A security administrator needs to create an address object for a single host with IP address 192.168.1.100. Which address type should the administrator choose?
IP Netmask with /32 (255.255.255.255) represents a single host.
Why this answer
For a single host with IP address 192.168.1.100, the IP Netmask type is correct because it allows you to define a host by specifying the IP address with a /32 netmask (255.255.255.255). This is the standard method in Palo Alto Networks firewalls to represent a single host, ensuring the device treats it as an exact match for traffic policy and security rules.
Exam trap
The trap here is that candidates familiar with Cisco ACLs might choose IP Wildcard Mask (Option C) because they associate wildcard masks with host matching, but Palo Alto Networks uses IP Netmask as the standard and more straightforward method for defining a single host.
How to eliminate wrong answers
Option A (FQDN) is wrong because it is used for domain names that resolve to one or more IP addresses via DNS, not for a static IP address. Option C (IP Wildcard Mask) is wrong because it uses a wildcard mask to match a range of IPs (like Cisco ACLs), but it is not the intended type for a single host in Palo Alto Networks; it would require a mask of 0.0.0.0 to match a single host, which is less intuitive and not the recommended approach. Option D (IP Range) is wrong because it defines a contiguous range of IP addresses (e.g., 192.168.1.100-192.168.1.110), which is unnecessary and less precise for a single host.