Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choice to block the same URL then which choice would be the last to block access to the URL?
Answer should be D, and here is why:
The precedence is from the top down; First Match Wins: 1) Block list: Manually entered blocked URLs Objects - 2) Allow list: Manually entered allowed URLs Objects - 3) Custom URL Categories - 4) Cached Cached: URLs learned from External Dynamic Lists (EDLs) - 5) Pre-Defined Categories: PAN-DB or Brightcloud categories.
Check out the wording of the question:
"....and each could be used to block access to a specific URL.....which choice would be the last to block access to the URL?"
ALL options will block the URLs, it's asking here about the order of blocking, which will be first or last to block, it's not asking IF those options would block or not ;)
The answer is of course D
1- Block list
2- Allow list
3- Custom URL Cat.
4- EDLs
5- Downloaded PAN-DB Files
6- PAN-DB Cloud
When you configure a URL category directly in a security rule as match criteria, that will be analyzed before all security profiles, including URL-Filtering.
Within URL-Filtering, custom categories are analyzed first, then EDLs, then pre-defined categories. So the answer must be D.
B is correct answer.though the question is tricky but remember evaluation is done from top to bottom.custom url will be last after block and allow list .once the traffic matches the custom url ,it would not check others.
In earlier release versions, URL Filtering category overrides had priority enforcement ahead of custom URL categories. As part of the upgrade to PAN-OS 9.0, URL category overrides are converted to custom URL categories, and no longer receive priority enforcement over other custom URL categories. Instead of the action you defined for the category override in previous release versions, the new custom URL category is enforced by the security policy rule with the strictest URL Filtering profile action. From most strict to least strict, possible URL Filtering profile actions are: block, override, continue, alert, and allow.
Answer should be B, and here is why:
The precedence is from the top down; First Match Wins: 1) Block list: Manually entered blocked URLs Objects - 2) Allow list: Manually entered allowed URLs Objects - 3) Custom URL Categories - 4) Cached Cached: URLs learned from External Dynamic Lists (EDLs) - 5) Pre-Defined Categories: PAN-DB or Brightcloud categories.
If it matches all possible options then the last match would technically be the first match.
This cannot be C because it has to do with URL filtering and therefore would be part of a security profile not policy.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.PCNSA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
IxlJustinlxl
Highly Voted 4 years, 8 months agowebmanau
4 years, 3 months agoolexx
3 years, 4 months agoBTSeeYa
Most Recent 1 year, 1 month agobaccalacca
2 years, 5 months agoKirinKev
2 years, 7 months agoyinksho
2 years, 9 months agopiipo
3 years agomagicbr3
3 years, 1 month agoon2it
3 years, 1 month agoSandman77
3 years, 2 months agoLordScorpius
3 years, 4 months agoerror_909
3 years, 4 months agoerror_909
3 years, 4 months agoLuongchacha1
3 years, 5 months agosahilyakup
4 years, 1 month agoMicutzu
4 years, 3 months agodebabani
4 years, 5 months agoatifikhan
4 years, 7 months agoIxlJustinlxl
4 years, 8 months ago