Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 467

A firewall engineer is configuring quality of service (QoS) policy for the IP address of a specific server in an effort to limit the bandwidth consumed by frequent downloads of large files from the internet.

Which combination of pre-NAT and/or post-NAT information should be used in the QoS rule?

Answer options

• A. Pre-NAT source IP address - Pre-NAT source zone
• B. Post-NAT source IP address - Pre-NAT source zone
• C. Pre-NAT source IP address - Post-NAT source zone
• D. Post-NAT source IP address - Post-NAT source zone

Correct answer: A

Explanation

The correct answer is A because using the Pre-NAT source IP address along with the Pre-NAT source zone allows the QoS policy to effectively identify and manage the traffic before any address translation occurs. The other options either reference post-NAT information, which would not accurately apply the QoS policy to the original traffic, or mix pre-NAT and post-NAT elements incorrectly.