Palo Alto Networks Certified Network Security Administrator (PCNSA) — Question 89

An administrator would like to override the default deny action for a given application, and instead would like to block the traffic and send the ICMP code
`communication with the destination is administratively prohibited`.
Which security policy action causes this?

Answer options

• A. Drop
• B. Drop, send ICMP Unreachable
• C. Reset both
• D. Reset server

Correct answer: B

Explanation

The correct answer is B because the action 'Drop, send ICMP Unreachable' specifically blocks the traffic and sends the appropriate ICMP code to inform the sender of the issue. Option A simply drops the traffic without informing the sender, while options C and D reset the connection without sending an ICMP message.