PCNSA Question #175: Real Exam Question with Answer & Explanation

The correct answer is D: application filter. An Application Filter (D) is a dynamic object that automatically groups applications based on attributes such as risk level, category, subcategory, or technology. An administrator creates a filter matching risk level 'high' and uses it in a deny Security policy rule - as new high

Submitted by devops_kid· Apr 18, 2026Managing Objects

Question

Which object would an administrator create to block access to all high-risk applications?

Options

AHIP profile
BVulnerability Protection profile
Capplication group
Dapplication filter

Explanation

An Application Filter (D) is a dynamic object that automatically groups applications based on attributes such as risk level, category, subcategory, or technology. An administrator creates a filter matching risk level 'high' and uses it in a deny Security policy rule - as new high-risk applications are added to the App-ID database, they are automatically included without any manual update. An Application Group (C) is a static, manually maintained list of specific applications and would require constant updates. A HIP Profile (A) is for endpoint posture checking. A Vulnerability Protection profile (B) defends against exploits, not application access control.

Topics

#Application control#Application filter#Security policy objects#Application identification

Community Discussion

No community discussion yet for this question.

Full PCNSA Practice Browse All PCNSA Questions