Palo Alto Networks Certified Network Security Administrator (PCNSA) — Question 138

An administrator would like to determine the default deny action for the application dns-over-https.
Which action would yield the information?

Answer options

• A. View the application details in beacon.paloaltonetworks.com
• B. Check the action for the Security policy matching that traffic
• C. Check the action for the decoder in the antivirus profile
• D. View the application details in Objects > Applications

Correct answer: D

Explanation

The correct answer is D because the application details in Objects > Applications provide comprehensive information about the default actions associated with applications. Option A does not directly provide the default deny action, option B refers to the Security policy which may not show the application's default behavior, and option C is related to antivirus profiles rather than application behavior.