PCNSA · Question #42
PCNSA Question #42: Real Exam Question with Answer & Explanation
The correct answer is C: Add *.powerball.com to the allow list. To allow access to a specific lottery site without unblocking the entire gambling URL category, administrators can either add the site to an allow list or create a custom URL category for the site and permit that specific category.
Question
The PowerBall Lottery has reached a high payout amount and a company has decided to help employee morale by allowing employees to check the number, but doesn't want to unblock the gambling URL category. Which two methods will allow the employees to get to the PowerBall Lottery site without the company unlocking the gambling URL category? (Choose two.)
Options
- AAdd all the URLs from the gambling category except powerball.com to the block list and then set
- BManually remove powerball.com from the gambling URL category.
- CAdd *.powerball.com to the allow list
- DCreate a custom URL category called PowerBall and add *.powerball.com to the category and set
Explanation
To allow access to a specific lottery site without unblocking the entire gambling URL category, administrators can either add the site to an allow list or create a custom URL category for the site and permit that specific category.
Common mistakes.
- A. Adding all URLs from the gambling category except powerball.com to a block list is an impractical and unmanageable solution, as the gambling category contains numerous dynamic URLs that would be impossible to enumerate and maintain.
- B. Palo Alto Networks pre-defined URL categories are cloud-managed and cannot be manually modified or have specific URLs removed by administrators on the firewall.
Concept tested. Palo Alto URL filtering exceptions
Reference. https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/url-filtering/configure-url-filtering
Topics
Community Discussion
No community discussion yet for this question.