Palo Alto Networks Certified Network Security Administrator (PCNSA) — Question 221

Users from the internal zone need to be allowed to Telnet into a server in the DMZ zone.
Complete the security policy to ensure only Telnet is allowed.
Security Policy: Source Zone: Internal to DMZ Zone __________services `Application defaults`, and action = Allow

Answer options

• A. Destination IP: 192.168.1.123/24
• B. Application = "Telnet"
• C. Log Forwarding
• D. USER-ID = "Allow users in Trusted"

Correct answer: B

Explanation

The correct answer is B because it specifies the application protocol that should be allowed, which is Telnet. The other options do not directly address the requirement of allowing only Telnet; option A specifies a destination IP but not the service, option C relates to logging and does not control access, and option D pertains to user identification rather than application-level permissions.