PCNSA Question #101: Real Exam Question with Answer & Explanation

The correct answer is D: east west. In a Zero Trust firewall deployment, "east-west" traffic, which refers to communication between internal systems, is protected, unlike in a traditional perimeter-only firewall deployment that primarily secures north-south traffic.

Submitted by omar99· Apr 18, 2026Securing Traffic

Question

Which data flow direction is protected in a zero trust firewall deployment that is not protected in a perimeter-only firewall deployment?

Options

Aoutbound
Bnorth south
Cinbound
Deast west

Explanation

In a Zero Trust firewall deployment, "east-west" traffic, which refers to communication between internal systems, is protected, unlike in a traditional perimeter-only firewall deployment that primarily secures north-south traffic.

Common mistakes.

A. Outbound traffic is protected by both perimeter and Zero Trust firewalls, as it crosses the network boundary.
B. North-south traffic is the primary focus of protection for traditional perimeter firewalls, so it's already protected in that model.
C. Inbound traffic is protected by both perimeter and Zero Trust firewalls, as it crosses the network boundary from external sources.

Concept tested. Zero Trust Architecture vs. Perimeter Security, Traffic Flow

Reference. https://docs.paloaltonetworks.com/zero-trust/what-is-zero-trust/zero-trust-architecture/zero-trust-principles

Topics

#Zero Trust#Firewall Deployment#Network Segmentation#East-West Traffic

Community Discussion

No community discussion yet for this question.

Full PCNSA Practice Browse All PCNSA Questions