PCNSE Question #520: Real Exam Question with Answer & Explanation

Question

Review the images. A firewall policy that permits web traffic includes the following: What is the result of traffic that matches the "Alert - Threats" Profile Match List?

Options

• AThe source address of SMTP traffic that matches a threat is automatically blocked as BadGuys
• BThe source address of traffic that matches a threat is automatically blocked as BadGuys for 180
• CThe source address of traffic that matches a threat is automatically tagged as BadGuys for 180
• DThe source address of SMTP traffic that matches a threat is automatically tagged as BadGuys for

Explanation

Security profile Match Lists with forwarding actions allow the firewall to automatically tag source IP addresses when traffic matches a threat signature. In this scenario, the 'Alert - Threats' Match List is configured to tag the source address with the dynamic tag 'BadGuys' for 180 seconds upon a threat match. The tag can then be referenced by a Dynamic Address Group to apply further policy. The key distinctions: the action is tagging (not direct blocking - the firewall registers the IP with a tag, which other policies may use to block), and it applies to any matching threat traffic, not exclusively SMTP. Answers A and D incorrectly restrict the scope to SMTP, and answer B incorrectly states the action is blocking rather than tagging.

No community discussion yet for this question.