Palo Alto Networks SSE Engineer — Question 35

An engineer configures a Security policy for traffic originating at branch locations in the Remote Networks configuration scope. After committing the configuration and reviewing the logs, the branch traffic is not matching the Security policy.
Which statement explains the branch traffic behavior?

Answer options

• A. The source address was configured with an address object including the branch location prefixes.
• B. The source zone was configured as “Trust.”
• C. The Security policy did not meet best practice standards and was automatically removed.
• D. The traffic is matching a Security policy in the Prisma Access configuration scope.

Correct answer: D

Explanation

The correct answer is D because the traffic from the branches is being processed under a different Security policy in the Prisma Access configuration scope. Option A is incorrect as it refers to the source address configuration, which does not directly relate to the observed traffic behavior. Option B is also wrong since the source zone configuration does not explain why the traffic is not matching the intended policy. Option C is inaccurate because there is no indication that the Security policy was removed due to not meeting best practices.