Palo Alto Networks Certified Network Security Administrator (PCNSA) — Question 215

An administrator configured a Security policy rule where the matching condition includes a single application and the action is set to deny.

What deny action will the firewall perform?

Answer options

• A. Discard the session’s packets and send a TCP reset packet to let the client know the session has been terminated
• B. Drop the traffic silently
• C. Perform the default deny action as defined in the App-ID database for the application
• D. Send a TCP reset packet to the client- and server-side devices

Correct answer: C

Explanation

The correct answer is C because the firewall follows the default deny action outlined in the App-ID database for applications when a specific application is denied. Option A is incorrect as it describes a method of resetting a session, which is not the default for application denies. Option B does not provide feedback, while option D incorrectly suggests sending reset packets to both ends.