Palo Alto Networks Certified Network Security Administrator (PCNSA) — Question 321
An administrator needs to create a Security policy rule that matches DNS traffic sourced from either the LAN or VPN zones, destined for the DMZ or Untrust zones.
The administrator does not want to match traffic where the source and destination zones are LAN, and also does not want to match traffic where the source and destination zones are VPN.
Which Security policy rule type should they use?
Answer options
- A. Interzone
- B. Universal
- C. Intrazone
- D. Default
Correct answer: A
Explanation
The correct answer is Interzone because it is designed to manage traffic between different zones, which aligns with the requirement to match DNS traffic from the LAN or VPN zones to the DMZ or Untrust zones. Intrazone would not be suitable as it only applies to traffic within the same zone, and Universal and Default do not specifically address the inter-zone requirements outlined in the question.