Palo Alto Networks Network Security Generalist — Question 23

At a minimum, which action must be taken to ensure traffic coming from outside an organization to the DMZ can access the DMZ zone for a company using private IP address space?

Answer options

• A. Configure static NAT for all incoming traffic.
• B. Create NAT policies on post-NAT addresses for all traffic destined for DMZ.
• C. Configure NAT policies on the pre-NAT addresses and post-NAT zone.
• D. Create policies only for pre-NAT addresses and any destination zone.

Correct answer: C

Explanation

The correct answer is C because configuring NAT policies on both pre-NAT and post-NAT addresses is necessary to ensure that traffic can properly route to the DMZ. Option A is incorrect as static NAT alone does not address policy configurations. Option B only considers post-NAT addresses, which is insufficient, and option D neglects the need for policies on post-NAT addresses.