Palo Alto Networks Certified Network Security Administrator (PCNSA) — Question 66

An administrator would like to see the traffic that matches the interzone-default rule in the traffic logs.
What is the correct process to enable this logging?

Answer options

• A. Select the interzone-default rule and click Override; on the Actions tab, select Log at Session End and click OK.
• B. Select the interzone-default rule and edit the rule; on the Actions tab, select Log at Session End and click OK.
• C. Select the interzone-default rule and edit the rule; on the Actions tab, select Log at Session Start and click OK.
• D. This rule has traffic logging enabled by default; no further action is required.

Correct answer: A

Explanation

The correct answer is A because it specifies the proper method to override the existing settings and enable logging at session end for the interzone-default rule. Option B suggests editing the rule without the override, which may not enable logging as intended. Option C incorrectly suggests logging at session start, and option D is incorrect as logging is not enabled by default for this rule.