PCNSE · Question #496
PCNSE Question #496: Real Exam Question with Answer & Explanation
The correct answer is D: Create the appropriate rules with a Block action and apply them at the top of the Security Pre-. In Panorama, Security rules within a Device Group are organized into Pre-rules, local device rules, and Post-rules. Pre-rules are pushed from Panorama and evaluated BEFORE any locally configured firewall rules, giving them the highest priority. Post-rules are pushed from Panorama
Question
An administrator is building Security rules within a device group to block traffic to and from malicious locations. How should those rules be configured to ensure that they are evaluated with a high priority?
Options
- ACreate the appropriate rules with a Block action and apply them at the top of the Default Rules
- BCreate the appropriate rules with a Block action and apply them at the top of the Security Post-
- CCreate the appropriate rules with a Block action and apply them at the top of the local firewall
- DCreate the appropriate rules with a Block action and apply them at the top of the Security Pre-
Explanation
In Panorama, Security rules within a Device Group are organized into Pre-rules, local device rules, and Post-rules. Pre-rules are pushed from Panorama and evaluated BEFORE any locally configured firewall rules, giving them the highest priority. Post-rules are pushed from Panorama but evaluated AFTER local rules. Default Rules sit at the very bottom as the last catch-all. To ensure that blocking rules targeting malicious locations are evaluated with the highest priority across all managed firewalls, they must be placed at the top of the Security Pre-rules in Panorama. This guarantees they are matched before any local or post-rules can allow the traffic.
Topics
Community Discussion
No community discussion yet for this question.