PCCSE · Question #22
A security team is deploying Cloud Native Application Firewall (CNAF) on a containerized web application. The application is running an NGINX container. The container is listening on port 8080 and is
The correct answer is B. 8080. Prisma Cloud's CNAF (Cloud Native Application Firewall) operates at the container level by intercepting traffic before it reaches the application process inside the container. Therefore, the port that must be specified in the CNAF rule is the port the container itself is listenin
Question
A security team is deploying Cloud Native Application Firewall (CNAF) on a containerized web application. The application is running an NGINX container. The container is listening on port 8080 and is mapped to host port 80. Which port should the team specify in the CNAF rule to protect the application?
Options
- A80
- B8080
- C443
- D8888
How the community answered
(22 responses)- A5% (1)
- B91% (20)
- C5% (1)
Explanation
Prisma Cloud's CNAF (Cloud Native Application Firewall) operates at the container level by intercepting traffic before it reaches the application process inside the container. Therefore, the port that must be specified in the CNAF rule is the port the container itself is listening on - port 8080 - not the host-mapped port (80). CNAF acts as an in-line proxy within the container's network namespace, so it must match the container's internal port. Specifying host port 80 (A) would be incorrect because CNAF does not inspect at the host port mapping layer. Ports 443 (C) and 8888 (D) are irrelevant to this scenario.
Topics
Community Discussion
No community discussion yet for this question.