Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam PCNSE topic 1 question 107 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 107
Topic #: 1
[All PCNSE Questions]

Which Zone Pair and Rule Type will allow a successful connection for a user on the Internet zone to a web server hosted on the DMZ zone? The web server is reachable using a Destination NAT policy in the Palo Alto Networks firewall.
A.

B.

C.

D.

Show Suggested Answer Hide Answer
Suggested Answer: B

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
kraut
Highly Voted 2 years, 11 months ago
B everything EXCEPT destination zone is pre-nat pre-nat dest ip, post-nat dest zone
upvoted 10 times
mtberdaan
2 years, 9 months ago
Yes answer will be B, but the zone is correct DMZ is the post-nat destination zone; the NAT rule will look like this: source zone: Internet destination zone: Internet destination IP: public IP destination translation: internal IP the SEC rule will look like this: source zone: Internet destination zone: DMZ (post-NAT) destination IP: Public IP (pre-NAT) Which will make the traffic interzone. Tip: interzone vs intrazone -- I think of internet (global) vs intranet (local)
upvoted 10 times
...
...
Marshpillowz
Most Recent 2 months ago
B is correct
upvoted 1 times
...
DenskyDen
1 year, 2 months ago
B. Pre Nat IP and Post NAT zone.
upvoted 3 times
...
TAKUM1y
1 year, 6 months ago
B →https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClomCAC
upvoted 3 times
...
GivemeMoney
2 years, 2 months ago
the only difference between B and D is - B has a rule type of: interzone or universal, and D only has a rule type of interzone. What's the difference?
upvoted 1 times
GivemeMoney
2 years, 2 months ago
found it: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClomCAC By default, all the traffic destined between two zones, regardless of being from the same zone or different zone, this applies the rule to all matching interzone and intrazone traffic in the specified source and destination zones.
upvoted 1 times
...
...
keto3812
3 years ago
Question is ambiguous. is it looking for NAT rule or Security Policy Rule?
upvoted 4 times
kraut
2 years, 11 months ago
It states that there is a NAT rule in place, so we're looking for the security policy.
upvoted 2 times
vj77
2 years, 11 months ago
it could also be interpreted as there is a NAT policy in place, what should it be?
upvoted 2 times
lildevil
9 months, 3 weeks ago
The question asks "allow a successful connection" NAT policies do not allow traffic, Sec policies do.
upvoted 2 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...