Palo Alto Networks Certified Network Security Administrator (PCNSA) — Question 342

What does rule shadowing in Security policies do?

Answer options

• A. It shows rules with the same Source Zones and Destination Zones.
• B. It indicates that a broader rule matching the criteria is configured above a more specific rule.
• C. It indicates rules with App-ID that are not configured as port-based.
• D. It shows rules that are missing Security profile configurations.

Correct answer: B

Explanation

The correct answer, B, is accurate because rule shadowing refers to the presence of a broader rule above a more specific one, which can lead to the specific rule being overridden. The other options describe different aspects of rule configurations but do not pertain to the concept of shadowing within security policies.