Palo_Alto_Networks
NETSEC-ANALYST · Question #215
NETSEC-ANALYST Question #215: Real Exam Question with Answer & Explanation
The correct answer is C. Create a deny rule at the top of the policy from trust to untrust over any service and add an D. Create a deny rule at the top of the policy from trust to untrust with service application-default and. See the full explanation below for the reasoning.
Question
The compliance officer requests that all evasive applications need to be blocked on all perimeter firewalls out to the internet. The firewall is configured with two zones: 1. trust for internal networks 2. untrust to the internet Based on the capabilities of the Palo Alto Networks NGFW, what are two ways to configure a security policy using App-ID to comply with this request? (Choose two )
Options
- ACreate a deny rule at the top of the policy from trust to untrust over any service and select
- BCreate a deny rule at the top of the policy from trust to untrust with service application-default and
- CCreate a deny rule at the top of the policy from trust to untrust over any service and add an
- DCreate a deny rule at the top of the policy from trust to untrust with service application-default and
Community Discussion
No community discussion yet for this question.