Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choice to block the same URL then which choice would be the last to block access to the URL?
Answer should be D, and here is why:
The precedence is from the top down; First Match Wins: 1) Block list: Manually entered blocked URLs Objects - 2) Allow list: Manually entered allowed URLs Objects - 3) Custom URL Categories - 4) Cached Cached: URLs learned from External Dynamic Lists (EDLs) - 5) Pre-Defined Categories: PAN-DB or Brightcloud categories.
Check out the wording of the question:
"....and each could be used to block access to a specific URL.....which choice would be the last to block access to the URL?"
ALL options will block the URLs, it's asking here about the order of blocking, which will be first or last to block, it's not asking IF those options would block or not ;)
The answer is of course D
1- Block list
2- Allow list
3- Custom URL Cat.
4- EDLs
5- Downloaded PAN-DB Files
6- PAN-DB Cloud
When you configure a URL category directly in a security rule as match criteria, that will be analyzed before all security profiles, including URL-Filtering.
Within URL-Filtering, custom categories are analyzed first, then EDLs, then pre-defined categories. So the answer must be D.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClyTCAS
The order in which the device checks for URL categories is as follows:
Block list
Allow list
Custom categories
Device cache
BrightCloud downloaded database
Cloud lookup (if enabled
B is correct answer.though the question is tricky but remember evaluation is done from top to bottom.custom url will be last after block and allow list .once the traffic matches the custom url ,it would not check others.
In earlier release versions, URL Filtering category overrides had priority enforcement ahead of custom URL categories. As part of the upgrade to PAN-OS 9.0, URL category overrides are converted to custom URL categories, and no longer receive priority enforcement over other custom URL categories. Instead of the action you defined for the category override in previous release versions, the new custom URL category is enforced by the security policy rule with the strictest URL Filtering profile action. From most strict to least strict, possible URL Filtering profile actions are: block, override, continue, alert, and allow.
This section is not available anymore. Please use the main Exam Page.PCNSA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
IxlJustinlxl
Highly Voted 4 years, 5 months agowebmanau
4 years agoolexx
3 years, 1 month agoBTSeeYa
Most Recent 10 months, 2 weeks agobaccalacca
2 years, 2 months ago[Removed]
2 years, 2 months agoKirinKev
2 years, 3 months agoyinksho
2 years, 5 months agopiipo
2 years, 9 months agomagicbr3
2 years, 10 months agoon2it
2 years, 10 months agoSandman77
2 years, 11 months agoLordScorpius
3 years, 1 month agoerror_909
3 years, 1 month agoerror_909
3 years, 1 month agoLuongchacha1
3 years, 2 months agosahilyakup
3 years, 10 months agoMicutzu
4 years agodebabani
4 years, 2 months agoatifikhan
4 years, 4 months ago