Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 282

A customer is replacing their legacy remote access VPN solution. The current solution is in place to secure only Internet egress for the connected clients. Prisma
Access has been selected to replace the current remote access VPN solution. During onboarding the following options and licenses were selected and enabled:
- Prisma Access for Remote Networks: 300Mbps
- Prisma Access for Mobile Users: 1500 Users
- Cortex Data Lake: 2TB
- Trusted Zones: trust
- Untrusted Zones: untrust
- Parent Device Group: shared
How can you configure Prisma Access to provide the same level of access as the current VPN solution?

Answer options

• A. Configure mobile users with trust-to-untrust Security policy rules to allow the desired traffic outbound to the Internet
• B. Configure remote networks with a service connection and trust-to-untrust Security policy rules to allow the desired traffic outbound to the Internet
• C. Configure remote networks with trust-to-trust Security policy rules to allow the desired traffic outbound to the Internet
• D. Configure mobile users with a service connection and trust-to-trust Security policy rules to allow the desired traffic outbound to the Internet

Correct answer: A

Explanation

The correct answer is A because configuring mobile users with trust-to-untrust Security policy rules allows them to send the required traffic to the Internet, mirroring the legacy VPN's behavior. Options B and D are incorrect as they involve configurations that are not applicable to mobile users. Option C is also wrong because it uses trust-to-trust rules, which do not facilitate outbound Internet access necessary for this scenario.