Palo Alto Networks Certified Network Security Administrator (PCNSA) — Question 2
A company moved its old port-based firewall to a new Palo Alto Networks NGFW 60 days ago. Which utility should the company use to identify out-of-date or unused rules on the firewall?
Answer options
- A. Rule Usage Filter > No App Specified
- B. Rule Usage Filter >Hit Count > Unused in 30 days
- C. Rule Usage Filter > Unused Apps
- D. Rule Usage Filter > Hit Count > Unused in 90 days
Correct answer: D
Explanation
The correct answer is D because it specifically targets rules that have not been used in the last 90 days, providing a comprehensive view of potentially outdated rules. Options A, B, and C do not effectively identify rules that have been inactive for such a duration, with B only covering a shorter timeframe of 30 days.