nerdexam
Palo_Alto_Networks

PCCSE · Question #22

A security team is deploying Cloud Native Application Firewall (CNAF) on a containerized web application. The application is running an NGINX container. The container is listening on port 8080 and is

The correct answer is B. 8080. Prisma Cloud's CNAF (Cloud Native Application Firewall) operates at the container level by intercepting traffic before it reaches the application process inside the container. Therefore, the port that must be specified in the CNAF rule is the port the container itself is listenin

Container Security

Question

A security team is deploying Cloud Native Application Firewall (CNAF) on a containerized web application. The application is running an NGINX container. The container is listening on port 8080 and is mapped to host port 80. Which port should the team specify in the CNAF rule to protect the application?

Options

  • A80
  • B8080
  • C443
  • D8888

How the community answered

(22 responses)
  • A
    5% (1)
  • B
    91% (20)
  • C
    5% (1)

Explanation

Prisma Cloud's CNAF (Cloud Native Application Firewall) operates at the container level by intercepting traffic before it reaches the application process inside the container. Therefore, the port that must be specified in the CNAF rule is the port the container itself is listening on - port 8080 - not the host-mapped port (80). CNAF acts as an in-line proxy within the container's network namespace, so it must match the container's internal port. Specifying host port 80 (A) would be incorrect because CNAF does not inspect at the host port mapping layer. Ports 443 (C) and 8888 (D) are irrelevant to this scenario.

Topics

#CNAF#Container Networking#Port Mapping#Container Security

Community Discussion

No community discussion yet for this question.

Full PCCSE Practice