Palo Alto Networks Certified Network Security Administrator (PCNSA) — Question 128

An internal host needs to connect through the firewall using source NAT to servers of the internet.
Which policy is required to enable source NAT on the firewall?

Answer options

• A. NAT policy with internal zone and internet zone specified
• B. post-NAT policy with external source and any destination address
• C. NAT policy with no internal or internet zone selected
• D. pre-NAT policy with external source and any destination address

Correct answer: A

Explanation

The correct answer is A because a NAT policy must specify both the internal and internet zones to facilitate proper source NAT. Options B and D are incorrect as they refer to post-NAT and pre-NAT policies that do not meet the requirement for enabling source NAT. Option C is also incorrect because it does not define the necessary zones.