PCNSA Question #105: Real Exam Question with Answer & Explanation

The correct answer is B: Security Profile should be used only on allowed traffic.. Security policy rules control network traffic by either allowing or blocking it, and Security Profiles are subsequently attached to these rules to perform deeper threat inspection on the permitted traffic.

Submitted by fernanda_arg· Apr 18, 2026Securing Traffic

Question

Which three statements describe the operation of Security policy rules and Security Profiles? (Choose three.)

Options

ASecurity policy rules inspect but do not block traffic.
BSecurity Profile should be used only on allowed traffic.
CSecurity Profile are attached to security policy rules.
DSecurity Policy rules are attached to Security Profiles.
ESecurity Policy rules can block or allow traffic.

Explanation

Security policy rules control network traffic by either allowing or blocking it, and Security Profiles are subsequently attached to these rules to perform deeper threat inspection on the permitted traffic.

Common mistakes.

A. Security policy rules can indeed block traffic; they are not limited to inspection and allowing, as denying traffic is a primary security function to enforce access control.
D. This statement reverses the relationship; Security Profiles are applied to security policy rules to enhance their inspection capabilities, not the other way around.

Concept tested. Palo Alto Networks Security Policies and Profiles

Reference. https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/policy/security-policy-rules/security-policy-overview

Topics

#Security Policy#Security Profiles#Traffic Flow#Policy Action

Community Discussion

No community discussion yet for this question.

Full PCNSA Practice Browse All PCNSA Questions