Palo Alto Networks Exam PCNSA Topic 3 Question 32 Discussion

Actual exam question for Palo Alto Networks's PCNSA exam

Question #: 32
Topic #: 3

The compliance officer requests that all evasive applications need to be blocked on all perimeter firewalls out to the internet The firewall is configured with two zones;

1. trust for internal networks

2. untrust to the internet

Based on the capabilities of the Palo Alto Networks NGFW, what are two ways to configure a security policy using App-ID to comply with this request? (Choose two )

ACreate a deny rule at the top of the policy from trust to untrust over any service and select evasive as the application

BCreate a deny rule at the top of the policy from trust to untrust with service application-default and select evasive as the application.

CCreate a deny rule at the top of the policy from trust to untrust over any service and add an application filter with the evasive characteristic.

DCreate a deny rule at the top of the policy from trust to untrust with service application-default and add an application filter with the evasive characteristic

Show Suggested Answer

Suggested Answer: D

by Lizbeth at Jul 31, 2022, 08:08 AM

Limited Time Offer

25%

Off

Get Premium PCNSA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!