Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choice to block the same URL then which choice would be the last to block access to the URL?
Four configuration choices are listed, and each could be used to block access to a specific URL. If you configured each choice to block the same URL then which choice would be the last to block access to the URL?
To block access to a specific URL, the final method to block would be the PAN-DB URL category in a URL Filtering Profile. URL handling follows an order of precedence where pre-defined categories such as PAN-DB URL categories are evaluated last. Custom URL categories and external lists are checked before predefined database categories, making the PAN-DB the last to act.
Answer should be D, and here is why: The precedence is from the top down; First Match Wins: 1) Block list: Manually entered blocked URLs Objects - 2) Allow list: Manually entered allowed URLs Objects - 3) Custom URL Categories - 4) Cached Cached: URLs learned from External Dynamic Lists (EDLs) - 5) Pre-Defined Categories: PAN-DB or Brightcloud categories.
Option C could block as well but would be the FIRST thing to block.
Check out the wording of the question: "....and each could be used to block access to a specific URL.....which choice would be the last to block access to the URL?" ALL options will block the URLs, it's asking here about the order of blocking, which will be first or last to block, it's not asking IF those options would block or not ;) The answer is of course D 1- Block list 2- Allow list 3- Custom URL Cat. 4- EDLs 5- Downloaded PAN-DB Files 6- PAN-DB Cloud
In my oppinion the correct answer is D. See also question 59.
why not D? I think the correct answer should be D
The precedence is from the top down; First Match Wins: 1) Block list: Manually entered blocked URLs Objects 2) Allow list: Manually entered allowed URLs Objects - 3) Custom URL Categories - 4) Cached Cached: URLs learned from External Dynamic Lists (EDLs) - 5) Pre-Defined Categories: PAN-DB or Brightcloud categories.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClyTCAS The order in which the device checks for URL categories is as follows: Block list Allow list Custom categories Device cache BrightCloud downloaded database Cloud lookup (if enabled
I think D is the most accurate according to this topic https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClyTCAS
Answer cannot be C because Profiles can only block or deny if a policy allows it. Answer is D
PA-DB live is absolutely the last to block...
I think it is B
When you configure a URL category directly in a security rule as match criteria, that will be analyzed before all security profiles, including URL-Filtering. Within URL-Filtering, custom categories are analyzed first, then EDLs, then pre-defined categories. So the answer must be D.
B is correct answer.though the question is tricky but remember evaluation is done from top to bottom.custom url will be last after block and allow list .once the traffic matches the custom url ,it would not check others.
PAN-DB is last
This is D, beceause PAN-DB is the last that will block
answer is D
I would go with B.
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/pan-db-categorization.html#idba222a98-c4e2-43a7-b493-ce6c46fbd76c
D is incorrect answer, because the purpose is to block a specific url. I think A is correct answer.
In earlier release versions, URL Filtering category overrides had priority enforcement ahead of custom URL categories. As part of the upgrade to PAN-OS 9.0, URL category overrides are converted to custom URL categories, and no longer receive priority enforcement over other custom URL categories. Instead of the action you defined for the category override in previous release versions, the new custom URL category is enforced by the security policy rule with the strictest URL Filtering profile action. From most strict to least strict, possible URL Filtering profile actions are: block, override, continue, alert, and allow.