Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 275

An administrator is building Security rules within a device group to block traffic to and from malicious locations. How should those rules be configured to ensure that they are evaluated with a high priority?

Answer options

• A. Create the appropriate rules with a Block action and apply them at the top of the local firewall Security rules
• B. Create the appropriate rules with a Block action and apply them at the top of the Security Pre-Rules
• C. Create the appropriate rules with a Block action and apply them at the top of the Security Post-Rules
• D. Create the appropriate rules with a Block action and apply them at the top of the Default Rules

Correct answer: B

Explanation

The correct answer is B because Security Pre-Rules are evaluated before other rules, ensuring that blocking actions occur as a priority. Options A, C, and D do not provide the same level of priority as Pre-Rules, potentially allowing unwanted traffic to pass before being blocked.