Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 90

The firewall determines if a packet is the first packet of a new session or if a packet is part of an existing session using which kind of match?

Answer options

• A. 6-tuple match: Source IP Address, Destination IP Address, Source Port, Destination Port, Protocol, and Source Security Zone
• B. 5-tuple match: Source IP Address, Destination IP Address, Source Port, Destination Port, Protocol
• C. 7-tuple match: Source IP Address, Destination IP Address, Source Port, Destination Port, Source User, URL Category, and Source Security Zone
• D. 9-tuple match: Source IP Address, Destination IP Address, Source Port, Destination Port, Source User, Source Security Zone, Destination Security Zone, Application, and URL Category

Correct answer: A

Explanation

The correct answer is A, which includes the Source Security Zone as part of the match criteria, allowing the firewall to accurately determine session initiation. Option B lacks the Source Security Zone, making it insufficient for this purpose. Options C and D include additional parameters that are not necessary for identifying session beginnings, making them incorrect as well.