Examice

Exam PCNSE All QuestionsBrowse all questions from this exam

Question 476

A Security policy rule is configured with a Vulnerability Protection Profile and an action of “Deny”.

Which action will this configuration cause on the matched traffic?

It will cause the firewall to deny the matched sessions. Any configured Security Profiles have no effect if the Security policy rule action is set to “Deny”.

The configuration will allow the matched session unless a vulnerability signature is detected. The “Deny” action will supersede the per-severity defined actions defined in the associated Vulnerability Protection Profile.

It will cause the firewall to skip this Security policy rule. A warning will be displayed during a commit.

The Profile Settings section will be grayed out when the Action is set to “Deny”.

Correct Answer: A

When a Security policy rule is configured with an action of 'Deny', the firewall will deny the matched sessions immediately. Any configured Security Profiles, including Vulnerability Protection Profiles, have no effect if the Security policy rule action is set to 'Deny'.

Discussion

djedeenOption: A

A: If you want to block traffic from zone A to zone B and you have configured the security rule to block this traffic, lets say the first packet comes from zone A, we do a route lookup and find the destination zone to be zone B. You will then do a policy lookup and see that there is a policy match. But since the action is set to "deny", the packet is dropped immediately. Firewall will only inspect the traffic if the policy it matched has action set to "allow".

DenskyDenOption: A

I second the explanation of Djedeen.

MarshpillowzOption: A

A is correct

Knowledge33Option: A

answer is A