Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choice to block the same URL then which choice would be the last to block access to the URL?
Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choice to block the same URL then which choice would be the last to block access to the URL?
To block access to a specific URL, the final method to block would be the PAN-DB URL category in a URL Filtering Profile. URL handling follows an order of precedence where pre-defined categories such as PAN-DB URL categories are evaluated last. Custom URL categories and external lists are checked before predefined database categories, making the PAN-DB the last to act.
Answer should be D, and here is why: The precedence is from the top down; First Match Wins: 1) Block list: Manually entered blocked URLs Objects - 2) Allow list: Manually entered allowed URLs Objects - 3) Custom URL Categories - 4) Cached Cached: URLs learned from External Dynamic Lists (EDLs) - 5) Pre-Defined Categories: PAN-DB or Brightcloud categories.
Option C could block as well but would be the FIRST thing to block.
Check out the wording of the question: "....and each could be used to block access to a specific URL.....which choice would be the last to block access to the URL?" ALL options will block the URLs, it's asking here about the order of blocking, which will be first or last to block, it's not asking IF those options would block or not ;) The answer is of course D 1- Block list 2- Allow list 3- Custom URL Cat. 4- EDLs 5- Downloaded PAN-DB Files 6- PAN-DB Cloud
why not D? I think the correct answer should be D
In my oppinion the correct answer is D. See also question 59.
I think it is B
PA-DB live is absolutely the last to block...
Answer cannot be C because Profiles can only block or deny if a policy allows it. Answer is D
I think D is the most accurate according to this topic https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClyTCAS
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClyTCAS The order in which the device checks for URL categories is as follows: Block list Allow list Custom categories Device cache BrightCloud downloaded database Cloud lookup (if enabled
The precedence is from the top down; First Match Wins: 1) Block list: Manually entered blocked URLs Objects 2) Allow list: Manually entered allowed URLs Objects - 3) Custom URL Categories - 4) Cached Cached: URLs learned from External Dynamic Lists (EDLs) - 5) Pre-Defined Categories: PAN-DB or Brightcloud categories.
In earlier release versions, URL Filtering category overrides had priority enforcement ahead of custom URL categories. As part of the upgrade to PAN-OS 9.0, URL category overrides are converted to custom URL categories, and no longer receive priority enforcement over other custom URL categories. Instead of the action you defined for the category override in previous release versions, the new custom URL category is enforced by the security policy rule with the strictest URL Filtering profile action. From most strict to least strict, possible URL Filtering profile actions are: block, override, continue, alert, and allow.
D is incorrect answer, because the purpose is to block a specific url. I think A is correct answer.
I would go with B.
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/pan-db-categorization.html#idba222a98-c4e2-43a7-b493-ce6c46fbd76c
answer is D
This is D, beceause PAN-DB is the last that will block
PAN-DB is last
B is correct answer.though the question is tricky but remember evaluation is done from top to bottom.custom url will be last after block and allow list .once the traffic matches the custom url ,it would not check others.
When you configure a URL category directly in a security rule as match criteria, that will be analyzed before all security profiles, including URL-Filtering. Within URL-Filtering, custom categories are analyzed first, then EDLs, then pre-defined categories. So the answer must be D.