An administrator needs to validate that policies that will be deployed will match the appropriate rules in the device-group hierarchy.
Which tool can the administrator use to review the policy creation logic and verify that unwanted traffic is not allowed?
The correct tool to review the policy creation logic and verify that unwanted traffic is not allowed is 'Test Policy Match'. This tool allows administrators to simulate specific traffic conditions and determine which policy rules would be triggered. By doing so, it helps ensure that any newly created policies will function as intended before they are deployed, thereby preventing unwanted traffic from being allowed.
Common guys? "Which tool can the administrator use to review the policy creation logic and verify that unwanted traffic is not allowed?" which tool is used to review policy creation and also can verify that Unwanted traffic is not allowed? how on earth Test Policy will tell you what unwanted trafffic will be allowed? :/ I am going for A :)
pretty simple, you test policy with unwanted traffic and make sure it's denied how on earth is preview change going to help with that?
"validate that policies that will be deployed" - preview change "Which tool can the administrator use to review the policy creation logic and verify that unwanted traffic is not allowed?" - test policy match
Say check the logic Option D
D for me
Answer is A. Preview Changes asks the firewall to compare the configurations you selected in the Commit Scope to the running configuration. The answer is not Test Policy Match, which tests policy rules in your running configuration. Preview Changes is pre-commit, Test Policy Match is post-commit.
preview (before) commit and review ( after commit). and the question is " ..........administrator use to review the policy creation and verify that unwanted traffic is not allowed". this similar to question # 1
The correct option is D Test Policy Match
You test before adding the rule. Preview Changes only compares the candidate config with the running.
This is a poorly worded question, but the answer is D - test policy match. Goal here to use a tool to verify that you already have a “deny” rule . Test policy match check the current config for the unwanted traffic. There should be a deny or you need to add another rule. Test policy match source ( bad guy) destination (Crown Jewels) action = deny…..
An administrator needs to validate that policies that will be deployed will match the appropriate rules in the device-group hierarchy. If you add a policy to device groups for firewall 2 and 3, you can use Preview changes to ensure that that policy is not going to be applied to FW1 and allow unwanted traffic. Preview Changes will verify your "policy creation logic" - i.e. If I create a policy in this device group it will not be applied to these firewalls.
Answer D https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/policy/test-policy-rule-traffic-matches
"policies that will be deployed" means candidate configuration. and test policy match works on running configuration. so I'm going with A, which I think should be the "preview rule" feature which is on Panorama.
"policies that will be deployed" means candidate configuration. and test policy match works on running configuration. so I'm going with A, which I think should be the "preview rule" feature which is on Panorama.
A is correct. Question is about policies that havent been deployed yet. Test policy match the policies that have already been deployed.
The question doesn´t say "preview", it says "review". It could involve rules already deployed, som answer D. Answer A doesn't show if a specific traffic is allowed or not
Preview will only show the changes, which is not enough to determine if traffic will be allowed or denied. This is a collective result of all the rules old and new. I think D is the most acceptable answer for this poorly worded question.
Test policy match works after commiting the config, so you belowed up the network then you want to check it!!!
it asks for "which tool" not sure if the preview pane can be considered as a tool... so I choose D, which is a tool