Palo Alto Networks Certified Network Security Administrator (PCNSA) — Question 243

Which policy set should be used to ensure that a policy is applied just before the default security rules?

Answer options

• A. Shared post-rulebase
• B. Local firewall policy
• C. Parent device-group post-rulebase
• D. Child device-group post-rulebase

Correct answer: A

Explanation

The Shared post-rulebase is the correct choice because it allows for policies to be applied after the main rules but before the default security rules, ensuring they take precedence. The other options, like Local firewall policy and device-group post-rulebases, do not have the same effect on the order of rule application in relation to the default security rules.