 1 times
...
Pakawat
1 year, 8 months ago
Yes, it is C this is NAT rule not security rule.
upvoted 1 times
...
...
Kane002
Highly Voted 2 years, 4 months ago
C. NAT zones are just whatever interface traffic is going to. The source (the big cloud internet) is obviously internet, and the destination zone is the internet facing interface of the firewall, so the destination is also internet. It then is translated into an IP that the internal network can read.
upvoted 6 times
...
Marshpillowz
Most Recent 2 months ago
C is the correct answer
upvoted 1 times
...
Pallab_Kundu
1 year ago
Correct Answer is D
upvoted 2 times
DatITGuyTho1337
3 months, 1 week ago
No, correct answer is C. :)
upvoted 1 times
...
...
Jared28
2 years, 1 month ago
C - Based on live production use - Those thinking it is D, if it were not DNAT to a specific port (but all ports), this would be correct (dest zone of the device). However, since a dest svc is specified, it's only translating specific port(s), the destination zone would still be Internet.
upvoted 3 times
...
HB1989
2 years, 6 months ago
looks like its D, because the destination IP 10.1.1.22 is located in zone DMZ, traffic flow = internet (zone) > DMZ (zone)
upvoted 2 times
HB1989
2 years, 6 months ago
after some test, C is correct.
upvoted 3 times
...
...
evdw
2 years, 10 months ago
Correct answer : C
upvoted 1 times
...
frodo1791
2 years, 11 months ago
Correct answer is C.
upvoted 2 times
...
juli_AZ_900
2 years, 11 months ago
The answer is D
upvoted 2 times
vj77
2 years, 11 months ago
D is not correct since the NAT zone should be internet to internet; NOT DMZ
upvoted 2 times
...
foromi
2 years, 11 months ago
The answer is incorrect, because this is a NAT rule and cannot be the DMZ. The correct answer is C.
upvoted 5 times
...
juli_AZ_900
2 years, 11 months ago
The correct answer is C
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...