Palo Alto Networks Certified Network Security Administrator (PCNSA) — Question 252

What does an administrator use to validate whether a session is matching an expected NAT policy?

Answer options

• A. system log
• B. test command
• C. threat log
• D. config audit

Correct answer: B

Explanation

The correct answer is B, as the test command is specifically designed to validate NAT policies and assess if a session conforms to those rules. The other options, such as system log, threat log, and config audit, do not provide a direct means of testing session matches against NAT policies.