Palo Alto Networks Certified Network Security Administrator (PCNSA) — Question 103

All users from the internal zone must be allowed only Telnet access to a server in the DMZ zone.
Complete the two empty fields in the Security policy rules that permits only this type of access.

Source Zone: Internal -

Destination Zone: DMZ Zone -
Application: _________?
Service: ____________?

Action: allow -
(Choose two.)

Answer options

• A. Service = ג€application-defaultג€
• B. Service = ג€service-telnetג€
• C. Application = ג€Telnetג€
• D. Application = ג€anyג€

Correct answer: A, C

Explanation

The correct answer includes 'Application = Telnet' to specify the required application and 'Service = application-default' to allow the default service associated with the application. The other options are incorrect as 'Service = service-telnet' is too specific and 'Application = any' would allow all applications, which does not meet the requirement.