Question 1mediummultiple choice
Read the full NAT/PAT explanation →PCNSA Securing Traffic • Complete Question Bank
Complete PCNSA Securing Traffic question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. admin@PA-5050> show running security-policy name from to source destination application service action ------------------------ ------- ------- -------------- ----------- ------------ --------- ------- 1 allow-web trust untrust 10.0.0.0/8 192.0.2.0/24 web-browsing http allow 2 block-malware trust untrust any any any any deny 3 allow-dns trust untrust any any dns udp/53 allow Total rules: 3
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Handles configuration and logging
Processes traffic and enforces policies
Manages routing and session setup
Aggregates logs from multiple firewalls
Refer to the exhibit. Exhibit: CLI output from 'show running security-policy' shows: ``` set rulebase security rules "Allow_Web" from untrust to dmz source any destination 10.1.1.0/24 application web-browsing,ssl service tcp/80, tcp/443 action allow log-end set rulebase security rules "Block_ALL" from any to any source any destination any application any service any action deny ```
Refer to the exhibit. Exhibit: Config snippet: ``` set shared application-tunnel time-to-live 30 set shared application-tunnel policy "Block_Tor" action deny set shared application-tunnel policy "Allow_SSH" action allow tunnel detection none ```
Refer to the exhibit. Exhibit: Output from 'show session id 12345': ``` session id 12345 application: ssl source: 192.168.1.10/20000 destination: 203.0.113.5/443 zone: inside -> outside rule: Allow_Outbound decrypted: yes decryption profile: Decrypt_Forward decrypted-policy: Decrypt_All ```
Refer to the exhibit. admin@PA-500> show running security-policy Rules: 1. name: allow-http-from-trust-to-untrust source: 10.0.0.0/8 destination: any application: http action: allow 2. name: deny-all-from-trust-to-untrust source: 10.0.0.0/8 destination: any application: any action: deny 3. name: allow-dns-from-trust-to-untrust source: 10.0.0.0/8 destination: any application: dns action: allow Note: There are no other security rules.
Refer to the exhibit. admin@PA-500> show running nat-policy Rules: 1. name: source-nat-1 source: 10.0.0.0/8 destination: any service: any source-translation: interface-ip-address (ethernet1/2) action: dynamic-ip-and-port 2. name: no-nat-for-servers source: 10.0.0.0/8 destination: 192.168.1.0/24 service: any action: no-nat
Refer to the exhibit. Log entry: Time: 2024-03-01 10:00:00 Source IP: 10.1.1.100 Destination IP: 203.0.113.50 Application: ssl Action: allow Session End Reason: tcp-rst-from-client Bytes Sent: 1024 Bytes Received: 10240 Context: The security policy allows all outbound traffic. The client is a web browser.
Refer to the exhibit.
security-policy {
rules {
rule1 {
name "Allow-Web";
source-zone "Trust";
destination-zone "Untrust";
source-address "10.0.0.0/24";
destination-address "any";
application "web-browsing";
service "tcp-80";
action "allow";
}
rule2 {
name "Block-All";
source-zone "any";
destination-zone "any";
application "any";
service "any";
action "deny";
}
}
}