Palo Alto Networks Certified Network Security Administrator (PCNSA) — Question 396

Which Security policy match condition would an administrator use to block traffic from IP addresses on the Palo Alto Networks EDL of Known Malicious IP
Addresses list?

Answer options

• A. destination address
• B. source address
• C. destination zone
• D. source zone

Correct answer: B

Explanation

The correct answer is B, source address, because blocking traffic from known malicious IPs requires examining the source of the traffic. The other options, such as destination address and zones, do not specifically address the need to filter based on the origin of the traffic from those malicious IPs.