Prisma Certified Cloud Security Engineer (PCCSE) — Question 171

A security team is deploying Cloud Native Application Firewall (CNAF) on a containerized web application. The application is running an NGINX container. The container is listening on port 8080 and is mapped to host port 80.
Which port should the team specify in the CNAF rule to protect the application?

Answer options

• A. 443
• B. 80
• C. 8080
• D. 8888

Correct answer: C

Explanation

The correct answer is C, 8080, because that is the port on which the NGINX container is actually listening for traffic. Port 80 is the host port that maps to the container but does not directly protect the application. Ports 443 and 8888 are not relevant in this context.