Palo Alto Networks Network Security Analyst — Question 1

A company requires that all file transfers only over HTTP (tcp/80 and tcp/8080) to SaaS storage must be inspected for data exfiltration. Traffic to encrypted HTTPS SaaS storage cannot be inspected based on the company decryption restrictions.
When using a security profile group, which Security policy configuration meets this requirement?

Answer options

• A. One with data filtering to inspect all HTTP traffic on the web-browsing application using application-default for the service.
• B. One with URL filtering and file blocking to block all file uploads to the URL category online-storage-and-backup, then set the service to tcp/80 and tcp/8080.
• C. One with data filtering and the service set to tcp/80 and tcp/8080, then verify block threshold is set to "1" to stop exfiltration.
• D. One with data filtering and an application filter that matches "file-sharing" applications, then set the service to tcp/80 and tcp/8080.

Correct answer: A

Explanation

Option A is correct because it uses data filtering to inspect all HTTP traffic, which aligns with the requirement to monitor file transfers over specified ports. The other options either do not specifically address the need for inspecting all HTTP traffic (B and D) or do not focus on monitoring file transfers effectively (C).