Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 126

A web server is hosted in the DMZ, and the server is configured to listen for incoming connections only on TCP port 8080. A Security policy rule allowing access from the Trust zone to the DMZ zone need to be configured to enable we browsing access to the server.
Which application and service need to be configured to allow only cleartext web-browsing traffic to thins server on tcp/8080?

Answer options

• A. application: web-browsing; service: application-default
• B. application: web-browsing; service: service-https
• C. application: ssl; service: any
• D. application: web-browsing; service: (custom with destination TCP port 8080)

Correct answer: D

Explanation

The correct answer is D because it specifies the web-browsing application combined with a custom service that targets TCP port 8080, allowing cleartext traffic as required. Options A and B incorrectly use default services that do not specify the correct port, and option C allows SSL traffic, which does not meet the requirement for cleartext web browsing.