PCNSA · Question #330
PCNSA Question #330: Real Exam Question with Answer & Explanation
The correct answer is C: Universal. The default Security policy rule type on Palo Alto Networks firewalls is Universal. A Universal rule matches traffic both within the same zone (intrazone) and between different zones (interzone), making it the most broad rule type. In this scenario, the rule for DNS from LAN to D
Question
An administrator creates a new Security policy rule to allow DNS traffic from the LAN to the DMZ zones. The administrator does not change the rule type from its default value. What type of Security policy rule is created?
Options
- AIntrazone
- BInterzone
- CUniversal
- DTagged
Explanation
The default Security policy rule type on Palo Alto Networks firewalls is Universal. A Universal rule matches traffic both within the same zone (intrazone) and between different zones (interzone), making it the most broad rule type. In this scenario, the rule for DNS from LAN to DMZ would also work as a Universal rule because it matches interzone traffic - but the key point is that without changing the default, the type is always Universal, not Interzone or Intrazone. Universal rules apply to all matching traffic regardless of zone relationship.
Topics
Community Discussion
No community discussion yet for this question.