A Security policy rule is configured with a Vulnerability Protection Profile and an action of “Deny”.
Which action will this configuration cause on the matched traffic?
A.
It will cause the firewall to deny the matched sessions. Any configured Security Profiles have no effect if the Security policy rule action is set to “Deny”.
B.
The configuration will allow the matched session unless a vulnerability signature is detected. The “Deny” action will supersede the per-severity defined actions defined in the associated Vulnerability Protection Profile.
C.
It will cause the firewall to skip this Security policy rule. A warning will be displayed during a commit.
D.
The Profile Settings section will be grayed out when the Action is set to “Deny”.
A:
If you want to block traffic from zone A to zone B and you have configured the security rule to block this traffic, lets say the first packet comes from zone A, we do a route lookup and find the destination zone to be zone B. You will then do a policy lookup and see that there is a policy match. But since the action is set to "deny", the packet is dropped immediately. Firewall will only inspect the traffic if the policy it matched has action set to "allow".
This section is not available anymore. Please use the main Exam Page.PCNSE Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
djedeen
Highly Voted 2 years agoMarshpillowz
Most Recent 11 months, 2 weeks agoKnowledge33
1 year, 7 months agoDenskyDen
1 year, 11 months ago