1. Home
  2. Discussions
  3. Paloalto Networks
  4. Palo Alto Certifications and Accreditations
  5. PCNSE Discussions
  6. PCNSE Exam Topic 3 Question 26 Discussion

Paloalto Networks Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0 PCNSE Question # 26 Topic 3 Discussion

 Paloalto Networks Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

Paloalto Networks Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 11.0 PCNSE Question # 26 Topic 3 Discussion

PCNSE Exam Topic 3 Question 26 Discussion:
Question #: 26
Topic #: 3

Refer to the diagram. Users at an internal system want to ssh to the SSH server. The server is configured to respond only to the ssh requests coming from IP 172.16.16.1.

In order to reach the SSH server only from the Trust zone, which Security rule and NAT rule must be configured on the firewall?
A.

NAT Rule:Source Zone: Trust -Source IP: Any -Destination Zone: Server -Destination IP: 172.16.15.10 -Source Translation: Static IP / 172.16.15.1Security Rule:Source Zone: Trust -Source IP: Any -Destination Zone: Trust -Destination IP: 172.16.15.10 -Application: ssh

B.

NAT Rule:Source Zone: Trust -Source IP: 192.168.15.0/24 -Destination Zone: Trust -Destination IP: 192.168.15.1 -Destination Translation: Static IP / 172.16.15.10Security Rule:Source Zone: Trust -Source IP: 192.168.15.0/24 -Destination Zone: Server -Destination IP: 172.16.15.10 -Application: ssh

C.

NAT Rule:Source Zone: Trust -Source IP: Any -Destination Zone: Trust -Destination IP: 192.168.15.1 -Destination Translation: Static IP /172.16.15.10Security Rule:Source Zone: Trust -Source IP: Any -Destination Zone: Server -Destination IP: 172.16.15.10 -Application: ssh

D.

NAT Rule:Source Zone: Trust -Source IP: Any -Destination Zone: Server -Destination IP: 172.16.15.10 -Source Translation: dynamic-ip-and-port / ethernet1/4Security Rule:Source Zone: Trust -Source IP: Any -Destination Zone: Server -Destination IP: 172.16.15.10 -Application: ssh

Get Premium PCNSE Questions
Actual exam question for Paloalto Networks PCNSE exam by Axel3836 at Aug 3, 2025, 12:00:00 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next