Palo Alto Networks Certified Network Security Administrator (PCNSA) — Question 402
An administrator needs to create a Security policy rule that matches DNS traffic within the LAN zone, and also needs to match DNS traffic within the DMZ zone.
The administrator does not want to allow traffic between the DMZ and LAN zones.
Which Security policy rule type should they use?
Answer options
- A. interzone
- B. intrazone
- C. default
- D. universal
Correct answer: B
Explanation
The correct answer is B, intrazone, as it allows for traffic matching within the same zone, which is necessary for the DNS traffic in both LAN and DMZ. The other options, such as interzone, would permit traffic between different zones, which contradicts the requirement to block DMZ to LAN traffic.