ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSE All Questions

View all questions & answers for the PCNSE exam
Go to Exam

Exam PCNSE topic 1 question 42 discussion

Actual exam question from Palo Alto Networks's PCNSE
Question #: 42
Topic #: 1
[All PCNSE Questions]

An administrator wants multiple web servers in the DMZ to receive connections initiated from the internet. Traffic destined for 206.15.22.9 port 80/TCP needs to be forwarded to the server at 10.1.1.22
Based on the information shown in the image, which NAT rule will forward web-browsing traffic correctly?

A.

B.

C.

D.

Show Suggested Answer Hide Answer
Suggested Answer: C
by Gulty1986 at March 18, 2021, 2:23 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
UFanat
Highly Voted 2 years, 9 months ago
C is correct. You should distinguish questions for NAT and security rules (the only difference in destination zone - Internet for NAT rules and DMZ for policy rules)
upvoted 13 times
GheeHong
2 years, 9 months ago
Ya, C is correct.
upvoted 1 times
...
Pakawat
2 years, 8 months ago
Yes, it is C this is NAT rule not security rule.
upvoted 1 times
...
...
Kane002
Highly Voted 3 years, 4 months ago
C. NAT zones are just whatever interface traffic is going to. The source (the big cloud internet) is obviously internet, and the destination zone is the internet facing interface of the firewall, so the destination is also internet. It then is translated into an IP that the internal network can read.
upvoted 6 times
...
kabuelenain
Most Recent 1 month, 3 weeks ago
This is a question about NAT policies NOT security policies: So the PRE-NAT destination IP and Zone should be specified. Answer C is the correct answer.
upvoted 1 times
...
AKREM86
7 months ago
D is correct - Pre-NAT headers | Post NAT Destination Zone should be considered
upvoted 3 times
...
bing2021
9 months ago
C is correct, NAT rule interface is before translate, and there is another translate section
upvoted 1 times
...
Marshpillowz
1 year, 2 months ago
C is the correct answer
upvoted 1 times
...
Pallab_Kundu
2 years ago
Correct Answer is D
upvoted 3 times
DatITGuyTho1337
1 year, 3 months ago
No, correct answer is C. :)
upvoted 2 times
...
...
Jared28
3 years, 1 month ago
C - Based on live production use - Those thinking it is D, if it were not DNAT to a specific port (but all ports), this would be correct (dest zone of the device). However, since a dest svc is specified, it's only translating specific port(s), the destination zone would still be Internet.
upvoted 3 times
...
HB1989
3 years, 6 months ago
looks like its D, because the destination IP 10.1.1.22 is located in zone DMZ, traffic flow = internet (zone) > DMZ (zone)
upvoted 2 times
HB1989
3 years, 6 months ago
after some test, C is correct.
upvoted 3 times
...
...
evdw
3 years, 11 months ago
Correct answer : C
upvoted 1 times
...
frodo1791
3 years, 11 months ago
Correct answer is C.
upvoted 2 times
...
juli_AZ_900
3 years, 12 months ago
The answer is D
upvoted 2 times
vj77
3 years, 11 months ago
D is not correct since the NAT zone should be internet to internet; NOT DMZ
upvoted 2 times
...
foromi
3 years, 12 months ago
The answer is incorrect, because this is a NAT rule and cannot be the DMZ. The correct answer is C.
upvoted 5 times
...
juli_AZ_900
3 years, 11 months ago
The correct answer is C
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago